summaryrefslogtreecommitdiff
path: root/src/journal-remote
Commit message (Collapse)AuthorAgeFilesLines
...
* meson: fix indentationYu Watanabe2021-01-191-4/+3
|
* journal-remote: use hashmap_ensure_putSusant Sahani2021-01-171-4/+2
|
* Add install-sysconfdir=no-samples option for (non-)installation of sample ↵Josh Triplett2021-01-141-1/+1
| | | | | | | | | | | | | configs By default, systemd installs various sample configuration files containing commented-out defaults. Systems seeking to minimize the number of files in /etc may wish to install directories and configuration files that have semantic effects, but not install not commented-out sample configuration files. Turn install-sysconfdir into a multi-valued option, with a "no-samples" value to skip installing sample-only configuration files.
* fileio: teach read_full_file_full() to read from offset/with maximum sizeLennart Poettering2020-12-012-6/+22
|
* journal-remote: suffix cmdline option that expects arg with =Lennart Poettering2020-12-011-1/+1
|
* journal-remote: use READ_FULL_FILE_SECURE|READ_FULL_FILE_WARN_WORLD_READABLE ↵Lennart Poettering2020-12-012-2/+10
| | | | | | when reading PEM secret key It's secret data, hence use the appropriate flags.
* journal-remote: erase secret PEM key from memory after useLennart Poettering2020-12-012-2/+5
|
* meson: add option to skip installing to $sysconfdirJörg Thalheim2020-11-121-4/+8
| | | | | | | | | | | | | | | | | | | | | This is useful for development where overwriting files out side the configured prefix will affect the host as well as stateless systems such as NixOS that don't let packages install to /etc but handle configuration on their own. Alternative to https://github.com/systemd/systemd/pull/17501 tested with: $ mkdir inst build && cd build $ meson \ -Dcreate-log-dirs=false \ -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \ -Dsysvinit-path=$(realpath ../inst)/etc/init.d \ -Drootprefix=$(realpath ../inst) \ -Dinstall-sysconfdir=false \ --prefix=$(realpath ../inst) .. $ ninja install
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-0914-14/+14
|
* fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket ↵Lennart Poettering2020-11-032-6/+6
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | name This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of read_full_file_full() a bit: when used a sender socket name may be specified. If specified as NULL behaviour is as before: the client socket name is picked by the kernel. But if specified as non-NULL the client can pick a socket name to use when connecting. This is useful to communicate a minimal amount of metainformation from client to server, outside of the transport payload. Specifically, these beefs up the service credential logic to pass an abstract AF_UNIX socket name as client socket name when connecting via READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name and the eventual credential name. This allows servers implementing the trivial credential socket logic to distinguish clients: via a simple getpeername() it can be determined which unit is requesting a credential, and which credential specifically. Example: with this patch in place, in a unit file "waldo.service" a configuration line like the following: LoadCredential=foo:/run/quux/creds.sock will result in a connection to the AF_UNIX socket /run/quux/creds.sock, originating from an abstract namespace AF_UNIX socket: @$RANDOM/unit/waldo.service/foo (The $RANDOM is replaced by some randomized string. This is included in the socket name order to avoid namespace squatting issues: the abstract socket namespace is open to unprivileged users after all, and care needs to be taken not to use guessable names) The services listening on the /run/quux/creds.sock socket may thus easily retrieve the name of the unit the credential is requested for plus the credential name, via a simpler getpeername(), discarding the random preifx and the /unit/ string. This logic uses "/" as separator between the fields, since both unit names and credential names appear in the file system, and thus are designed to use "/" as outer separators. Given that it's a good safe choice to use as separators here, too avoid any conflicts. This is a minimal patch only: the new logic is used only for the unit file credential logic. For other places where we use READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this scheme too, but this should be done carefully in later patches, since the socket names become API that way, and we should determine the right amount of info to pass over.
* tree-wide: use the usual SPDX header for our own filesZbigniew Jędrzejewski-Szmek2020-10-291-0/+2
|
* Removing unused n_fields in journal-gatewaydSamuel BF2020-09-281-10/+0
|
* Rename strv_split_extract() to strv_split_full()Zbigniew Jędrzejewski-Szmek2020-09-091-1/+1
| | | | | Now that _full() is gone, we can rename _extract() to have the usual suffix we use for the more featureful version.
* tree-wide: use READ_FULL_FILE_CONNECT_SOCKET at various placesLennart Poettering2020-07-212-6/+6
| | | | | | | | | | | Let's use the new flag wherever we read key material/passphrases/hashes off disk, so that people can plug in their own IPC service as backend if they like, easily. (My main goal was actually to support this for crypttab key files — i.e. that you can specify AF_UNIX sockets as third column in crypttab — but that's harder to implement, since the keys are read via libcryptsetup's API, not ours.)
* various daemons: emit Stopping... notification before destructing the ↵Zbigniew Jędrzejewski-Szmek2020-07-022-2/+2
| | | | | | | | manager object This is mostly cosmetic, but let's reorder the destructors so that we do the final sd_notify() call before we run the destructor for the manager object.
* Fix build with µhttpd 0.9.71Zbigniew Jędrzejewski-Szmek2020-07-013-3/+9
| | | | The return type of callbacks was changed from int to an enum.
* log: introduce log_parse_environment_cli() and log_setup_cli()Filipe Brandenburger2020-06-242-2/+2
| | | | | | | | | | | | | | | | Presently, CLI utilities such as systemctl will check whether they have a tty attached or not to decide whether to parse /proc/cmdline or EFI variable SystemdOptions looking for systemd.log_* entries. But this check will be misleading if these tools are being launched by a daemon, such as a monitoring daemon or automation service that runs in background. Make log handling of CLI tools uniform by never checking /proc/cmdline or EFI variables to determine the logging level. Furthermore, introduce a new log_setup_cli() shortcut to set up common options used by most command-line utilities.
* conf-parser: return mtime in config_parse() and friendsLennart Poettering2020-06-022-9/+18
| | | | | | | | | | | | | This is a follow-up for 9f83091e3cceb646a66fa9df89de6d9a77c21d86. Instead of reading the mtime off the configuration files after reading, let's do so before reading, but with the fd we read the data from. This is not only cleaner (as it allows us to save one stat()), but also has the benefit that we'll detect changes that happen while we read the files. This also reworks unit file drop-ins to use the common code for determining drop-in mtime, instead of reading system clock for that.
* tree-wide: use DISABLE_WARNING_FORMAT_NONLITERAL where appropriateLennart Poettering2020-05-251-3/+2
|
* journalctl,elsewhere: make sure --file=foo fails with sane error msg if foo ↵Lennart Poettering2020-05-191-1/+1
| | | | | | | | | | | | | is not readable It annoyed me for quite a while that running "journalctl --file=…" on a file that is not readable failed with a "File not found" error instead of a permission error. Let's fix that. We make this work by using the GLOB_NOCHECK flag for glob() which means that files are not accessible will be returned in the array as they are instead of being filtered away. This then means that our later attemps to open the files will fail cleanly with a good error message.
* journal: fix dropping first record during upload to remote journalVladyslav Tronko2020-05-191-1/+1
|
* Support journal-upload HTTPS without key and certificateCiprian Hacman2020-04-161-6/+47
|
* Merge pull request #15290 from keszybz/unrelated-fixesAnita Zhang2020-04-031-1/+1
|\ | | | | Three unrelated minor tweaks
| * journal-remote: fix description of optionZbigniew Jędrzejewski-Szmek2020-03-311-1/+1
| | | | | | | | We use whatever compression is configured, most often not XZ.
* | *: use _cleanup_close_ with fdopen() where trivialVito Caputo2020-03-311-5/+3
|/ | | | Also convert these to use take_fdopen().
* journal: properly mark two definitions that are deprecated with GCC ↵Lennart Poettering2020-01-311-2/+6
| | | | attributes for that
* util-lib: move things that parse ifnames to shared/Zbigniew Jędrzejewski-Szmek2020-01-111-0/+1
| | | | | | | | | In subsequent commits, calls to if_nametoindex() will be replaced by a wrapper that falls back to alternative name resolution over netlink. netlink support requires libsystemd (for sd-netlink), and we don't want to add any functions that require netlink in basic/. So stuff that calls if_nametoindex() for user supplied interface names, and everything that depends on that, needs to be moved.
* tree-wide: use SD_ID128_STRING_MAX where appropriateLennart Poettering2019-12-101-1/+1
|
* tree-wide: normalize includes of public headersZbigniew Jędrzejewski-Szmek2019-11-281-0/+1
| | | | They are supposed to go into a sectinon of their own.
* tree-wide: drop stdio.h when stdio-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop socket.h when socket-util.h is includedYu Watanabe2019-11-041-1/+0
|
* tree-wide: drop string.h when string-util.h or friends are includedYu Watanabe2019-11-042-2/+0
|
* journal-remote: reduce scope of variableZbigniew Jędrzejewski-Szmek2019-10-211-1/+2
| | | | https://github.com/systemd/systemd/pull/11953/files#r264188513
* tree-wide: introduce strerror_safe()Yu Watanabe2019-07-051-2/+3
|
* meson: create /var/log/journal/{,remote/} conditionallyZbigniew Jędrzejewski-Szmek2019-07-041-5/+7
| | | | | | | | | | Not everybody has those dirs in the filesystem (and they don't need to). When creating an installation package using $DESTDIR, it is easy enough to remove or ignore those directories, but if installing into a real root, it is ugly to create and remove them. Let's add an option so people can skip it if they want. Inspired by #12930.
* Merge pull request #12903 from keszybz/condition-quotingYu Watanabe2019-06-301-1/+1
|\ | | | | Condition quoting
| * Rename EXTRACT_QUOTES to EXTRACT_UNQUOTEZbigniew Jędrzejewski-Szmek2019-06-281-1/+1
| | | | | | | | | | | | Whenever I see EXTRACT_QUOTES, I'm always confused whether it means to leave the quotes in or to take them out. Let's say "unquote", like we say "cunescape".
* | journal-import: extract helpers for handling arrays of iovec and make them ↵Franck Bui2019-06-271-1/+1
|/ | | | available for others
* fix(journal-gatewayd): use relative urls (not starting with '/')Markus Felten2019-06-181-4/+4
| | | | | if journal-gatewayd http is not mounted at '/' (proxy request) the request lose their initial path component
* Replace the legacy ULONG_LONG_MAX with the C99 ULLONG_MAXAdrian Bunk2019-05-171-2/+2
|
* Merge pull request #12420 from mrc0mmand/coccinelle-tweaksLennart Poettering2019-04-301-1/+1
|\ | | | | Coccinelle improvements
| * tree-wide: replace explicit NULL checks with their shorter variantsFrantisek Sumsal2019-04-281-1/+1
| | | | | | | | Done by coccinelle/equals-null.cocci
* | codespell: fix spelling errorsBen Boeckel2019-04-291-1/+1
|/
* tree-wide: port users over to use new ERRNO_IS_ACCEPT_AGAIN() callLennart Poettering2019-04-101-25/+31
|
* journal-remote: use source's boot-idChris Morin2019-04-023-3/+9
| | | | | | | | | | | | | systemd-journal-remote always wrote the boot-id of the device it was running on to the header of its journal files. When the source had a different boot-id (because it was generated on a different boot, or a different device), the boot-ids in the file were inconsistent. The _BOOT_ID field was that of the source, but the journal file header and each entry object header were that of the device systemd-journal-remote ran on. This breaks journalctl --list-boots on any of these files. Set the boot-id in the header to be that of the source. This also fixes the entry object headers.
* tree-wide: (void)ify a few unlink() and rmdir()Lennart Poettering2019-03-271-1/+1
| | | | | | Let's be helpful to static analyzers which care about whether we knowingly ignore return values. We do in these cases, since they are usually part of error paths.
* headers: remove unneeded includes from util.hZbigniew Jędrzejewski-Szmek2019-03-271-0/+2
| | | | | This means we need to include many more headers in various files that simply included util.h before, but it seems cleaner to do it this way.
* journal-remote: do not request Content-Length if Transfer-Encoding is chunkedYu Watanabe2019-03-111-14/+27
| | | | | | This fixes a bug introduced by 7fdb237f5473cb8fc2129e57e8a0039526dcb4fd. Closes #11571.
* Remove 'inline' attributes from static functions in .c files (#11426)Topi Miettinen2019-01-152-2/+2
| | | Let the compiler perform inlining (see #11397).
* journal-remote: set a limit on the number of fields in a messageZbigniew Jędrzejewski-Szmek2019-01-092-2/+8
| | | | | | | | | Existing use of E2BIG is replaced with ENOBUFS (entry too long), and E2BIG is reused for the new error condition (too many fields). This matches the change done for systemd-journald, hence forming the second part of the fix for CVE-2018-16865 (https://bugzilla.redhat.com/show_bug.cgi?id=1653861).
View Lorry Controller Status