From 6870dae236b6a76f03a97ab1ed8bc7fee5241db2 Mon Sep 17 00:00:00 2001 From: Paul Holzinger Date: Fri, 27 Jan 2023 16:03:59 +0100 Subject: [PATCH] journald: podman logs only show logs for current user In the super rare case that there are two containers with the same ID for two different users, podman logs with the journald driver would show logs from both containers. [NO NEW TESTS NEEDED] Impossible to reproduce. Signed-off-by: Paul Holzinger --- libpod/container_log_linux.go | 11 +++++++++++ 1 file changed, 11 insertions(+) diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go index e8b9a52a7e..de5a66dee1 100644 --- a/libpod/container_log_linux.go +++ b/libpod/container_log_linux.go @@ -7,12 +7,14 @@ import ( "context" "errors" "fmt" + "strconv" "strings" "time" "github.com/containers/podman/v4/libpod/define" "github.com/containers/podman/v4/libpod/events" "github.com/containers/podman/v4/libpod/logs" + "github.com/containers/podman/v4/pkg/rootless" "github.com/coreos/go-systemd/v22/journal" "github.com/coreos/go-systemd/v22/sdjournal" "github.com/sirupsen/logrus" @@ -69,6 +71,12 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption if err := journal.AddMatch(match.String()); err != nil { return fmt.Errorf("adding filter to journald logger: %v: %w", match, err) } + // Make sure we only read events for the current user, while it is unlikely that there + // is a container ID duplication for two users, it is better to have it just in case. + uidMatch := sdjournal.Match{Field: "_UID", Value: strconv.Itoa(rootless.GetRootlessUID())} + if err := journal.AddMatch(uidMatch.String()); err != nil { + return fmt.Errorf("adding filter to journald logger: %v: %w", uidMatch, err) + } // Add the filter for logs. Note the disjunction so that we match // either the events or the logs. @@ -79,6 +87,9 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption if err := journal.AddMatch(match.String()); err != nil { return fmt.Errorf("adding filter to journald logger: %v: %w", match, err) } + if err := journal.AddMatch(uidMatch.String()); err != nil { + return fmt.Errorf("adding filter to journald logger: %v: %w", uidMatch, err) + } if options.Since.IsZero() { if err := journal.SeekHead(); err != nil {