[systemd-devel] [RFC PATCH] journal: pass uid.gid in the stream header

Zbigniew Jędrzejewski-Szmek zbyszek at in.waw.pl
Mon Jan 5 05:55:11 PST 2015

On Mon, Jan 05, 2015 at 02:12:45PM +0100, Lennart Poettering wrote:
> On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> Sounds generally OK.
> > A disadvantage of the solution implemented here, otoh, is that both
> > systemd and journald must be restarted for it to take effect.
> This is something I am concerned about. This will break updates, as
> restarting journald is something we cannot really do without losing
> stdout/stderr of most running services. This means restarting journald
> doesn't really work, but then we couldn't reexec PID1 either on
> updates... Grrr...
I was thinking of adding a marker field ('--END-HEADER--' or similar)
that would allow us to have a variable number of fields. journald would
read fields until it finds the marker, and ignore fields before the marker.
systemd would emit fields it wants to emit and at the end emit the marker.
This would allow the addition of new fields that would be ignored by older
journald instances.

During the initial upgrade there would be tiny amount of pain. Newer
systemd with older journald would result in an extra fake message (the
header), older systemd with newer journald would result in some messages
being lost... So this change in protocol might be better delayed by
distributions until a major system upgrade.

But anyway, after we have something like this in place, we could
add additional fields without any pain.

> SO_PEERCRED apparently returns the euid/egid of the original
> process. The UNIX "saved" uid was invented precisely to allow
> temporarily lowering the euid and later on returning to it. Maybe
> that's what we should use here: if the uid to run something is is not
> root: drop to the final euid temporarily, making use of the save uid
> to return to root, then connecting to journald, and then returning
> back to the root euid for the rest of the way. ugly, but unix.
Yeah, that sounds like a better option. I'll remake the patch.


More information about the systemd-devel mailing list