[systemd-devel] [RFC PATCH] journal: pass uid.gid in the stream header

Lennart Poettering lennart at poettering.net
Mon Jan 5 06:53:22 PST 2015


On Mon, 05.01.15 14:55, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:

> On Mon, Jan 05, 2015 at 02:12:45PM +0100, Lennart Poettering wrote:
> > On Thu, 01.01.15 04:40, Zbigniew Jędrzejewski-Szmek (zbyszek at in.waw.pl) wrote:
> > 
> > Sounds generally OK.
> > 
> > > A disadvantage of the solution implemented here, otoh, is that both
> > > systemd and journald must be restarted for it to take effect.
> > 
> > This is something I am concerned about. This will break updates, as
> > restarting journald is something we cannot really do without losing
> > stdout/stderr of most running services. This means restarting journald
> > doesn't really work, but then we couldn't reexec PID1 either on
> > updates... Grrr...
> I was thinking of adding a marker field ('--END-HEADER--' or similar)
> that would allow us to have a variable number of fields. journald would
> read fields until it finds the marker, and ignore fields before the marker.
> systemd would emit fields it wants to emit and at the end emit the marker.
> This would allow the addition of new fields that would be ignored by older
> journald instances.

I would really prefer if we could maybe fix the kernel instead, to
allow us to read all the creds race-freely from the connection,
instead of passing more and more bits over the connection as
payload. I mean, if the kernel would allow us reading the cgroup off
the connection, then we wouldn't have to send the service name
in-line, and so on.

There were patches, but nobody followed up with it so far, which is a
pity.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list