diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-04 16:37:02 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-04 16:53:58 +0200 |
commit | 03ee5c38cb0da193dd08733fb4c0c2809cee6a99 (patch) | |
tree | 7dd08d7c90b63c8d66e46feb0fd4d1c473172b77 | |
parent | 02ba8fb3357daf57f6120ac512fb464a4c623419 (diff) |
journald: move /dev/log socket to /run
This way we can make the socket also available for sandboxed apps that
have their own private /dev. They can now simply symlink the socket from
/dev.
-rw-r--r-- | Makefile.am | 7 | ||||
-rw-r--r-- | man/systemd-journald.service.xml | 2 | ||||
-rw-r--r-- | src/journal/journald-server.c | 3 | ||||
-rw-r--r-- | src/journal/journald-syslog.c | 2 | ||||
-rw-r--r-- | units/systemd-journald-dev-log.socket | 26 | ||||
-rw-r--r-- | units/systemd-journald.service.in | 3 | ||||
-rw-r--r-- | units/systemd-journald.socket | 2 |
7 files changed, 39 insertions, 6 deletions
diff --git a/Makefile.am b/Makefile.am index d778b31b05..110937781a 100644 --- a/Makefile.am +++ b/Makefile.am @@ -3480,7 +3480,8 @@ bin_PROGRAMS += \ systemd-cat dist_systemunit_DATA += \ - units/systemd-journald.socket + units/systemd-journald.socket \ + units/systemd-journald-dev-log.socket nodist_systemunit_DATA += \ units/systemd-journald.service \ @@ -3496,7 +3497,9 @@ dist_catalog_DATA = \ catalog/systemd.catalog SOCKETS_TARGET_WANTS += \ - systemd-journald.socket + systemd-journald.socket \ + systemd-journald-dev-log.socket + SYSINIT_TARGET_WANTS += \ systemd-journald.service \ systemd-journal-flush.service diff --git a/man/systemd-journald.service.xml b/man/systemd-journald.service.xml index f0ce7aae64..7ac73ed66d 100644 --- a/man/systemd-journald.service.xml +++ b/man/systemd-journald.service.xml @@ -45,6 +45,7 @@ <refnamediv> <refname>systemd-journald.service</refname> <refname>systemd-journald.socket</refname> + <refname>systemd-journald-dev-log.socket</refname> <refname>systemd-journald</refname> <refpurpose>Journal service</refpurpose> </refnamediv> @@ -52,6 +53,7 @@ <refsynopsisdiv> <para><filename>systemd-journald.service</filename></para> <para><filename>systemd-journald.socket</filename></para> + <para><filename>systemd-journald-dev-log.socket</filename></para> <para><filename>/usr/lib/systemd/systemd-journald</filename></para> </refsynopsisdiv> diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 381d80a938..3211773c27 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -1535,7 +1535,8 @@ int server_init(Server *s) { s->stdout_fd = fd; - } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0) { + } else if (sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/dev/log", 0) > 0 || + sd_is_socket_unix(fd, SOCK_DGRAM, -1, "/run/systemd/journal/dev-log", 0) > 0) { if (s->syslog_fd >= 0) { log_error("Too many /dev/log sockets passed."); diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c index 434eac428f..b826e23c01 100644 --- a/src/journal/journald-syslog.c +++ b/src/journal/journald-syslog.c @@ -428,7 +428,7 @@ int server_open_syslog_socket(Server *s) { if (s->syslog_fd < 0) { union sockaddr_union sa = { .un.sun_family = AF_UNIX, - .un.sun_path = "/dev/log", + .un.sun_path = "/run/systemd/journal/dev-log", }; s->syslog_fd = socket(AF_UNIX, SOCK_DGRAM|SOCK_CLOEXEC|SOCK_NONBLOCK, 0); diff --git a/units/systemd-journald-dev-log.socket b/units/systemd-journald-dev-log.socket new file mode 100644 index 0000000000..c01b310b40 --- /dev/null +++ b/units/systemd-journald-dev-log.socket @@ -0,0 +1,26 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +[Unit] +Description=Journal Socket (/dev/log) +Documentation=man:systemd-journald.service(8) man:journald.conf(5) +DefaultDependencies=no +Before=sockets.target + +# Mount and swap units need this. If this socket unit is removed by an +# isolate request the mount and swap units would be removed too, +# hence let's exclude this from isolate requests. +IgnoreOnIsolate=yes + +[Socket] +ListenDatagram=/run/systemd/journal/dev-log +Symlinks=/dev/log +SocketMode=0666 +PassCredentials=yes +PassSecurity=yes +ReceiveBuffer=8M +Service=systemd-journald.service diff --git a/units/systemd-journald.service.in b/units/systemd-journald.service.in index ba3f847201..4a307c708b 100644 --- a/units/systemd-journald.service.in +++ b/units/systemd-journald.service.in @@ -10,10 +10,11 @@ Description=Journal Service Documentation=man:systemd-journald.service(8) man:journald.conf(5) DefaultDependencies=no Requires=systemd-journald.socket -After=systemd-journald.socket syslog.socket +After=systemd-journald.socket systemd-journald-dev-log.socket syslog.socket Before=sysinit.target [Service] +Sockets=systemd-journald.socket systemd-journald-dev-log.socket ExecStart=@rootlibexecdir@/systemd-journald Restart=always RestartSec=0 diff --git a/units/systemd-journald.socket b/units/systemd-journald.socket index fbeb10baae..71737014ca 100644 --- a/units/systemd-journald.socket +++ b/units/systemd-journald.socket @@ -19,8 +19,8 @@ IgnoreOnIsolate=yes [Socket] ListenStream=/run/systemd/journal/stdout ListenDatagram=/run/systemd/journal/socket -ListenDatagram=/dev/log SocketMode=0666 PassCredentials=yes PassSecurity=yes ReceiveBuffer=8M +Service=systemd-journald.service |