]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/journal-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
6 #include "journal-internal.h"
7 #include "journal-util.h"
10 #include "user-util.h"
12 static int access_check_var_log_journal(sd_journal
*j
, bool want_other_users
) {
14 _cleanup_strv_free_
char **g
= NULL
;
21 /* If we are root, we should have access, don't warn. */
25 /* If we are in the 'systemd-journal' group, we should have
27 r
= in_group("systemd-journal");
29 return log_error_errno(r
, "Failed to check if we are in the 'systemd-journal' group: %m");
34 if (laccess("/run/log/journal", F_OK
) >= 0)
35 dir
= "/run/log/journal";
37 dir
= "/var/log/journal";
39 /* If we are in any of the groups listed in the journal ACLs,
40 * then all is good, too. Let's enumerate all groups from the
41 * default ACL of the directory, which generally should allow
42 * access to most journal files too. */
43 r
= acl_search_groups(dir
, &g
);
45 return log_error_errno(r
, "Failed to search journal ACL: %m");
49 /* Print a pretty list, if there were ACLs set. */
50 if (!strv_isempty(g
)) {
51 _cleanup_free_
char *s
= NULL
;
53 /* There are groups in the ACL, let's list them */
54 r
= strv_extend(&g
, "systemd-journal");
61 s
= strv_join(g
, "', '");
65 log_notice("Hint: You are currently not seeing messages from %s.\n"
66 " Users in groups '%s' can see all messages.\n"
67 " Pass -q to turn off this notice.",
68 want_other_users
? "other users and the system" : "the system",
74 /* If no ACLs were found, print a short version of the message. */
75 log_notice("Hint: You are currently not seeing messages from %s.\n"
76 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
77 " turn off this notice.",
78 want_other_users
? "other users and the system" : "the system");
83 int journal_access_blocked(sd_journal
*j
) {
84 return hashmap_contains(j
->errors
, INT_TO_PTR(-EACCES
));
87 int journal_access_check_and_warn(sd_journal
*j
, bool quiet
, bool want_other_users
) {
94 if (hashmap_isempty(j
->errors
)) {
95 if (ordered_hashmap_isempty(j
->files
) && !quiet
)
96 log_notice("No journal files were found.");
101 if (journal_access_blocked(j
)) {
103 (void) access_check_var_log_journal(j
, want_other_users
);
105 if (ordered_hashmap_isempty(j
->files
))
106 r
= log_error_errno(EACCES
, "No journal files were opened due to insufficient permissions.");
109 HASHMAP_FOREACH_KEY(path
, code
, j
->errors
) {
112 err
= abs(PTR_TO_INT(code
));
119 log_warning_errno(err
, "Journal file %s is truncated, ignoring file.", path
);
122 case EPROTONOSUPPORT
:
123 log_warning_errno(err
, "Journal file %1$s uses an unsupported feature, ignoring file.\n"
124 "Use SYSTEMD_LOG_LEVEL=debug journalctl --file=%1$s to see the details.",
129 log_warning_errno(err
, "Journal file %s corrupted, ignoring file.", path
);
133 log_warning_errno(err
, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path
);
141 bool journal_field_valid(const char *p
, size_t l
, bool allow_protected
) {
144 /* We kinda enforce POSIX syntax recommendations for
145 environment variables here, but make a couple of additional
148 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
150 if (l
== (size_t) -1)
153 /* No empty field names */
157 /* Don't allow names longer than 64 chars */
161 /* Variables starting with an underscore are protected */
162 if (!allow_protected
&& p
[0] == '_')
165 /* Don't allow digits as first character */
166 if (p
[0] >= '0' && p
[0] <= '9')
169 /* Only allow A-Z0-9 and '_' */
170 for (a
= p
; a
< p
+ l
; a
++)
171 if ((*a
< 'A' || *a
> 'Z') &&
172 (*a
< '0' || *a
> '9') &&