journalctl: complain if unprivileged users attempt to access the journal and persistant logging is off
This commit is contained in:
parent
d2bd7630d7
commit
99add6fd0b
10
TODO
10
TODO
|
@ -61,14 +61,10 @@ Features:
|
|||
|
||||
* testing tool for socket activation: some binary that listens on a socket and passes it on using the usual socket activation protocol to some server.
|
||||
|
||||
* journald: add symlinks and device names to kernel messages
|
||||
|
||||
* maybe make systemd-detect-virt suid? or use fscaps?
|
||||
|
||||
* consider using __secure_getenv() instead of getenv() in libs
|
||||
|
||||
* journald: automatic rekeying with no log messages doesn't appear to work
|
||||
|
||||
* man: document in ExecStart= explicitly that we don't take shell command lines, only executable names with arguments
|
||||
|
||||
* shutdown: don't read-only mount anything when running in container
|
||||
|
@ -135,14 +131,10 @@ Features:
|
|||
|
||||
* switch-root: sockets need relabelling
|
||||
|
||||
* segfault in journalctl during /var migration
|
||||
|
||||
* systemd-analyze post-boot is broken for initrd
|
||||
|
||||
* man: clarify that time-sync.target is not only sysv compat but also useful otherwise. Same for similar targets
|
||||
|
||||
* journalctl should complain if run with uid != 0 and no persistent logs exist
|
||||
|
||||
* .device aliases need to be implemented with the "following" logic, probably.
|
||||
|
||||
* refuse taking lower-case variable names in sd_journal_send() and friends.
|
||||
|
@ -188,7 +180,7 @@ Features:
|
|||
|
||||
* systemctl: when stopping a service which has triggres and warning about it actually check the TriggeredBy= deps fields
|
||||
|
||||
* journal: hook up with EFI firmware log, new kmsg logic
|
||||
* journal: hook up with EFI firmware log
|
||||
|
||||
* handle C-A-Del in logind, like the power/suspend buttons?
|
||||
|
||||
|
|
|
@ -747,8 +747,20 @@ int main(int argc, char *argv[]) {
|
|||
}
|
||||
|
||||
#ifdef HAVE_ACL
|
||||
if (access("/var/log/journal", F_OK) < 0 && geteuid() != 0 && in_group("adm") <= 0) {
|
||||
log_error("Unprivileged users can't see messages unless persistent log storage is enabled. Users in the group 'adm' can always see messages.");
|
||||
r = -EACCES;
|
||||
goto finish;
|
||||
}
|
||||
|
||||
if (!arg_quiet && geteuid() != 0 && in_group("adm") <= 0)
|
||||
log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this message off.");
|
||||
log_warning("Showing user generated messages only. Users in the group 'adm' can see all messages. Pass -q to turn this notice off.");
|
||||
#else
|
||||
if (geteuid() != 0 && in_group("adm") <= 0) {
|
||||
log_error("No access to messages. Only users in the group 'adm' can see messages.");
|
||||
r = -EACCES;
|
||||
goto finish;
|
||||
}
|
||||
#endif
|
||||
|
||||
r = add_this_boot(j);
|
||||
|
|
|
@ -360,7 +360,8 @@ static void server_vacuum(Server *s) {
|
|||
sd_id128_to_string(machine, ids);
|
||||
|
||||
if (s->system_journal) {
|
||||
if (asprintf(&p, "/var/log/journal/%s", ids) < 0) {
|
||||
p = strappend("/var/log/journal/", ids);
|
||||
if (!p) {
|
||||
log_oom();
|
||||
return;
|
||||
}
|
||||
|
@ -372,7 +373,8 @@ static void server_vacuum(Server *s) {
|
|||
}
|
||||
|
||||
if (s->runtime_journal) {
|
||||
if (asprintf(&p, "/run/log/journal/%s", ids) < 0) {
|
||||
p = strappend("/run/log/journal/", ids);
|
||||
if (!p) {
|
||||
log_oom();
|
||||
return;
|
||||
}
|
||||
|
@ -1394,7 +1396,7 @@ static int server_init(Server *s) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static void maybe_append_tags(Server *s) {
|
||||
static void server_maybe_append_tags(Server *s) {
|
||||
#ifdef HAVE_GCRYPT
|
||||
JournalFile *f;
|
||||
Iterator i;
|
||||
|
@ -1539,7 +1541,7 @@ int main(int argc, char *argv[]) {
|
|||
break;
|
||||
}
|
||||
|
||||
maybe_append_tags(&server);
|
||||
server_maybe_append_tags(&server);
|
||||
}
|
||||
|
||||
log_debug("systemd-journald stopped as pid %lu", (unsigned long) getpid());
|
||||
|
|
Loading…
Reference in New Issue