summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Seiler <christian@iwakd.de>2015-01-13 11:53:25 +0100
committerMartin Pitt <martin.pitt@ubuntu.com>2015-01-21 12:36:58 +0100
commitccf23ad5faf228d450d263d7291156a948b61af2 (patch)
tree1b89e0503ce1ae597b330471bba3ae12f899d8a5
parente37b56c7355a9b84ac1e1893ab828b19aa1dc217 (diff)
journal: Fix syslog forwarding without CAP_SYS_ADMIN
In case CAP_SYS_ADMIN is missing (like in containers), one cannot fake pid in struct ucred (uid/gid are fine if CAP_SETUID/CAP_SETGID are present). Ensure that journald will try again to forward the messages to syslog without faking the SCM_CREDENTIALS pid (which isn't guaranteed to succeed anyway, since it also does the same thing if the process has already exited). With this patch, journald will no longer silently discard messages that are supposed to be sent to syslog in these situations. https://bugs.debian.org/775067
-rw-r--r--src/journal/journald-syslog.c6
1 files changed, 3 insertions, 3 deletions
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index 6f43fd48c9..5d211323ad 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -85,12 +85,12 @@ static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned
return;
}
- if (ucred && errno == ESRCH) {
+ if (ucred && (errno == ESRCH || errno == EPERM)) {
struct ucred u;
/* Hmm, presumably the sender process vanished
- * by now, so let's fix it as good as we
- * can, and retry */
+ * by now, or we don't have CAP_SYS_AMDIN, so
+ * let's fix it as good as we can, and retry */
u = *ucred;
u.pid = getpid();