Age | Commit message (Collapse) | Author |
|
This loop over acls is a bit too much to keep inside
of another loop.
|
|
/var/log/journal
If we notice that we unprivileged and not in any of the groups which
have access to /var/log/journal, print a nice message about which groups
do.
This checks and prints all groups that are in the default ACL for
/var/log/journal, which is not necessarily correct for all journal
files, but pretty close.
|
|
The vacuum code used to stop vacuuming after one deletion, even
when max_use was still exceeded.
Also make usage a uint64_t, as the code already pretends it is one.
Signed-off-by: Jan Alexander Steffens (heftig) <jan.steffens@gmail.com>
|
|
|
|
library
|
|
The ability to dump catalog entries in full and by id is added.
|
|
|
|
Seems natural to be able to specify relative directory,
e.g. with journalctl -D. And even if, this should be checked
in front-end code, not in the library.
|
|
|
|
One log_debug() moved to match order in other functions.
|
|
|
|
|
|
journalctl -u unit is not very useful, because it doesn't show
systemd messages about starting, stopping, coredumps, etc,
like systemctl status unit does. Make it show the same
information using the same rules.
If somebody really want to see just messages from by the unit,
it is easy enough to use _SYSTEMD_UNIT=...
|
|
|
|
Priority 0 is acceptable (it's LOG_EMERG).
BTW, I'm not sure why we allow priorities up to 999, but I'm leaving
this be for now.
http://lists.freedesktop.org/archives/systemd-devel/2013-March/009510.html
|
|
Make sure the pager does not have to buffer an unbounded number of log
messages, by default.
|
|
$ journalctl -be
is what you want :)
https://bugzilla.redhat.com/show_bug.cgi?id=867841
|
|
The man page says so. Right now 0 would be returned if the data was encrypted,
1 otherwise.
|
|
Since sd_journal_reliable_fd wasn't exported before, it is as if
it was added now. Library "current" number must be bumped.
michich> Someone links with the fixed version and produces a RPM with
his program. The RPM will happily install on a system with an
old systemd version (the deps will appear fine), but the
program will fail to run.
|
|
sd_journal_reliable_fd was added in 85210bffd836, but it was
exported under the wrong name. Not too many users I guess.
|
|
|
|
files
Previously all journal files were owned by "adm". In order to allow
specific users to read the journal files without granting it access to
the full "adm" powers, introduce a new specific group for this.
"systemd-journal" has to be created by the packaging scripts manually at
installation time. It's a good idea to assign a static UID/GID to this
group, since /var/log/journal might be shared across machines via NFS.
This commit also grants read access to the journal files by default to
members of the "wheel" and "adm" groups via file system ACLs, since
these "almost-root" groups should be able to see what's going on on the
system. These ACLs are created by "make install". Packagers probably
need to duplicate this logic in their postinst scripts.
This also adds documentation how to grant access to the journal to
additional users or groups via fs ACLs.
|
|
|
|
Thinking about it we should probably not hide bugs by falling back to
audit when we have our own session information anyway.
|
|
|
|
journal files
We should always go by our own cgroup hierarchy before using foreign
schemes such as audit, so let's do that for the split out logic too.
|
|
|
|
Assertion 'interval > 0 || burst == 0' failed at src/journal/journald-rate-limit.c:78, function journal_rate_limit_new(). Aborting.
|
|
In the long run we really should make this runtime configurable.
|
|
Add --user-unit= to make it possible to query for user logs by the name
of the service.
|
|
|
|
* python-systemd-reader:
python-systemd: rename Journal to Reader
build-sys: upload python documentation to freedesktop.org
systemd-python: add Journal class for reading journal
python: build html docs using sphinx
journalct: also print Python code in --new-id
python: utilize uuid.UUID in logging
python: add systemd.id128 module
... and 34 other commits
In short: python module systemd.id128 is added, and existing
systemd.journal gains a new class systemd.journal.Reader, which can be
used to iterate over journal entries. Documentation is provided, and
accessible under e.g.
pydoc3 systemd.journal.Reader
or
firefox http://www.freedesktop.org/software/systemd/man/python-systemd/
|
|
Logs written by journald from the initramfs may be written to a
directory with the name created from a random machine-id. Afterwards,
when the root filesystem has been mounted and machine-id reinitalized,
logs will be written to the directory with a name created from the
proper machine-id. When logs are flushed to /var/log/journal,
everything is copied to one output directory.
When journalctl without '-m' is run after the logs have been flushed
to /var/log/journal, all messages are shown. However, when run while
logs are still in /run/log/journal, those stored under the random
machine-id will not be shown.
Make journalctl behave the same regardless whether persistent storage
has been enabled or not, and slurp all files from /run/log/journal
even without '-m'.
|
|
https://bugs.freedesktop.org/show_bug.cgi?id=58946
|
|
|
|
Documentation states that 0 is correct, and all other
similar functions return 0 on success.
Pointed-out-by: Steven Hiscocks <steven-systemd@hiscocks.me.uk>
|
|
|
|
Also split out some fileio functions to fileio.c and provide a SELinux
aware pendant in fileio-label.c
see https://bugzilla.redhat.com/show_bug.cgi?id=881577
|
|
|
|
Code above this attempted to load loginuid, if this failed for
whatever reason, we'd still end up using that value (0) in place of
realuid. Fix this by setting a bool when we know the loginuid is
valid.
This fixes journal messages showing up in per-user journals in
gnome-ostree (not configured with loginuid, but I'll shortly fix
that).
|
|
syntaxes
https://bugs.freedesktop.org/show_bug.cgi?id=60596
|
|
|
|
|
|
|
|
Makes it easier to watch just for new entries. Once scenario
is where the user starts 'journalctl -qfn0' to watch for changes
during some operation.
|
|
|
|
|
|
Returns "HTTP/1.0 406 Not Acceptable" instead of silently
closing the connection.
|
|
The request must not be answered immediately (at first call to
response_handler()), but on the second. This is also important
for authentication, which cannot be performed on the first call.
Before:
% wget -O/dev/null -S https://localhost:19531/
--2012-11-28 18:29:43-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Connection: close
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Location: /browse [following]
--2012-11-28 18:29:43-- https://localhost:19531/browse
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Connection: close
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:29:44 GMT
Length: 23260 (23K) [text/html]
After:
% wget --no-check-certificate -O/dev/null -S https://localhost:19531/
--2012-11-28 18:30:05-- https://localhost:19531/
Resolving localhost (localhost)... 127.0.0.1
Connecting to localhost (localhost)|127.0.0.1|:19531... connected.
HTTP request sent, awaiting response...
HTTP/1.1 301 Moved Permanently
Content-Length: 87
Location: /browse
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:30:05 GMT
Location: /browse [following]
--2012-11-28 18:30:05-- https://localhost:19531/browse
Reusing existing connection to localhost:19531.
HTTP request sent, awaiting response...
HTTP/1.1 200 OK
Content-Length: 23260
Content-Type: text/html
Date: Wed, 28 Nov 2012 17:30:06 GMT
Length: 23260 (23K) [text/html]
|
|
|