change "journalctl -M" honour file system namespace setups by transitioning into the container's namespace to get journal access #49
Conversation
Right now it can be used to sent rtnl and kmsg descriptors. These functions will be used later to send journal directory descriptor in machined.
Sometimes machine's journal is not accessible by path, so we can ask machined to provide a descriptor to it.
This ref-counted struct holds a path and a descriptor to a directory. The descriptor should be used for "real" work (openat, renameat and others) and the path should be used for logging/debugging.
That way we can have access to a file that is not accessible by path, for example to a file in overlayfs in different mount namespace (which is the case for rkt pods).
|
@mezcalero all your comments will disappear when this PR gets updated because the comments are on specific commits ids rather than on the PR itself (in the "Files changed" tab). Commenting on specific lines in the "Files chaned" tab would also be better because we would see the context of the comments in the conversation... |
That makes sense, as most of the comments were about coding style; which are likely to not be relevant once the pull request is updated. |
|
I picked up the first 3 cleanup-patches from this PR. |
|
What about the rest of this PR? The branch can't be merged anymore. If nobody cares, I'd like to close it. |
|
Yes, I guess it can be closed for now. Not sure when I can find time to address this. We made some change in rkt, so I have the code stowed somewhere on my computer, so it will not be lost (for now). I would need to rebase it on top of ~4k new commits. Sounds like fun. |
|
Ok, thanks for the update. I'll close this now, please feel free to come back with a new version. |
…irectory() This way, the switch becomes compatible with nspawn containers using --image=, and those which only store journal data in /run (i.e. have persistant logs off). Fixes: systemd#49
…irectory() This way, the switch becomes compatible with nspawn containers using --image=, and those which only store journal data in /run (i.e. have persistant logs off). Fixes: systemd#49
…irectory() This way, the switch becomes compatible with nspawn containers using --image=, and those which only store journal data in /run (i.e. have persistant logs off). Fixes: systemd#49
…ystemd#49) Mere presence of the socket in the filesystem makes udev_queue_get_udev_is_active() return that udev is running. Note that, udev on exit doesn't unlink control socket nor does systemd. Thus socket stays around even when both daemon and socket are stopped. This causes problems for cryptsetup because when it detects running udev it launches synchronous operations that *really* require udev. This in turn may cause blocking and subsequent timeout in systemd-cryptsetup on reboot while machine is in a state that udev and its control socket units are stopped, e.g. emergency mode. Fixes systemd#2477 Cherry-picked from: a2de107 Resolves: #1370133
Hi,
When having a container that keeps its journal inside overlayfs,
journalctl from host can't access them anymore. The way to fix, as
proposed by Lennart, was basically journalctl to get file descriptor
of journal directory from machined and go from there. This situation
happens inside rkt containers - currently to get logs from them, we
need to link the journal to host and call journalctl with merge flag,
journalctl -m _HOSTNAME=
So, first three commits are some fixes for minor bugs I noticed or
small refactorings I made during this work.
Fourth patch adds a GetJournal() method to machine1.Manager which
takes a machine name and returns a file descriptor. It works by
entering a mount namespace of machine's leader and getting a
descriptor of /var/log/journal.
Fifth and sixth patches convert the JournalFile from being open()ed
with a path to being openat()ed with dirfd and filename. The fifth
patch wraps the directory fd and path into a refcounted struct, so
many JournalFiles actually hold a ref to JournalDirectory instead of
holding a descriptor. The sixth patch changes the JournalFile to use
JournalDirectory and all the other sources that were using
JournalFile. The patch is quite big because of that, sorry about
that. Maybe you will want to minimize the changes (by preserving
JournalFile's path member).
Seventh patch hooks journalctl to machine1.Manager's GetJournal.