diff options
Diffstat (limited to 'src/journal/journalctl.c')
| -rw-r--r-- | src/journal/journalctl.c | 42 | 
1 files changed, 22 insertions, 20 deletions
| diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c index 91dbde3ba1..0a82a1cf15 100644 --- a/src/journal/journalctl.c +++ b/src/journal/journalctl.c @@ -905,9 +905,9 @@ static int access_check_var_log_journal(sd_journal *j) {          if (!have_access) {                  if (strv_isempty(g)) -                        log_notice("Hint: You are currently not seeing messages from other users and\n" -                                   "the system. Users in the group 'systemd-journal' can see all messages.\n" -                                   "Pass -q to turn this notice off."); +                        log_notice("Hint: You are currently not seeing messages from other users and the system.\n" +                                   "      Users in the 'systemd-journal' group can see all messages. Pass -q to\n" +                                   "      turn off this notice.");                  else {                          _cleanup_free_ char *s = NULL; @@ -923,8 +923,8 @@ static int access_check_var_log_journal(sd_journal *j) {                                  return log_oom();                          log_notice("Hint: You are currently not seeing messages from other users and the system.\n" -                                   "Users in the groups '%s' can see all messages.\n" -                                   "Pass -q to turn this notice off.", s); +                                   "      Users in the groups '%s' can see all messages.\n" +                                   "      Pass -q to turn off this notice.", s);                  }          } @@ -933,29 +933,27 @@ static int access_check_var_log_journal(sd_journal *j) {  #endif  static int access_check(sd_journal *j) { -        uint64_t eacces = EACCES, *code;          Iterator it; +        void *code;          int r = 0;          assert(j); -        assert(j->errors); -        assert(j->files);          if (set_isempty(j->errors)) {                  if (hashmap_isempty(j->files)) -                        log_info("No journal files were found."); +                        log_notice("No journal files were found.");                  return 0;          } -        if (!set_contains(j->errors, &eacces)) { +        if (set_contains(j->errors, INT_TO_PTR(-EACCES))) {  #ifdef HAVE_ACL                  /* If /var/log/journal doesn't even exist, -                   unprivileged users have no access at all */ +                 * unprivileged users have no access at all */                  if (access("/var/log/journal", F_OK) < 0 &&                      geteuid() != 0 &&                      in_group("systemd-journal") <= 0) { -                        log_error("Unprivileged users can't see messages unless persistent log storage\n" -                                  "is enabled. Users in the group 'systemd-journal' can always see messages."); +                        log_error("Unprivileged users cannot access messages, unless persistent log storage is\n" +                                  "enabled. Users in the 'systemd-journal' group may always access messages.");                          return -EACCES;                  } @@ -967,26 +965,30 @@ static int access_check(sd_journal *j) {                                  return r;                  }  #else -                if (geteuid() != 0 && in_group("systemd-journal") <= 0) -                        log_error("No access to messages.\n" -                                  "Users in the group 'systemd-journal' can see messages."); +                if (geteuid() != 0 && in_group("systemd-journal") <= 0) { +                        log_error("Unprivileged users cannot access messages. Users in the 'systemd-journal' group\n" +                                  "group may access messages."); +                        return -EACCES; +                }  #endif +                  if (hashmap_isempty(j->files)) { -                        log_error("No journal files were opened, due to insufficient permissions."); +                        log_error("No journal files were opened due to insufficient permissions.");                          r = -EACCES;                  }          }          SET_FOREACH(code, j->errors, it) { -                int err = -PTR_TO_INT(code); +                int err; + +                err = -PTR_TO_INT(code);                  assert(err > 0); +                  if (err != EACCES)                          log_warning("Error was encountered while opening journal files: %s",                                      strerror(err));          } -        log_notice("Hint: run journalctl in debug mode: SYSTEMD_LOG_LEVEL=debug journalct ..."); -          return r;  } | 
