diff options
| author | Lennart Poettering <lennart@poettering.net> | 2012-08-20 22:13:22 +0200 |
|---|---|---|
| committer | Lennart Poettering <lennart@poettering.net> | 2012-08-20 22:13:22 +0200 |
| commit | eb53b74f7e2f83d936b35107806a157fdffdbf5a (patch) | |
| tree | 7bfc085bf3e5f189a57d9c60ae549b7c985a90ed | |
| parent | 197c0da22536121acc1377525458844a5ccabb7d (diff) | |
journald: add new Seal= configuration option
| -rw-r--r-- | man/journald.conf.xml | 93 | ||||
| -rw-r--r-- | src/journal/journald-gperf.gperf | 5 | ||||
| -rw-r--r-- | src/journal/journald.c | 9 | ||||
| -rw-r--r-- | src/journal/journald.conf | 3 | ||||
| -rw-r--r-- | src/journal/journald.h | 1 |
5 files changed, 65 insertions, 46 deletions
diff --git a/man/journald.conf.xml b/man/journald.conf.xml index 2ebbf30a6..2fa475c94 100644 --- a/man/journald.conf.xml +++ b/man/journald.conf.xml @@ -69,6 +69,46 @@ <variablelist> <varlistentry> + <term><varname>Storage=</varname></term> + + <listitem><para>Controls where to + store journal data. One of + <literal>volatile</literal>, + <literal>persistent</literal>, + <literal>auto</literal> and + <literal>none</literal>. If + <literal>volatile</literal> journal + log data will be stored only in + memory, i.e. below the + <filename>/run/log/journal</filename> + hierarchy (which is created if + needed). If + <literal>persistent</literal> data will + be stored preferably on disk, + i.e. below the + <filename>/var/log/journal</filename> + hierarchy (which is created if + needed), with a fallback to + <filename>/run/log/journal</filename> + (which is created if needed), during + early boot and if the disk is not + writable. <literal>auto</literal> is + similar to + <literal>persistent</literal> but the + directory + <filename>/var/log/journal</filename> + is not created if needed, so that its + existence controls where log data + goes. <literal>none</literal> turns + off all storage, all log data received + will be dropped. Forwarding to other + targets, such as the console, the + kernel log buffer or a syslog daemon + will still work however. Defaults to + <literal>auto</literal>.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>Compress=</varname></term> <listitem><para>Takes a boolean @@ -82,6 +122,20 @@ </varlistentry> <varlistentry> + <term><varname>Seal=</varname></term> + + <listitem><para>Takes a boolean + value. If enabled (the default) and a + sealing key is available (as created + by + <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s + <option>--setup-keys</option> + command), forward secure sealing (FSS) for + all persistent journal files is + enabled.</para></listitem> + </varlistentry> + + <varlistentry> <term><varname>RateLimitInterval=</varname></term> <term><varname>RateLimitBurst=</varname></term> @@ -265,45 +319,6 @@ <filename>/dev/console</filename>.</para></listitem> </varlistentry> - <varlistentry> - <term><varname>Storage=</varname></term> - - <listitem><para>Controls where to - store journal data. One of - <literal>volatile</literal>, - <literal>persistent</literal>, - <literal>auto</literal> and - <literal>none</literal>. If - <literal>volatile</literal> journal - log data will be stored only in - memory, i.e. below the - <filename>/run/log/journal</filename> - hierarchy (which is created if - needed). If - <literal>persistent</literal> data will - be stored preferably on disk, - i.e. below the - <filename>/var/log/journal</filename> - hierarchy (which is created if - needed), with a fallback to - <filename>/run/log/journal</filename> - (which is created if needed), during - early boot and if the disk is not - writable. <literal>auto</literal> is - similar to - <literal>persistent</literal> but the - directory - <filename>/var/log/journal</filename> - is not created if needed, so that its - existence controls where log data - goes. <literal>none</literal> turns - off all storage, all log data received - will be dropped. Forwarding to other - targets, such as the console, the - kernel log buffer or a syslog daemon - will still work however. Defaults to - <literal>auto</literal>.</para></listitem> - </varlistentry> </variablelist> </refsect1> diff --git a/src/journal/journald-gperf.gperf b/src/journal/journald-gperf.gperf index d4019dd66..2f83cbde7 100644 --- a/src/journal/journald-gperf.gperf +++ b/src/journal/journald-gperf.gperf @@ -14,9 +14,11 @@ struct ConfigPerfItem; %struct-type %includes %% +Journal.Storage, config_parse_storage, 0, offsetof(Server, storage) +Journal.Compress, config_parse_bool, 0, offsetof(Server, compress) +Journal.Seal, config_parse_bool, 0, offsetof(Server, seal) Journal.RateLimitInterval, config_parse_usec, 0, offsetof(Server, rate_limit_interval) Journal.RateLimitBurst, config_parse_unsigned, 0, offsetof(Server, rate_limit_burst) -Journal.Compress, config_parse_bool, 0, offsetof(Server, compress) Journal.SystemMaxUse, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_use) Journal.SystemMaxFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_size) Journal.SystemMinFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.min_size) @@ -33,4 +35,3 @@ Journal.MaxLevelStore, config_parse_level, 0, offsetof(Server, max_leve Journal.MaxLevelSyslog, config_parse_level, 0, offsetof(Server, max_level_syslog) Journal.MaxLevelKMsg, config_parse_level, 0, offsetof(Server, max_level_kmsg) Journal.MaxLevelConsole, config_parse_level, 0, offsetof(Server, max_level_console) -Journal.Storage, config_parse_storage, 0, offsetof(Server, storage) diff --git a/src/journal/journald.c b/src/journal/journald.c index f74c46158..7b3b6471d 100644 --- a/src/journal/journald.c +++ b/src/journal/journald.c @@ -316,7 +316,7 @@ static JournalFile* find_journal(Server *s, uid_t uid) { journal_file_close(f); } - r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, false, &s->system_metrics, s->mmap, s->system_journal, &f); + r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f); free(p); if (r < 0) @@ -353,7 +353,7 @@ static void server_rotate(Server *s) { } if (s->system_journal) { - r = journal_file_rotate(&s->system_journal, s->compress, true); + r = journal_file_rotate(&s->system_journal, s->compress, s->seal); if (r < 0) if (s->system_journal) log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r)); @@ -365,7 +365,7 @@ static void server_rotate(Server *s) { } HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) { - r = journal_file_rotate(&f, s->compress, false); + r = journal_file_rotate(&f, s->compress, s->seal); if (r < 0) if (f->path) log_error("Failed to rotate %s: %s", f->path, strerror(-r)); @@ -2007,7 +2007,7 @@ static int system_journal_open(Server *s) { if (!fn) return -ENOMEM; - r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, true, &s->system_metrics, s->mmap, NULL, &s->system_journal); + r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal); free(fn); if (r >= 0) @@ -2771,6 +2771,7 @@ static int server_init(Server *s) { zero(*s); s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1; s->compress = true; + s->seal = true; s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL; s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST; diff --git a/src/journal/journald.conf b/src/journal/journald.conf index ab7b4abec..677f48b7e 100644 --- a/src/journal/journald.conf +++ b/src/journal/journald.conf @@ -8,7 +8,9 @@ # See journald.conf(5) for details [Journal] +#Storage=auto #Compress=yes +#Seal=yes #RateLimitInterval=10s #RateLimitBurst=200 #SystemMaxUse= @@ -27,4 +29,3 @@ #MaxLevelSyslog=debug #MaxLevelKMsg=notice #MaxLevelConsole=info -#Storage=auto diff --git a/src/journal/journald.h b/src/journal/journald.h index 0202893d8..13f2f1f5d 100644 --- a/src/journal/journald.h +++ b/src/journal/journald.h @@ -68,6 +68,7 @@ typedef struct Server { JournalMetrics system_metrics; bool compress; + bool seal; bool forward_to_kmsg; bool forward_to_syslog; |