Age | Commit message (Collapse) | Author |
|
|
|
files
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
|
|
|
|
Thinking about it we should probably not hide bugs by falling back to
audit when we have our own session information anyway.
|
|
|
|
journal files
We should always go by our own cgroup hierarchy before using foreign
schemes such as audit, so let's do that for the split out logic too.
|
|
|
|
Assertion 'interval > 0 || burst == 0' failed at src/journal/journald-rate-limit.c:78, function journal_rate_limit_new(). Aborting.
|
|
In the long run we really should make this runtime configurable.
|
|
Add --user-unit= to make it possible to query for user logs by the name
of the service.
|
|
|
|
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
|
|
Logs written by journald from the initramfs may be written to a
directory with the name created from a random machine-id. Afterwards,
when the root filesystem has been mounted and machine-id reinitalized,
logs will be written to the directory with a name created from the
proper machine-id. When logs are flushed to /var/log/journal,
everything is copied to one output directory.
When journalctl without '-m' is run after the logs have been flushed
to /var/log/journal, all messages are shown. However, when run while
logs are still in /run/log/journal, those stored under the random
machine-id will not be shown.
Make journalctl behave the same regardless whether persistent storage
has been enabled or not, and slurp all files from /run/log/journal
even without '-m'.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=58946
|
|
|
|
Documentation states that 0 is correct, and all other
similar functions return 0 on success.
Pointed-out-by: Steven Hiscocks <steven-systemd@hiscocks.me.uk>
|
|
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
Code above this attempted to load loginuid, if this failed for
whatever reason, we'd still end up using that value (0) in place of
realuid. Fix this by setting a bool when we know the loginuid is
valid.
This fixes journal messages showing up in per-user journals in
gnome-ostree (not configured with loginuid, but I'll shortly fix
that).
|
|
syntaxes
https://bugs.freedesktop.org/show_bug.cgi?id=60596
|
|
|
|
|
|
|
|
Makes it easier to watch just for new entries. Once scenario
is where the user starts 'journalctl -qfn0' to watch for changes
during some operation.
|
|
|
|
|
|
Returns "HTTP/1.0 406 Not Acceptable" instead of silently
closing the connection.
|
|
The request must not be answered immediately (at first call to
response_handler()), but on the second. This is also important
for authentication, which cannot be performed on the first call.
Before:
% wget -O/dev/null -S https://localhost:19531/
--2012-11-28 18:29:43-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Location: /browse [following]
--2012-11-28 18:29:43-- https://localhost:19531/browse
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Connection: close
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Length: 23260 (23K) [text/html]
After:
% wget --no-check-certificate -O/dev/null -S https://localhost:19531/
--2012-11-28 18:30:05-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:30:05 GMT
Location: /browse [following]
--2012-11-28 18:30:05-- https://localhost:19531/browse
Reusing existing connection to localhost:19531.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:30:06 GMT
Length: 23260 (23K) [text/html]
|
|
|
|
A prefix ("microhttpd: ") is added to the log lines to make it easy to
distinguish the source.
|
|
For now the certificates are passed around as options to the
program. This might not be the most convenient under "production",
but makes for fairly easy testing.
|
|
In preparation for adding more options, split out the option
handling code.
|
|
specified
New file output.h with output flags and modes.
--full parameter also for cgls and loginctl.
Include 'all' parameter in flags (show_cgroup_by_path, show_cgroup,
show_cgroup_and_extra, show_cgroup_and_extra_by_spec).
get_process_cmdline with max_length == 0 will not ellipsize output.
Replace LINE_MAX with 0 in some calls of get_process_cmdline.
[zj: Default to --full when under pager for clgs.
Drop '-f' since it wasn't documented and didn't actually work.
Reindent a bit.
]
|
|
This makes journalctl quit on ferror() conditions on stdout. It fixes an
annoying bug if you pipe its output through 'less' and press 'q'. Without
this fix journalctl will continue reading all journal data until EOF which
can take quite some time. For instance on my machine:
david-nb ~ # time journalctl | wc -l
327240
real 1m13.039s
user 1m0.217s
sys 0m10.467s
However, expected behavior is journalctl to quit when its pager closed the
output pipe.
Signed-off-by: David Herrmann <dh.herrmann@googlemail.com>
|
|
|
|
Yay, we now have a completely generic systemd. No distribution specific checks anymore!
|
|
|
|
GCC manual states that "For an enum, struct or union type, you may
specify attributes either between the enum, struct or union tag and
the name of the type, or just past the closing curly brace of the
definition. The former syntax is preferred." This means that the
attribute should not be located before 'struct'. Putting it between
'struct' and the name seems cluttered. Putting it at the end seems
most readable.
This avoids clang warnings.
|
|
../src/journal/journal-send.c: In function 'sd_journal_sendv':
../src/journal/journal-send.c:250:73: warning: pointer of type 'void *' used in arithmetic [-Wpointer-arith]
|
|
|
|
Spotted by Lukas Nykryn
|
|
This introduces a new data threshold setting for sd_journal objects
which controls the maximum size of objects to decompress. This is
relieves the library from having to decompress full data objects even
if a client program is only interested in the initial part of them.
This speeds up "systemd-coredumpctl" drastically when invoked without
parameters.
|
|
entry for any message ID without requiring an open journal file
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=872193
|
|
|
|
https://bugzilla.redhat.com/show_bug.cgi?id=875653
|
|
Sometimes it is better to see messages in full, and the existing
set of options didn't allow this easily. E.g. now
journalctl -f --full
will behave like
tail -f /var/log/messages
of yore.
Long option only for now, since small letters are becoming
scarce, and this doesn't feel like a capital-letter-option.
'-u' would be nice, and the above command would be spelled
journalctl -fu
|
|
The path doesn't change in the standard configuration.
Also, give full path to the journalctl binary in the hook,
since it might be installed outside of $PATH.
Also, add uninstall hook to remove the binary catalog.
|
|
Some filesystem magics are too big to fit in 31 bits,
and are wrapped to negative. f_type is an int on 32 bits, so
it is signed, and we get a warning on comparison.
|