summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorLennart Poettering <lennart@poettering.net>2014-06-04 16:37:02 +0200
committerLennart Poettering <lennart@poettering.net>2014-06-04 16:53:58 +0200
commit03ee5c38cb0da193dd08733fb4c0c2809cee6a99 (patch)
tree7dd08d7c90b63c8d66e46feb0fd4d1c473172b77
parent02ba8fb3357daf57f6120ac512fb464a4c623419 (diff)
journald: move /dev/log socket to /run
This way we can make the socket also available for sandboxed apps that have their own private /dev. They can now simply symlink the socket from /dev.
-rw-r--r--Makefile.am7
-rw-r--r--man/systemd-journald.service.xml2
-rw-r--r--src/journal/journald-server.c3
-rw-r--r--src/journal/journald-syslog.c2
-rw-r--r--units/systemd-journald-dev-log.socket26
-rw-r--r--units/systemd-journald.service.in3
-rw-r--r--units/systemd-journald.socket2
7 files changed, 39 insertions, 6 deletions
diff --git a/Makefile.am b/Makefile.am
index d778b31b05..110937781a 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -3480,7 +3480,8 @@ bin_PROGRAMS += \
systemd-cat
dist_systemunit_DATA += \
- units/systemd-journald.socket
+ units/systemd-journald.socket \
+ units/systemd-journald-dev-log.socket
nodist_systemunit_DATA += \
units/systemd-journald.service \
@@ -3496,7 +3497,9 @@ dist_catalog_DATA = \
catalog/systemd.catalog
SOCKETS_TARGET_WANTS += \
- systemd-journald.socket
+ systemd-journald.socket \
+ systemd-journald-dev-log.socket
+
SYSINIT_TARGET_WANTS += \
systemd-journald.service \
systemd-journal-flush.service
diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml
index f0ce7aae64..7ac73ed66d 100644
--- a/man/systemd-journald.service.xml
+++ b/man/systemd-journald.service.xml
@@ -45,6 +45,7 @@
<refnamediv>
<refname>systemd-journald.service</refname>
<refname>systemd-journald.socket</refname>
+ <refname>systemd-journald-dev-log.socket</refname>
<refname>systemd-journald</refname>
<refpurpose>Journal service</refpurpose>
</refnamediv>
@@ -52,6 +53,7 @@
<refsynopsisdiv>
<para><filename>systemd-journald.service</filename></para>
<para><filename>systemd-journald.socket</filename></para>
+ <para><filename>systemd-journald-dev-log.socket</filename></para>
<para><filename>/usr/lib/systemd/systemd-journald</filename></para>
</refsynopsisdiv>
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 381d80a938..3211773c27 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -1535,7 +1535,8 @@ int server_init(Server *s) {
s->stdout_fd = fd;
- } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) {
+ } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 ||
+ sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) {
if (s->syslog_fd >= 0) {
log_error("Too many /dev/log sockets passed.");
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index 434eac428f..b826e23c01 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -428,7 +428,7 @@ int server_open_syslog_socket(Server *s) {
if (s->syslog_fd < 0) {
union sockaddr_union sa = {
.un.sun_family = AF_UNIX,
- .un.sun_path = "/dev/log",
+ .un.sun_path = "/run/systemd/journal/dev-log",
};
s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0);
diff --git a/units/systemd-journald-dev-log.socket b/units/systemd-journald-dev-log.socket
new file mode 100644
index 0000000000..c01b310b40
--- /dev/null
+++ b/units/systemd-journald-dev-log.socket
@@ -0,0 +1,26 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Journal Socket (/dev/log)
+Documentation=man:systemd-journald.service(8) man:journald.conf(5)
+DefaultDependencies=no
+Before=sockets.target
+
+# Mount and swap units need this. If this socket unit is removed by an
+# isolate request the mount and swap units would be removed too,
+# hence let's exclude this from isolate requests.
+IgnoreOnIsolate=yes
+
+[Socket]
+ListenDatagram=/run/systemd/journal/dev-log
+Symlinks=/dev/log
+SocketMode=0666
+PassCredentials=yes
+PassSecurity=yes
+ReceiveBuffer=8M
+Service=systemd-journald.service
diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in
index ba3f847201..4a307c708b 100644
--- a/units/systemd-journald.service.in
+++ b/units/systemd-journald.service.in
@@ -10,10 +10,11 @@ Description=Journal Service
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
DefaultDependencies=no
Requires=systemd-journald.socket
-After=systemd-journald.socket syslog.socket
+After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket
Before=sysinit.target
[Service]
+Sockets=systemd-journald.socket systemd-journald-dev-log.socket
ExecStart=@rootlibexecdir@/systemd-journald
Restart=always
RestartSec=0
diff --git a/units/systemd-journald.socket b/units/systemd-journald.socket
index fbeb10baae..71737014ca 100644
--- a/units/systemd-journald.socket
+++ b/units/systemd-journald.socket
@@ -19,8 +19,8 @@ IgnoreOnIsolate=yes
[Socket]
ListenStream=/run/systemd/journal/stdout
ListenDatagram=/run/systemd/journal/socket
-ListenDatagram=/dev/log
SocketMode=0666
PassCredentials=yes
PassSecurity=yes
ReceiveBuffer=8M
+Service=systemd-journald.service