Commit 9dc53b6a authored by Martin Pitt's avatar Martin Pitt
Browse files

Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN

Patch also committed upstream.

Closes: #775067
parent 4f7433af
......@@ -6,6 +6,8 @@ systemd (215-10) UNRELEASED; urgency=medium
* sysv-generator: Make real units overwrite symlinks generated by Provides:
from other units. Fixes failures due to presence of backup or old init.d
scripts. (Closes: #775404)
* Fix journal forwarding to syslog in containers without CAP_SYS_ADMIN.
(Closes: #775067)
[ Christian Kastner ]
* Use common-session-noninteractive in systemd-user's PAM config, instead of
......
From: Christian Seiler <christian@iwakd.de>
Date: Tue, 13 Jan 2015 11:53:25 +0100
Subject: journal: Fix syslog forwarding without CAP_SYS_ADMIN
In case CAP_SYS_ADMIN is missing (like in containers), one cannot fake pid in
struct ucred (uid/gid are fine if CAP_SETUID/CAP_SETGID are present).
Ensure that journald will try again to forward the messages to syslog without
faking the SCM_CREDENTIALS pid (which isn't guaranteed to succeed anyway, since
it also does the same thing if the process has already exited).
With this patch, journald will no longer silently discard messages
that are supposed to be sent to syslog in these situations.
https://bugs.debian.org/775067
---
src/journal/journald-syslog.c | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/journal/journald-syslog.c b/src/journal/journald-syslog.c
index f97e0d2..01623ec 100644
--- a/src/journal/journald-syslog.c
+++ b/src/journal/journald-syslog.c
@@ -85,12 +85,12 @@ static void forward_syslog_iovec(Server *s, const struct iovec *iovec, unsigned
return;
}
- if (ucred && errno == ESRCH) {
+ if (ucred && (errno == ESRCH || errno == EPERM)) {
struct ucred u;
/* Hmm, presumably the sender process vanished
- * by now, so let's fix it as good as we
- * can, and retry */
+ * by now, or we don't have CAP_SYS_AMDIN, so
+ * let's fix it as good as we can, and retry */
u = *ucred;
u.pid = getpid();
......@@ -125,6 +125,7 @@ journalctl-correct-help-text-for-until.patch
Raise-level-of-Found-dependency.-lines.patch
systemd-tmpfiles-Fix-IGNORE_DIRECTORY_PATH-age-handl.patch
sysv-generator-handle-Provides-for-non-virtual-facil.patch
journal-Fix-syslog-forwarding-without-CAP_SYS_ADMIN.patch
## Debian specific patches:
Add-back-support-for-Debian-specific-config-files.patch
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment