diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-03-23 01:12:22 +0100 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-03-23 01:12:22 +0100 |
commit | 3ac251b81a41295a90c89c164f0d72ce6de651aa (patch) | |
tree | f928d8c5998f2bc23fb58b8db13900e79434c81b | |
parent | a5a5ade34c142c42e584aa19ee92de6d3e1994c3 (diff) | |
download | systemd-3ac251b81a41295a90c89c164f0d72ce6de651aa.tar.gz |
journalctl: various fixes to the access check logic
- Reword messages a bit
- Correct check whether EACCES is in the set of errors
- Don't complain if no journal files are found
- allocate Set object for errors lazily since in the best case we don't
need it at all.
- don't consider it an error if /run/log/journal doesn't exist (because
that's the usual case actually, if storage is enabled)
-rw-r--r-- | src/journal/journalctl.c | 42 | ||||
-rw-r--r-- | src/journal/sd-journal.c | 30 |
2 files changed, 41 insertions, 31 deletions
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 91dbde3ba1..0a82a1cf15 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -905,9 +905,9 @@ static int access_check_var_log_journal(sd_journal *j) { if (!have_access) { if (strv_isempty(g)) - log_notice("Hint: You are currently not seeing messages from other users and\n" - "the system. Users in the group 'systemd-journal' can see all messages.\n" - "Pass -q to turn this notice off."); + log_notice("Hint: You are currently not seeing messages from other users and the system.\n" + " Users in the 'systemd-journal' group can see all messages. Pass -q to\n" + " turn off this notice."); else { _cleanup_free_ char *s = NULL; @@ -923,8 +923,8 @@ static int access_check_var_log_journal(sd_journal *j) { return log_oom(); log_notice("Hint: You are currently not seeing messages from other users and the system.\n" - "Users in the groups '%s' can see all messages.\n" - "Pass -q to turn this notice off.", s); + " Users in the groups '%s' can see all messages.\n" + " Pass -q to turn off this notice.", s); } } @@ -933,29 +933,27 @@ static int access_check_var_log_journal(sd_journal *j) { #endif static int access_check(sd_journal *j) { - uint64_t eacces = EACCES, *code; Iterator it; + void *code; int r = 0; assert(j); - assert(j->errors); - assert(j->files); if (set_isempty(j->errors)) { if (hashmap_isempty(j->files)) - log_info("No journal files were found."); + log_notice("No journal files were found."); return 0; } - if (!set_contains(j->errors, &eacces)) { + if (set_contains(j->errors, INT_TO_PTR(-EACCES))) { #ifdef HAVE_ACL /* If /var/log/journal doesn't even exist, - unprivileged users have no access at all */ + * unprivileged users have no access at all */ if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("systemd-journal") <= 0) { - log_error("Unprivileged users can't see messages unless persistent log storage\n" - "is enabled. Users in the group 'systemd-journal' can always see messages."); + log_error("Unprivileged users cannot access messages, unless persistent log storage is\n" + "enabled. Users in the 'systemd-journal' group may always access messages."); return -EACCES; } @@ -967,26 +965,30 @@ static int access_check(sd_journal *j) { return r; } #else - if (geteuid() != 0 && in_group("systemd-journal") <= 0) - log_error("No access to messages.\n" - "Users in the group 'systemd-journal' can see messages."); + if (geteuid() != 0 && in_group("systemd-journal") <= 0) { + log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n" + "group may access messages."); + return -EACCES; + } #endif + if (hashmap_isempty(j->files)) { - log_error("No journal files were opened, due to insufficient permissions."); + log_error("No journal files were opened due to insufficient permissions."); r = -EACCES; } } SET_FOREACH(code, j->errors, it) { - int err = -PTR_TO_INT(code); + int err; + + err = -PTR_TO_INT(code); assert(err > 0); + if (err != EACCES) log_warning("Error was encountered while opening journal files: %s", strerror(err)); } - log_notice("Hint: run journalctl in debug mode: SYSTEMD_LOG_LEVEL=debug journalct ..."); - return r; } diff --git a/src/journal/sd-journal.c b/src/journal/sd-journal.c index c62ad811dc..f7f1777fef 100644 --- a/src/journal/sd-journal.c +++ b/src/journal/sd-journal.c @@ -51,11 +51,17 @@ /* We return an error here only if we didn't manage to memorize the real error. */ -static int set_put_error(Set* errors, int r) { +static int set_put_error(sd_journal *j, int r) { + int k; + if (r >= 0) return r; - return set_put(errors, INT_TO_PTR(r)); + k = set_ensure_allocated(&j->errors, trivial_hash_func, trivial_compare_func); + if (k < 0) + return k; + + return set_put(j->errors, INT_TO_PTR(r)); } static void detach_location(sd_journal *j) { @@ -1248,7 +1254,7 @@ static int add_file(sd_journal *j, const char *prefix, const char *filename) { if (hashmap_size(j->files) >= JOURNAL_FILES_MAX) { log_debug("Too many open journal files, not adding %s, ignoring.", path); - return set_put_error(j->errors, -ETOOMANYREFS); + return set_put_error(j, -ETOOMANYREFS); } r = journal_file_open(path, O_RDONLY, 0, false, false, NULL, j->mmap, NULL, &f); @@ -1392,7 +1398,7 @@ static int add_directory(sd_journal *j, const char *prefix, const char *dirname) if (r < 0) { log_debug("Failed to add file %s/%s: %s", m->path, de->d_name, strerror(-r)); - r = set_put_error(j->errors, r); + r = set_put_error(j, r); if (r < 0) return r; } @@ -1471,7 +1477,7 @@ static int add_root_directory(sd_journal *j, const char *p) { if (r < 0) { log_debug("Failed to add file %s/%s: %s", m->path, de->d_name, strerror(-r)); - r = set_put_error(j->errors, r); + r = set_put_error(j, r); if (r < 0) return r; } @@ -1526,8 +1532,11 @@ static int add_search_paths(sd_journal *j) { NULSTR_FOREACH(p, search_paths) { r = add_root_directory(j, p); - if (r < 0) - return set_put_error(j->errors, r); + if (r < 0 && r != -ENOENT) { + r = set_put_error(j, r); + if (r < 0) + return r; + } } return 0; @@ -1571,8 +1580,7 @@ static sd_journal *journal_new(int flags, const char *path) { j->files = hashmap_new(string_hash_func, string_compare_func); j->directories_by_path = hashmap_new(string_hash_func, string_compare_func); j->mmap = mmap_cache_new(); - j->errors = set_new(trivial_hash_func, trivial_compare_func); - if (!j->files || !j->directories_by_path || !j->mmap || !j->errors) + if (!j->files || !j->directories_by_path || !j->mmap) goto fail; return j; @@ -1630,7 +1638,7 @@ _public_ int sd_journal_open_directory(sd_journal **ret, const char *path, int f r = add_root_directory(j, path); if (r < 0) { - set_put_error(j->errors, r); + set_put_error(j, r); goto fail; } @@ -1996,7 +2004,7 @@ static void process_inotify_event(sd_journal *j, struct inotify_event *e) { if (r < 0) { log_debug("Failed to add file %s/%s: %s", d->path, e->name, strerror(-r)); - set_put_error(j->errors, r); + set_put_error(j, r); } } else if (e->mask & (IN_DELETE|IN_MOVED_FROM|IN_UNMOUNT)) { |