From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Jun 2023 13:19:25 +0000 (+0200)
Subject: sd-journal: when SD_JOURNAL_CURRENT_USER is set, and called from system UID, imply... 
X-Git-Tag: v254-rc1~253^2~1
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=97c621b72d8c5b5eb4bf7f177cd885bfc01518c9;p=thirdparty%2Fsystemd.git

sd-journal: when SD_JOURNAL_CURRENT_USER is set, and called from system UID, imply SD_JOURNAL_SYSTEM

Fixes: #26742 #23679
---

diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
index 957817bfabc..339ac265299 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -43,6 +43,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "syslog-util.h"
+#include "uid-alloc-range.h"
 
 #define JOURNAL_FILES_RECHECK_USEC (2 * USEC_PER_SEC)
 
@@ -1322,25 +1323,32 @@ static bool file_has_type_prefix(const char *prefix, const char *filename) {
 static bool file_type_wanted(int flags, const char *filename) {
         assert(filename);
 
-        if (!endswith(filename, ".journal") && !endswith(filename, ".journal~"))
+        if (!ENDSWITH_SET(filename, ".journal", ".journal~"))
                 return false;
 
         /* no flags set → every type is OK */
         if (!(flags & (SD_JOURNAL_SYSTEM | SD_JOURNAL_CURRENT_USER)))
                 return true;
 
-        if (flags & SD_JOURNAL_SYSTEM && file_has_type_prefix("system", filename))
-                return true;
-
-        if (flags & SD_JOURNAL_CURRENT_USER) {
+        if (FLAGS_SET(flags, SD_JOURNAL_CURRENT_USER)) {
                 char prefix[5 + DECIMAL_STR_MAX(uid_t) + 1];
 
-                xsprintf(prefix, "user-"UID_FMT, getuid());
+                xsprintf(prefix, "user-" UID_FMT, getuid());
 
                 if (file_has_type_prefix(prefix, filename))
                         return true;
+
+                /* If SD_JOURNAL_CURRENT_USER is specified and we are invoked under a system UID, then
+                 * automatically enable SD_JOURNAL_SYSTEM too, because journald will actually put system user
+                 * data into the system journal. */
+
+                if (uid_for_system_journal(getuid()))
+                        flags |= SD_JOURNAL_SYSTEM;
         }
 
+        if (FLAGS_SET(flags, SD_JOURNAL_SYSTEM) && file_has_type_prefix("system", filename))
+                return true;
+
         return false;
 }