]>
git.ipfire.org Git - thirdparty/systemd.git/blob - src/shared/journal-util.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2013 Zbigniew Jędrzejewski-Szmek
6 Copyright 2015 Lennart Poettering
12 #include "journal-internal.h"
13 #include "journal-util.h"
16 #include "user-util.h"
18 static int access_check_var_log_journal(sd_journal
*j
, bool want_other_users
) {
20 _cleanup_strv_free_
char **g
= NULL
;
27 /* If we are root, we should have access, don't warn. */
31 /* If we are in the 'systemd-journal' group, we should have
33 r
= in_group("systemd-journal");
35 return log_error_errno(r
, "Failed to check if we are in the 'systemd-journal' group: %m");
40 if (laccess("/run/log/journal", F_OK
) >= 0)
41 dir
= "/run/log/journal";
43 dir
= "/var/log/journal";
45 /* If we are in any of the groups listed in the journal ACLs,
46 * then all is good, too. Let's enumerate all groups from the
47 * default ACL of the directory, which generally should allow
48 * access to most journal files too. */
49 r
= acl_search_groups(dir
, &g
);
51 return log_error_errno(r
, "Failed to search journal ACL: %m");
55 /* Print a pretty list, if there were ACLs set. */
56 if (!strv_isempty(g
)) {
57 _cleanup_free_
char *s
= NULL
;
59 /* Thre are groups in the ACL, let's list them */
60 r
= strv_extend(&g
, "systemd-journal");
67 s
= strv_join(g
, "', '");
71 log_notice("Hint: You are currently not seeing messages from %s.\n"
72 " Users in groups '%s' can see all messages.\n"
73 " Pass -q to turn off this notice.",
74 want_other_users
? "other users and the system" : "the system",
80 /* If no ACLs were found, print a short version of the message. */
81 log_notice("Hint: You are currently not seeing messages from %s.\n"
82 " Users in the 'systemd-journal' group can see all messages. Pass -q to\n"
83 " turn off this notice.",
84 want_other_users
? "other users and the system" : "the system");
89 int journal_access_check_and_warn(sd_journal
*j
, bool quiet
, bool want_other_users
) {
97 if (hashmap_isempty(j
->errors
)) {
98 if (ordered_hashmap_isempty(j
->files
) && !quiet
)
99 log_notice("No journal files were found.");
104 if (hashmap_contains(j
->errors
, INT_TO_PTR(-EACCES
))) {
106 (void) access_check_var_log_journal(j
, want_other_users
);
108 if (ordered_hashmap_isempty(j
->files
))
109 r
= log_error_errno(EACCES
, "No journal files were opened due to insufficient permissions.");
112 HASHMAP_FOREACH_KEY(path
, code
, j
->errors
, it
) {
115 err
= abs(PTR_TO_INT(code
));
122 log_warning_errno(err
, "Journal file %s is truncated, ignoring file.", path
);
125 case EPROTONOSUPPORT
:
126 log_warning_errno(err
, "Journal file %1$s uses an unsupported feature, ignoring file.\n"
127 "Use SYSTEMD_LOG_LEVEL=debug journalctl --file=%1$s to see the details.",
132 log_warning_errno(err
, "Journal file %s corrupted, ignoring file.", path
);
136 log_warning_errno(err
, "An error was encountered while opening journal file or directory %s, ignoring file: %m", path
);
144 bool journal_field_valid(const char *p
, size_t l
, bool allow_protected
) {
147 /* We kinda enforce POSIX syntax recommendations for
148 environment variables here, but make a couple of additional
151 http://pubs.opengroup.org/onlinepubs/000095399/basedefs/xbd_chap08.html */
153 if (l
== (size_t) -1)
156 /* No empty field names */
160 /* Don't allow names longer than 64 chars */
164 /* Variables starting with an underscore are protected */
165 if (!allow_protected
&& p
[0] == '_')
168 /* Don't allow digits as first character */
169 if (p
[0] >= '0' && p
[0] <= '9')
172 /* Only allow A-Z0-9 and '_' */
173 for (a
= p
; a
< p
+ l
; a
++)
174 if ((*a
< 'A' || *a
> 'Z') &&
175 (*a
< '0' || *a
> '9') &&