1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00

journalctl: improve hint about lack of access for --user-unit=...

When running journalctl --user-unit=foo as an unprivileged user we could get
the usual hint:
Hint: You are currently not seeing messages from the system and other users.
      Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages.
      ...
But with --user-unit our filter is:
(((_UID=0 OR _UID=1000) AND OBJECT_SYSTEMD_USER_UNIT=foo.service) OR
 ((_UID=0 OR _UID=1000) AND COREDUMP_USER_UNIT=foo.service) OR
 (_UID=1000 AND USER_UNIT=foo.service) OR
 (_UID=1000 AND _SYSTEMD_USER_UNIT=foo.service))
so we would never see messages from other users.

We could still see messages from the system. In fact, on my machine the
only messages with OBJECT_SYSTEMD_USER_UNIT= are from the system:
journalctl  $(journalctl -F OBJECT_SYSTEMD_USER_UNIT|sed 's/.*/OBJECT_SYSTEMD_USER_UNIT=\0/')

Thus, a more correct hint is that we cannot see messages from the system.
Make it so.

Fixes #7887.
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2018-02-19 22:40:26 +01:00 committed by Lennart Poettering
parent 2e10cc5649
commit e79d0b59c8
4 changed files with 15 additions and 12 deletions

View File

@ -1040,7 +1040,7 @@ int main(int argc, char *argv[]) {
}
}
r = journal_access_check_and_warn(j, arg_quiet);
r = journal_access_check_and_warn(j, arg_quiet, true);
if (r < 0)
goto end;

View File

@ -972,8 +972,7 @@ static int parse_argv(int argc, char *argv[]) {
return -EINVAL;
}
if (!strv_isempty(arg_system_units) && (arg_journal_type == SD_JOURNAL_CURRENT_USER)) {
if (!strv_isempty(arg_system_units) && arg_journal_type == SD_JOURNAL_CURRENT_USER) {
/* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
* journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
* to users, and automatically turn --unit= into --user-unit= if combined with --user. */
@ -2241,7 +2240,8 @@ int main(int argc, char *argv[]) {
goto finish;
}
r = journal_access_check_and_warn(j, arg_quiet);
r = journal_access_check_and_warn(j, arg_quiet,
!(arg_journal_type == SD_JOURNAL_CURRENT_USER || arg_user_units));
if (r < 0)
goto finish;

View File

@ -28,7 +28,7 @@
#include "strv.h"
#include "user-util.h"
static int access_check_var_log_journal(sd_journal *j) {
static int access_check_var_log_journal(sd_journal *j, bool want_other_users) {
#if HAVE_ACL
_cleanup_strv_free_ char **g = NULL;
const char* dir;
@ -81,22 +81,25 @@ static int access_check_var_log_journal(sd_journal *j) {
if (!s)
return log_oom();
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
log_notice("Hint: You are currently not seeing messages from %s.\n"
" Users in groups '%s' can see all messages.\n"
" Pass -q to turn off this notice.", s);
" Pass -q to turn off this notice.",
want_other_users ? "other users and the system" : "the system",
s);
return 1;
}
#endif
/* If no ACLs were found, print a short version of the message. */
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
log_notice("Hint: You are currently not seeing messages from %s.\n"
" Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
" turn off this notice.");
" turn off this notice.",
want_other_users ? "other users and the system" : "the system");
return 1;
}
int journal_access_check_and_warn(sd_journal *j, bool quiet) {
int journal_access_check_and_warn(sd_journal *j, bool quiet, bool want_other_users) {
Iterator it;
void *code;
char *path;
@ -113,7 +116,7 @@ int journal_access_check_and_warn(sd_journal *j, bool quiet) {
if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
if (!quiet)
(void) access_check_var_log_journal(j);
(void) access_check_var_log_journal(j, want_other_users);
if (ordered_hashmap_isempty(j->files))
r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");

View File

@ -26,4 +26,4 @@
bool journal_field_valid(const char *p, size_t l, bool allow_protected);
int journal_access_check_and_warn(sd_journal *j, bool quiet);
int journal_access_check_and_warn(sd_journal *j, bool quiet, bool want_other_users);