mirror of
https://github.com/systemd/systemd.git
synced 2024-12-22 17:35:35 +03:00
journalctl: improve hint about lack of access for --user-unit=...
When running journalctl --user-unit=foo as an unprivileged user we could get the usual hint: Hint: You are currently not seeing messages from the system and other users. Users in groups 'adm', 'systemd-journal', 'wheel' can see all messages. ... But with --user-unit our filter is: (((_UID=0 OR _UID=1000) AND OBJECT_SYSTEMD_USER_UNIT=foo.service) OR ((_UID=0 OR _UID=1000) AND COREDUMP_USER_UNIT=foo.service) OR (_UID=1000 AND USER_UNIT=foo.service) OR (_UID=1000 AND _SYSTEMD_USER_UNIT=foo.service)) so we would never see messages from other users. We could still see messages from the system. In fact, on my machine the only messages with OBJECT_SYSTEMD_USER_UNIT= are from the system: journalctl $(journalctl -F OBJECT_SYSTEMD_USER_UNIT|sed 's/.*/OBJECT_SYSTEMD_USER_UNIT=\0/') Thus, a more correct hint is that we cannot see messages from the system. Make it so. Fixes #7887.
This commit is contained in:
parent
2e10cc5649
commit
e79d0b59c8
@ -1040,7 +1040,7 @@ int main(int argc, char *argv[]) {
|
||||
}
|
||||
}
|
||||
|
||||
r = journal_access_check_and_warn(j, arg_quiet);
|
||||
r = journal_access_check_and_warn(j, arg_quiet, true);
|
||||
if (r < 0)
|
||||
goto end;
|
||||
|
||||
|
@ -972,8 +972,7 @@ static int parse_argv(int argc, char *argv[]) {
|
||||
return -EINVAL;
|
||||
}
|
||||
|
||||
if (!strv_isempty(arg_system_units) && (arg_journal_type == SD_JOURNAL_CURRENT_USER)) {
|
||||
|
||||
if (!strv_isempty(arg_system_units) && arg_journal_type == SD_JOURNAL_CURRENT_USER) {
|
||||
/* Specifying --user and --unit= at the same time makes no sense (as the former excludes the user
|
||||
* journal, but the latter excludes the system journal, thus resulting in empty output). Let's be nice
|
||||
* to users, and automatically turn --unit= into --user-unit= if combined with --user. */
|
||||
@ -2241,7 +2240,8 @@ int main(int argc, char *argv[]) {
|
||||
goto finish;
|
||||
}
|
||||
|
||||
r = journal_access_check_and_warn(j, arg_quiet);
|
||||
r = journal_access_check_and_warn(j, arg_quiet,
|
||||
!(arg_journal_type == SD_JOURNAL_CURRENT_USER || arg_user_units));
|
||||
if (r < 0)
|
||||
goto finish;
|
||||
|
||||
|
@ -28,7 +28,7 @@
|
||||
#include "strv.h"
|
||||
#include "user-util.h"
|
||||
|
||||
static int access_check_var_log_journal(sd_journal *j) {
|
||||
static int access_check_var_log_journal(sd_journal *j, bool want_other_users) {
|
||||
#if HAVE_ACL
|
||||
_cleanup_strv_free_ char **g = NULL;
|
||||
const char* dir;
|
||||
@ -81,22 +81,25 @@ static int access_check_var_log_journal(sd_journal *j) {
|
||||
if (!s)
|
||||
return log_oom();
|
||||
|
||||
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
|
||||
log_notice("Hint: You are currently not seeing messages from %s.\n"
|
||||
" Users in groups '%s' can see all messages.\n"
|
||||
" Pass -q to turn off this notice.", s);
|
||||
" Pass -q to turn off this notice.",
|
||||
want_other_users ? "other users and the system" : "the system",
|
||||
s);
|
||||
return 1;
|
||||
}
|
||||
#endif
|
||||
|
||||
/* If no ACLs were found, print a short version of the message. */
|
||||
log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
|
||||
log_notice("Hint: You are currently not seeing messages from %s.\n"
|
||||
" Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
|
||||
" turn off this notice.");
|
||||
" turn off this notice.",
|
||||
want_other_users ? "other users and the system" : "the system");
|
||||
|
||||
return 1;
|
||||
}
|
||||
|
||||
int journal_access_check_and_warn(sd_journal *j, bool quiet) {
|
||||
int journal_access_check_and_warn(sd_journal *j, bool quiet, bool want_other_users) {
|
||||
Iterator it;
|
||||
void *code;
|
||||
char *path;
|
||||
@ -113,7 +116,7 @@ int journal_access_check_and_warn(sd_journal *j, bool quiet) {
|
||||
|
||||
if (hashmap_contains(j->errors, INT_TO_PTR(-EACCES))) {
|
||||
if (!quiet)
|
||||
(void) access_check_var_log_journal(j);
|
||||
(void) access_check_var_log_journal(j, want_other_users);
|
||||
|
||||
if (ordered_hashmap_isempty(j->files))
|
||||
r = log_error_errno(EACCES, "No journal files were opened due to insufficient permissions.");
|
||||
|
@ -26,4 +26,4 @@
|
||||
|
||||
bool journal_field_valid(const char *p, size_t l, bool allow_protected);
|
||||
|
||||
int journal_access_check_and_warn(sd_journal *j, bool quiet);
|
||||
int journal_access_check_and_warn(sd_journal *j, bool quiet, bool want_other_users);
|
||||
|
Loading…
Reference in New Issue
Block a user