journald: fix ignored filtering patterns for delegated cgroups

author Quentin Deslandes <qde@naccy.de>

Thu, 26 Jan 2023 18:44:10 +0000 (19:44 +0100)

committer Quentin Deslandes <qde@naccy.de>

Wed, 8 Feb 2023 15:52:51 +0000 (16:52 +0100)
author Quentin Deslandes <qde@naccy.de>
Thu, 26 Jan 2023 18:44:10 +0000 (19:44 +0100)
committer Quentin Deslandes <qde@naccy.de>
Wed, 8 Feb 2023 15:52:51 +0000 (16:52 +0100)
diff --git a/src/journal/journald-client.c b/src/journal/journald-client.c

index 22090aa93c1d51bcd5757fd0087ae3658fb471d2..5aedf4e5b622238471b2b66163e9e49222ba1c68 100644 (file)
--- a/src/journal/journald-client.c
+++ b/src/journal/journald-client.c
@@ -46,16 +46,20 @@ static int client_parse_log_filter_nulstr(const char *nulstr, size_t len, Set **
  
  int client_context_read_log_filter_patterns(ClientContext *c, const char *cgroup) {
          char *deny_list_xattr, *xattr_end;
-        _cleanup_free_ char *xattr = NULL;
+        _cleanup_free_ char *xattr = NULL, *unit_cgroup = NULL;
          _cleanup_set_free_ Set *allow_list = NULL, *deny_list = NULL;
          int r;
  
          assert(c);
  
-        r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, cgroup, "user.journald_log_filter_patterns", &xattr);
+        r = cg_path_get_unit_path(cgroup, &unit_cgroup);
+        if (r < 0)
+                return log_debug_errno(r, "Failed to get the unit's cgroup path for %s: %m", cgroup);
+
+        r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, unit_cgroup, "user.journald_log_filter_patterns", &xattr);
          if (r < 0) {
                  if (!ERRNO_IS_XATTR_ABSENT(r))
-                        return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", cgroup);
+                        return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", unit_cgroup);
  
                  client_set_filtering_patterns(c, NULL, NULL);
                  return 0;
diff --git a/test/testsuite-04.units/delegated-cgroup-filtering.service b/test/testsuite-04.units/delegated-cgroup-filtering.service

new file mode 100644 (file)

index 0000000..2c4201a
--- /dev/null
+++ b/test/testsuite-04.units/delegated-cgroup-filtering.service
@@ -0,0 +1,8 @@
+[Unit]
+Description=Test service for delegated logs filtering
+
+[Service]
+Type=simple
+ExecStart=/usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload.sh
+Delegate=yes
+SyslogLevel=notice
diff --git a/test/units/delegated_cgroup_filtering_payload.sh b/test/units/delegated_cgroup_filtering_payload.sh

new file mode 100755 (executable)

index 0000000..50d01a5
--- /dev/null
+++ b/test/units/delegated_cgroup_filtering_payload.sh
@@ -0,0 +1,12 @@
+#!/bin/sh
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+mkdir /sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child
+/bin/sh /usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload_child.sh &
+
+while true
+do
+       echo "parent_process: hello, world!"
+       echo "parent_process: hello, people!"
+    sleep .15
+done
diff --git a/test/units/delegated_cgroup_filtering_payload_child.sh b/test/units/delegated_cgroup_filtering_payload_child.sh

new file mode 100755 (executable)

index 0000000..b5635b5
--- /dev/null
+++ b/test/units/delegated_cgroup_filtering_payload_child.sh
@@ -0,0 +1,11 @@
+#!/bin/sh
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+echo $$ >/sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child/cgroup.procs
+
+while true
+do
+       echo "child_process: hello, world!"
+       echo "child_process: hello, people!"
+    sleep .15
+done
diff --git a/test/units/testsuite-04.sh b/test/units/testsuite-04.sh

index d10a9afbf7cb992d4cf2df4489268ce40cee870d..bab2bdc24e45308c178ba8edff782a9439f8659e 100755 (executable)
--- a/test/units/testsuite-04.sh
+++ b/test/units/testsuite-04.sh
@@ -185,8 +185,8 @@ function add_logs_filtering_override() {
      LOG_FILTER=${3:-""}
  
      mkdir -p /etc/systemd/system/"$UNIT".d/
-    echo "[Service]" >/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
-    echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
+    echo "[Service]" >/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
+    echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
      systemctl daemon-reload
  }
  
@@ -256,7 +256,14 @@ if is_xattr_supported; then
      add_logs_filtering_override "logs-filtering.service" "10-allow-with-escape-char" "\x7emore~"
      [[ -n $(run_service_and_fetch_logs "logs-filtering.service") ]]
  
+    add_logs_filtering_override "delegated-cgroup-filtering.service" "00-allow-all" ".*"
+    [[ -n $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
+
+    add_logs_filtering_override "delegated-cgroup-filtering.service" "01-discard-hello" "~hello"
+    [[ -z $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
+
      rm -rf /etc/systemd/system/logs-filtering.service.d
+    rm -rf /etc/systemd/system/delegated-cgroup-filtering.service.d
  fi
  
  touch /testok
author	Quentin Deslandes <qde@naccy.de>
	Thu, 26 Jan 2023 18:44:10 +0000 (19:44 +0100)
committer	Quentin Deslandes <qde@naccy.de>
	Wed, 8 Feb 2023 15:52:51 +0000 (16:52 +0100)
src/journal/journald-client.c		patch \| blob \| blame \| history
test/testsuite-04.units/delegated-cgroup-filtering.service	[new file with mode: 0644]	patch \| blob
test/units/delegated_cgroup_filtering_payload.sh	[new file with mode: 0755]	patch \| blob
test/units/delegated_cgroup_filtering_payload_child.sh	[new file with mode: 0755]	patch \| blob
test/units/testsuite-04.sh		patch \| blob \| blame \| history