journalctl: various fixes to the access check logic

- Reword messages a bit - Correct check whether EACCES is in the set of errors - Don't complain if no journal files are found - allocate Set object for errors lazily since in the best case we don't need it at all. - don't consider it an error if /run/log/journal doesn't exist (because that's the usual case actually, if storage is enabled)
author: Lennart Poettering <lennart@poettering.net> 2013-03-23 01:12:22 +0100
committer: Lennart Poettering <lennart@poettering.net> 2013-03-23 01:12:22 +0100
commit: 3ac251b81a41295a90c89c164f0d72ce6de651aa (patch)
tree: f928d8c5998f2bc23fb58b8db13900e79434c81b /src/journal/journalctl.c
parent: a5a5ade34c142c42e584aa19ee92de6d3e1994c3 (diff)
1 files changed, 22 insertions, 20 deletions
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 91dbde3ba1..0a82a1cf15 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -905,9 +905,9 @@ static int access_check_var_log_journal(sd_journal *j) {
         if (!have_access) {
 
                 if (strv_isempty(g))
-                        log_notice("Hint: You are currently not seeing messages from other users and\n"
-                                   "the system. Users in the group 'systemd-journal' can see all messages.\n"
-                                   "Pass -q to turn this notice off.");
+                        log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
+                                   "      Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
+                                   "      turn off this notice.");
                 else {
                         _cleanup_free_ char *s = NULL;
 
@@ -923,8 +923,8 @@ static int access_check_var_log_journal(sd_journal *j) {
                                 return log_oom();
 
                         log_notice("Hint: You are currently not seeing messages from other users and the system.\n"
-                                   "Users in the groups '%s' can see all messages.\n"
-                                   "Pass -q to turn this notice off.", s);
+                                   "      Users in the groups '%s' can see all messages.\n"
+                                   "      Pass -q to turn off this notice.", s);
                 }
         }
 
@@ -933,29 +933,27 @@ static int access_check_var_log_journal(sd_journal *j) {
 #endif
 
 static int access_check(sd_journal *j) {
-        uint64_t eacces = EACCES, *code;
         Iterator it;
+        void *code;
         int r = 0;
 
         assert(j);
-        assert(j->errors);
-        assert(j->files);
 
         if (set_isempty(j->errors)) {
                 if (hashmap_isempty(j->files))
-                        log_info("No journal files were found.");
+                        log_notice("No journal files were found.");
                 return 0;
         }
 
-        if (!set_contains(j->errors, &eacces)) {
+        if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {
 #ifdef HAVE_ACL
                 /* If /var/log/journal doesn't even exist,
-                   unprivileged users have no access at all */
+                 * unprivileged users have no access at all */
                 if (access("/var/log/journal", F_OK) < 0 &&
                     geteuid() != 0 &&
                     in_group("systemd-journal") <= 0) {
-                        log_error("Unprivileged users can't see messages unless persistent log storage\n"
-                                  "is enabled. Users in the group 'systemd-journal' can always see messages.");
+                        log_error("Unprivileged users cannot access messages, unless persistent log storage is\n"
+                                  "enabled. Users in the 'systemd-journal' group may always access messages.");
                         return -EACCES;
                 }
 
@@ -967,26 +965,30 @@ static int access_check(sd_journal *j) {
                                 return r;
                 }
 #else
-                if (geteuid() != 0 && in_group("systemd-journal") <= 0)
-                        log_error("No access to messages.\n"
-                                  "Users in the group 'systemd-journal' can see messages.");
+                if (geteuid() != 0 && in_group("systemd-journal") <= 0) {
+                        log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n"
+                                  "group may access messages.");
+                        return -EACCES;
+                }
 #endif
+
                 if (hashmap_isempty(j->files)) {
-                        log_error("No journal files were opened, due to insufficient permissions.");
+                        log_error("No journal files were opened due to insufficient permissions.");
                         r = -EACCES;
                 }
         }
 
         SET_FOREACH(code, j->errors, it) {
-                int err = -PTR_TO_INT(code);
+                int err;
+
+                err = -PTR_TO_INT(code);
                 assert(err > 0);
+
                 if (err != EACCES)
                         log_warning("Error was encountered while opening journal files: %s",
                                     strerror(err));
         }
 
-        log_notice("Hint: run journalctl in debug mode: SYSTEMD_LOG_LEVEL=debug journalct ...");
-
         return r;
 }
author	Lennart Poettering <lennart@poettering.net>	2013-03-23 01:12:22 +0100
committer	Lennart Poettering <lennart@poettering.net>	2013-03-23 01:12:22 +0100
commit	3ac251b81a41295a90c89c164f0d72ce6de651aa (patch)
tree	f928d8c5998f2bc23fb58b8db13900e79434c81b /src/journal/journalctl.c
parent	a5a5ade34c142c42e584aa19ee92de6d3e1994c3 (diff)