journald: do not create split journals for dynamic users
Dynamic users should be treated like system users, and their logs should end up in the main system journal.
This commit is contained in:
parent
986a34a683
commit
61755fdae0
|
@ -20,6 +20,7 @@
|
|||
***/
|
||||
|
||||
#include <stdbool.h>
|
||||
#include <stdint.h>
|
||||
#include <sys/types.h>
|
||||
#include <unistd.h>
|
||||
|
||||
|
@ -57,8 +58,19 @@ int take_etc_passwd_lock(const char *root);
|
|||
#define UID_INVALID ((uid_t) -1)
|
||||
#define GID_INVALID ((gid_t) -1)
|
||||
|
||||
/* The following macros add 1 when converting things, since UID 0 is a
|
||||
* valid UID, while the pointer NULL is special */
|
||||
/* Let's pick a UIDs within the 16bit range, so that we are compatible with containers using 16bit
|
||||
* user namespacing. At least on Fedora normal users are allocated until UID 60000, hence do not
|
||||
* allocate from below this. Also stay away from the upper end of the range as that is often used
|
||||
* for overflow/nobody users. */
|
||||
#define DYNAMIC_UID_MIN ((uid_t) UINT32_C(0x0000EF00))
|
||||
#define DYNAMIC_UID_MAX ((uid_t) UINT32_C(0x0000FFEF))
|
||||
|
||||
static inline bool uid_is_dynamic(uid_t uid) {
|
||||
return DYNAMIC_UID_MIN <= uid && uid <= DYNAMIC_UID_MAX;
|
||||
}
|
||||
|
||||
/* The following macros add 1 when converting things, since UID 0 is a valid UID, while the pointer
|
||||
* NULL is special */
|
||||
#define PTR_TO_UID(p) ((uid_t) (((uintptr_t) (p))-1))
|
||||
#define UID_TO_PTR(u) ((void*) (((uintptr_t) (u))+1))
|
||||
|
||||
|
|
|
@ -31,14 +31,8 @@
|
|||
#include "user-util.h"
|
||||
#include "fileio.h"
|
||||
|
||||
/* Let's pick a UIDs within the 16bit range, so that we are compatible with containers using 16bit user namespacing. At
|
||||
* least on Fedora normal users are allocated until UID 60000, hence do not allocate from below this. Also stay away
|
||||
* from the upper end of the range as that is often used for overflow/nobody users. */
|
||||
#define UID_PICK_MIN ((uid_t) UINT32_C(0x0000EF00))
|
||||
#define UID_PICK_MAX ((uid_t) UINT32_C(0x0000FFEF))
|
||||
|
||||
/* Takes a value generated randomly or by hashing and turns it into a UID in the right range */
|
||||
#define UID_CLAMP_INTO_RANGE(rnd) (((uid_t) (rnd) % (UID_PICK_MAX - UID_PICK_MIN + 1)) + UID_PICK_MIN)
|
||||
#define UID_CLAMP_INTO_RANGE(rnd) (((uid_t) (rnd) % (DYNAMIC_UID_MAX - DYNAMIC_UID_MIN + 1)) + DYNAMIC_UID_MIN)
|
||||
|
||||
static DynamicUser* dynamic_user_free(DynamicUser *d) {
|
||||
if (!d)
|
||||
|
@ -214,7 +208,7 @@ static int pick_uid(const char *name, uid_t *ret_uid) {
|
|||
if (--n_tries <= 0) /* Give up retrying eventually */
|
||||
return -EBUSY;
|
||||
|
||||
if (candidate < UID_PICK_MIN || candidate > UID_PICK_MAX)
|
||||
if (!uid_is_dynamic(candidate))
|
||||
goto next;
|
||||
|
||||
xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, candidate);
|
||||
|
@ -676,11 +670,8 @@ int dynamic_user_lookup_uid(Manager *m, uid_t uid, char **ret) {
|
|||
assert(m);
|
||||
assert(ret);
|
||||
|
||||
/* A friendly way to translate a dynamic user's UID into a his name. */
|
||||
|
||||
if (uid < UID_PICK_MIN)
|
||||
return -ESRCH;
|
||||
if (uid > UID_PICK_MAX)
|
||||
/* A friendly way to translate a dynamic user's UID into a name. */
|
||||
if (!uid_is_dynamic(uid))
|
||||
return -ESRCH;
|
||||
|
||||
xsprintf(lock_path, "/run/systemd/dynamic-uid/" UID_FMT, uid);
|
||||
|
|
|
@ -370,7 +370,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
|
|||
if (s->runtime_journal)
|
||||
return s->runtime_journal;
|
||||
|
||||
if (uid <= SYSTEM_UID_MAX)
|
||||
if (uid <= SYSTEM_UID_MAX || uid_is_dynamic(uid))
|
||||
return s->system_journal;
|
||||
|
||||
r = sd_id128_get_machine(&machine);
|
||||
|
|
Loading…
Reference in a new issue