[systemd-devel] location of user-1000.journal

Lennart Poettering lennart at poettering.net
Tue Mar 31 14:50:57 UTC 2020


On Do, 19.03.20 16:05, Chris Murphy (lists at colorremedies.com) wrote:

> Hi,
>
> I'm wondering if user journals are better being located in ~/.var by
> default? In particular in a systemd-homed context when ~/ is
> encrypted.

Unfortunately the entire system's log stream is coming primarily
through a single AF_UNIX socket, which is /dev/log. The back-end of
that is privileged (i.e. systemd-journald) since it deals with
privileged log messages primarily. if we'd implement what you are
asking for we'd have privileged code write to unpriv-owned directories
which is generally problematic for security reasons, because this
enables unpriv code to make privileged code do stuff in its own
territory. For example it could fuse mount something there, and then
make journald block on it and thus freeze the whole log stream. THis
is highly problematic.

Hence, this is far from easy to implement (i.e. it would require a
second component that runs unpriv and subscribes to the unpriv user's
log stream asynchronously, to avoid any such potential lockups), and I
am not sure it's worht the trouble? This is syslog after all, i.e. not
user facing stuff, hence probably fine if not in the user's home dir?

Lennart

--
Lennart Poettering, Berlin


More information about the systemd-devel mailing list