mirror of
https://github.com/AuxXxilium/eudev.git
synced 2024-12-13 10:06:53 +07:00
journald: add new Seal= configuration option
This commit is contained in:
Lennart Poettering
parent
197c0da225
commit
eb53b74f7e
@ -68,6 +68,46 @@
|
||||
|
||||
<variablelist>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Storage=</varname></term>
|
||||
|
||||
<listitem><para>Controls where to
|
||||
store journal data. One of
|
||||
<literal>volatile</literal>,
|
||||
<literal>persistent</literal>,
|
||||
<literal>auto</literal> and
|
||||
<literal>none</literal>. If
|
||||
<literal>volatile</literal> journal
|
||||
log data will be stored only in
|
||||
memory, i.e. below the
|
||||
<filename>/run/log/journal</filename>
|
||||
hierarchy (which is created if
|
||||
needed). If
|
||||
<literal>persistent</literal> data will
|
||||
be stored preferably on disk,
|
||||
i.e. below the
|
||||
<filename>/var/log/journal</filename>
|
||||
hierarchy (which is created if
|
||||
needed), with a fallback to
|
||||
<filename>/run/log/journal</filename>
|
||||
(which is created if needed), during
|
||||
early boot and if the disk is not
|
||||
writable. <literal>auto</literal> is
|
||||
similar to
|
||||
<literal>persistent</literal> but the
|
||||
directory
|
||||
<filename>/var/log/journal</filename>
|
||||
is not created if needed, so that its
|
||||
existence controls where log data
|
||||
goes. <literal>none</literal> turns
|
||||
off all storage, all log data received
|
||||
will be dropped. Forwarding to other
|
||||
targets, such as the console, the
|
||||
kernel log buffer or a syslog daemon
|
||||
will still work however. Defaults to
|
||||
<literal>auto</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Compress=</varname></term>
|
||||
|
||||
@ -81,6 +121,20 @@
|
||||
system.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Seal=</varname></term>
|
||||
|
||||
<listitem><para>Takes a boolean
|
||||
value. If enabled (the default) and a
|
||||
sealing key is available (as created
|
||||
by
|
||||
<citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
|
||||
<option>--setup-keys</option>
|
||||
command), forward secure sealing (FSS) for
|
||||
all persistent journal files is
|
||||
enabled.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>RateLimitInterval=</varname></term>
|
||||
<term><varname>RateLimitBurst=</varname></term>
|
||||
@ -265,45 +319,6 @@
|
||||
<filename>/dev/console</filename>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>Storage=</varname></term>
|
||||
|
||||
<listitem><para>Controls where to
|
||||
store journal data. One of
|
||||
<literal>volatile</literal>,
|
||||
<literal>persistent</literal>,
|
||||
<literal>auto</literal> and
|
||||
<literal>none</literal>. If
|
||||
<literal>volatile</literal> journal
|
||||
log data will be stored only in
|
||||
memory, i.e. below the
|
||||
<filename>/run/log/journal</filename>
|
||||
hierarchy (which is created if
|
||||
needed). If
|
||||
<literal>persistent</literal> data will
|
||||
be stored preferably on disk,
|
||||
i.e. below the
|
||||
<filename>/var/log/journal</filename>
|
||||
hierarchy (which is created if
|
||||
needed), with a fallback to
|
||||
<filename>/run/log/journal</filename>
|
||||
(which is created if needed), during
|
||||
early boot and if the disk is not
|
||||
writable. <literal>auto</literal> is
|
||||
similar to
|
||||
<literal>persistent</literal> but the
|
||||
directory
|
||||
<filename>/var/log/journal</filename>
|
||||
is not created if needed, so that its
|
||||
existence controls where log data
|
||||
goes. <literal>none</literal> turns
|
||||
off all storage, all log data received
|
||||
will be dropped. Forwarding to other
|
||||
targets, such as the console, the
|
||||
kernel log buffer or a syslog daemon
|
||||
will still work however. Defaults to
|
||||
<literal>auto</literal>.</para></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
|
||||
</refsect1>
|
||||
|
||||
@ -14,9 +14,11 @@ struct ConfigPerfItem;
|
||||
%struct-type
|
||||
%includes
|
||||
%%
|
||||
Journal.Storage, config_parse_storage, 0, offsetof(Server, storage)
|
||||
Journal.Compress, config_parse_bool, 0, offsetof(Server, compress)
|
||||
Journal.Seal, config_parse_bool, 0, offsetof(Server, seal)
|
||||
Journal.RateLimitInterval, config_parse_usec, 0, offsetof(Server, rate_limit_interval)
|
||||
Journal.RateLimitBurst, config_parse_unsigned, 0, offsetof(Server, rate_limit_burst)
|
||||
Journal.Compress, config_parse_bool, 0, offsetof(Server, compress)
|
||||
Journal.SystemMaxUse, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_use)
|
||||
Journal.SystemMaxFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_size)
|
||||
Journal.SystemMinFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.min_size)
|
||||
@ -33,4 +35,3 @@ Journal.MaxLevelStore, config_parse_level, 0, offsetof(Server, max_leve
|
||||
Journal.MaxLevelSyslog, config_parse_level, 0, offsetof(Server, max_level_syslog)
|
||||
Journal.MaxLevelKMsg, config_parse_level, 0, offsetof(Server, max_level_kmsg)
|
||||
Journal.MaxLevelConsole, config_parse_level, 0, offsetof(Server, max_level_console)
|
||||
Journal.Storage, config_parse_storage, 0, offsetof(Server, storage)
|
||||
|
||||
@ -316,7 +316,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) {
|
||||
journal_file_close(f);
|
||||
}
|
||||
|
||||
r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, false, &s->system_metrics, s->mmap, s->system_journal, &f);
|
||||
r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
|
||||
free(p);
|
||||
|
||||
if (r < 0)
|
||||
@ -353,7 +353,7 @@ static void server_rotate(Server *s) {
|
||||
}
|
||||
|
||||
if (s->system_journal) {
|
||||
r = journal_file_rotate(&s->system_journal, s->compress, true);
|
||||
r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
|
||||
if (r < 0)
|
||||
if (s->system_journal)
|
||||
log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
|
||||
@ -365,7 +365,7 @@ static void server_rotate(Server *s) {
|
||||
}
|
||||
|
||||
HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
|
||||
r = journal_file_rotate(&f, s->compress, false);
|
||||
r = journal_file_rotate(&f, s->compress, s->seal);
|
||||
if (r < 0)
|
||||
if (f->path)
|
||||
log_error("Failed to rotate %s: %s", f->path, strerror(-r));
|
||||
@ -2007,7 +2007,7 @@ static int system_journal_open(Server *s) {
|
||||
if (!fn)
|
||||
return -ENOMEM;
|
||||
|
||||
r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, true, &s->system_metrics, s->mmap, NULL, &s->system_journal);
|
||||
r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
|
||||
free(fn);
|
||||
|
||||
if (r >= 0)
|
||||
@ -2771,6 +2771,7 @@ static int server_init(Server *s) {
|
||||
zero(*s);
|
||||
s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
|
||||
s->compress = true;
|
||||
s->seal = true;
|
||||
|
||||
s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
|
||||
s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
|
||||
|
||||
@ -8,7 +8,9 @@
|
||||
# See journald.conf(5) for details
|
||||
|
||||
[Journal]
|
||||
#Storage=auto
|
||||
#Compress=yes
|
||||
#Seal=yes
|
||||
#RateLimitInterval=10s
|
||||
#RateLimitBurst=200
|
||||
#SystemMaxUse=
|
||||
@ -27,4 +29,3 @@
|
||||
#MaxLevelSyslog=debug
|
||||
#MaxLevelKMsg=notice
|
||||
#MaxLevelConsole=info
|
||||
#Storage=auto
|
||||
|
||||
@ -68,6 +68,7 @@ typedef struct Server {
|
||||
JournalMetrics system_metrics;
|
||||
|
||||
bool compress;
|
||||
bool seal;
|
||||
|
||||
bool forward_to_kmsg;
|
||||
bool forward_to_syslog;
|
||||
|
||||
Loading…
Reference in New Issue
Block a user