diff options
author | Lennart Poettering <lennart@poettering.net> | 2013-09-17 16:42:36 -0500 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2013-09-17 16:55:37 -0500 |
commit | 4608af4333d0f7f5f8e3bc632801b04ef07d246d (patch) | |
tree | c8614f1e3cf783bf6e969c9d485fdd528f2c5b37 /src/journal | |
parent | 265ffa1e05acf12769a64d0734fd2472237c03c5 (diff) |
journald: avoid NSS in journald
In order to avoid a deadlock between journald looking up the
"systemd-journal" group name, and nscd (or anyother NSS backing daemon)
logging something back to the journal avoid all NSS in journald the same
way as we avoid it from PID 1.
With this change we rely on the kernel file system logic to adjust the
group of created journal files via the SETGID bit on the journal
directory. To ensure that it is always set, even after the user created
it with a simply "mkdir" on the shell we fix it up via tmpfiles on boot.
Diffstat (limited to 'src/journal')
-rw-r--r-- | src/journal/journald-server.c | 25 | ||||
-rw-r--r-- | src/journal/journald-server.h | 3 |
2 files changed, 2 insertions, 26 deletions
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 709fa8b7d0..cc8ce0dc0d 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -180,25 +180,6 @@ static uint64_t available_space(Server *s, bool verbose) { return s->cached_available_space; } -static void server_read_file_gid(Server *s) { - const char *g = "systemd-journal"; - int r; - - assert(s); - - if (s->file_gid_valid) - return; - - r = get_group_creds(&g, &s->file_gid); - if (r < 0) - log_warning("Failed to resolve '%s' group: %s", g, strerror(-r)); - - /* if we couldn't read the gid, then it will be 0, but that's - * fine and we shouldn't try to resolve the group again, so - * let's just pretend it worked right-away. */ - s->file_gid_valid = true; -} - void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { int r; #ifdef HAVE_ACL @@ -209,11 +190,9 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { assert(f); - server_read_file_gid(s); - - r = fchmod_and_fchown(f->fd, 0640, 0, s->file_gid); + r = fchmod(f->fd, 0640); if (r < 0) - log_warning("Failed to fix access mode/rights on %s, ignoring: %s", f->path, strerror(-r)); + log_warning("Failed to fix access mode on %s, ignoring: %s", f->path, strerror(-r)); #ifdef HAVE_ACL if (uid <= 0) diff --git a/src/journal/journald-server.h b/src/journal/journald-server.h index 238fc8c3fb..10e9958be0 100644 --- a/src/journal/journald-server.h +++ b/src/journal/journald-server.h @@ -97,9 +97,6 @@ typedef struct Server { usec_t max_file_usec; usec_t oldest_file_usec; - gid_t file_gid; - bool file_gid_valid; - LIST_HEAD(StdoutStream, stdout_streams); unsigned n_stdout_streams; |