diff options
author | Lorenz Bauer <lmb@cloudflare.com> | 2019-11-04 16:35:46 +0000 |
---|---|---|
committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2019-11-05 10:41:03 +0100 |
commit | 09d0b46ab61bebafe5bdc1be95ee153dfb13d6bc (patch) | |
tree | b288dc511429779f576be81e80929bd0a9960622 /man/systemd.automount.xml | |
parent | d7d31692bf7cde5dce7f4ed3cae429a5b302a9f0 (diff) | |
download | systemd-09d0b46ab61bebafe5bdc1be95ee153dfb13d6bc.tar.gz |
journal: refresh cached credentials of stdout streams
journald assumes that getsockopt(SO_PEERCRED) correctly identifies the
process on the remote end of the socket. However, this is incorrect
according to man 7 socket:
The returned credentials are those that were in effect at the
time of the call to connect(2) or socketpair(2).
This becomes a problem when a new process inherits the stdout stream
from a parent. First, log messages from the child process will
be attributed to the parent. Second, the struct ucred used by journald
becomes invalid as soon as the parent exits. Further sendmsg calls then
fail with ENOENT. Logs for the child process then vanish from the journal.
Fix this by using recvmsg on the stdout stream, and refreshing the cached
struct ucred if SCM_CREDENTIALS indicate a new process.
Fixes #13708
Diffstat (limited to 'man/systemd.automount.xml')
0 files changed, 0 insertions, 0 deletions