Re: location of user-1000.journal

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Do, 19.03.20 16:05, Chris Murphy (lists@xxxxxxxxxxxxxxxxx) wrote:

> Hi,
>
> I'm wondering if user journals are better being located in ~/.var by
> default? In particular in a systemd-homed context when ~/ is
> encrypted.

Unfortunately the entire system's log stream is coming primarily
through a single AF_UNIX socket, which is /dev/log. The back-end of
that is privileged (i.e. systemd-journald) since it deals with
privileged log messages primarily. if we'd implement what you are
asking for we'd have privileged code write to unpriv-owned directories
which is generally problematic for security reasons, because this
enables unpriv code to make privileged code do stuff in its own
territory. For example it could fuse mount something there, and then
make journald block on it and thus freeze the whole log stream. THis
is highly problematic.

Hence, this is far from easy to implement (i.e. it would require a
second component that runs unpriv and subscribes to the unpriv user's
log stream asynchronously, to avoid any such potential lockups), and I
am not sure it's worht the trouble? This is syslog after all, i.e. not
user facing stuff, hence probably fine if not in the user's home dir?

Lennart

--
Lennart Poettering, Berlin
_______________________________________________
systemd-devel mailing list
systemd-devel@xxxxxxxxxxxxxxxxxxxxx
https://lists.freedesktop.org/mailman/listinfo/systemd-devel
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux