journalctl: politely refuse if non-root usernames are specified for --machine=

We currently cannot support that (supporting that would probably require
some active component in the machine, or alternatively idmapped mounts
or so), hence politely refuse it.

See: https://github.com/systemd/systemd/issues/32997#issuecomment-2127700945

diff --git a/src/journal/journalctl-util.c b/src/journal/journalctl-util.c
index dd6026e9f27644c920827846c74b8d84c5187fd6..586f702bb4da87a55b0be2a78a5addef899c4284 100644 (file)
--- a/src/journal/journalctl-util.c
+++ b/src/journal/journalctl-util.c
@@ -5,6 +5,7 @@
 
 #include "alloc-util.h"
 #include "glob-util.h"
+#include "hostname-util.h"
 #include "id128-util.h"
 #include "journal-util.h"
 #include "journalctl.h"
@@ -43,9 +44,18 @@ int acquire_journal(sd_journal **ret) {
                 r = sd_journal_open_files_fd(&j, (int[]) { STDIN_FILENO }, 1, arg_journal_additional_open_flags);
         else if (arg_file)
                 r = sd_journal_open_files(&j, (const char**) arg_file, arg_journal_additional_open_flags);
-        else if (arg_machine)
-                r = journal_open_machine(&j, arg_machine, arg_journal_additional_open_flags);
-        else
+        else if (arg_machine) {
+                _cleanup_free_ char *u = NULL, *h = NULL;
+
+                r = split_user_at_host(arg_machine, &u, &h);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to split machine specification '%s': %m", arg_machine);
+
+                if (!isempty(u) && !streq(u, "root"))
+                        return log_error_errno(SYNTHETIC_ERRNO(EOPNOTSUPP), "Connecting to a machine as non-root is not supported.");
+
+                r = journal_open_machine(&j, h ?: ".host", arg_journal_additional_open_flags);
+        } else
                 r = sd_journal_open_namespace(
                                 &j,
                                 arg_namespace,