]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/journal-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2013 Zbigniew Jędrzejewski-Szmek
6 Copyright 2015 Lennart Poettering
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
25 #include "journal-internal.h"
26 #include "journal-util.h"
29 #include "user-util.h"
31 static int access_check_var_log_journal(sd_journal
*j
, bool want_other_users
) {
33 _cleanup_strv_free_
char **g
= NULL
;
40 /* If we are root, we should have access, don't warn. */
44 /* If we are in the 'systemd-journal' group, we should have
46 r
= in_group("systemd-journal");
48 return log_error_errno(r
, "Failed to check if we are in the 'systemd-journal' group: %m");
53 if (laccess("/run/log/journal", F_OK
) >= 0)
54 dir
= "/run/log/journal";
56 dir
= "/var/log/journal";
58 /* If we are in any of the groups listed in the journal ACLs,
59 * then all is good, too. Let's enumerate all groups from the
60 * default ACL of the directory, which generally should allow
61 * access to most journal files too. */
62 r
= acl_search_groups(dir
, &g
);
64 return log_error_errno(r
, "Failed to search journal ACL: %m");
68 /* Print a pretty list, if there were ACLs set. */
69 if (!strv_isempty(g
)) {
70 _cleanup_free_
char *s
= NULL
;
72 /* Thre are groups in the ACL, let's list them */
73 r
= strv_extend(&g
, "systemd-journal");
80 s
= strv_join(g
, "', '");
84 log_notice("Hint: You are currently not seeing messages from %s.\n"
85 " Users in groups '%s' can see all messages.\n"
86 " Pass -q to turn off this notice.",
87 want_other_users
? "other users and the system" : "the system",
93 /* If no ACLs were found, print a short version of the message. */
94 log_notice("Hint: You are currently not seeing messages from %s.\n"
95 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
96 " turn off this notice.",
97 want_other_users
? "other users and the system" : "the system");
102 int journal_access_check_and_warn(sd_journal
*j
, bool quiet
, bool want_other_users
) {
110 if (hashmap_isempty(j
->errors
)) {
111 if (ordered_hashmap_isempty(j
->files
) && !quiet
)
112 log_notice("No journal files were found.");
117 if (hashmap_contains(j
->errors
, INT_TO_PTR(-EACCES
))) {
119 (void) access_check_var_log_journal(j
, want_other_users
);
121 if (ordered_hashmap_isempty(j
->files
))
122 r
= log_error_errno(EACCES
, "No journal files were opened due to insufficient permissions.");
125 HASHMAP_FOREACH_KEY(path
, code
, j
->errors
, it
) {
128 err
= abs(PTR_TO_INT(code
));
135 log_warning_errno(err
, "Journal file %s is truncated, ignoring file.", path
);
138 case EPROTONOSUPPORT
:
139 log_warning_errno(err
, "Journal file %1$s uses an unsupported feature, ignoring file.\n"
140 "Use SYSTEMD_LOG_LEVEL=debug journalctl --file=%1$s to see the details.",
145 log_warning_errno(err
, "Journal file %s corrupted, ignoring file.", path
);
149 log_warning_errno(err
, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path
);
157 bool journal_field_valid(const char *p
, size_t l
, bool allow_protected
) {
160 /* We kinda enforce POSIX syntax recommendations for
161 environment variables here, but make a couple of additional
164 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
166 if (l
== (size_t) -1)
169 /* No empty field names */
173 /* Don't allow names longer than 64 chars */
177 /* Variables starting with an underscore are protected */
178 if (!allow_protected
&& p
[0] == '_')
181 /* Don't allow digits as first character */
182 if (p
[0] >= '0' && p
[0] <= '9')
185 /* Only allow A-Z0-9 and '_' */
186 for (a
= p
; a
< p
+ l
; a
++)
187 if ((*a
< 'A' || *a
> 'Z') &&
188 (*a
< '0' || *a
> '9') &&