<variablelist>
<varlistentry>
+ <term><varname>Storage=</varname></term>
+
+ <listitem><para>Controls where to
+ store journal data. One of
+ <literal>volatile</literal>,
+ <literal>persistent</literal>,
+ <literal>auto</literal> and
+ <literal>none</literal>. If
+ <literal>volatile</literal> journal
+ log data will be stored only in
+ memory, i.e. below the
+ <filename>/run/log/journal</filename>
+ hierarchy (which is created if
+ needed). If
+ <literal>persistent</literal> data will
+ be stored preferably on disk,
+ i.e. below the
+ <filename>/var/log/journal</filename>
+ hierarchy (which is created if
+ needed), with a fallback to
+ <filename>/run/log/journal</filename>
+ (which is created if needed), during
+ early boot and if the disk is not
+ writable. <literal>auto</literal> is
+ similar to
+ <literal>persistent</literal> but the
+ directory
+ <filename>/var/log/journal</filename>
+ is not created if needed, so that its
+ existence controls where log data
+ goes. <literal>none</literal> turns
+ off all storage, all log data received
+ will be dropped. Forwarding to other
+ targets, such as the console, the
+ kernel log buffer or a syslog daemon
+ will still work however. Defaults to
+ <literal>auto</literal>.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Compress=</varname></term>
<listitem><para>Takes a boolean
</varlistentry>
<varlistentry>
+ <term><varname>Seal=</varname></term>
+
+ <listitem><para>Takes a boolean
+ value. If enabled (the default) and a
+ sealing key is available (as created
+ by
+ <citerefentry><refentrytitle>journalctl</refentrytitle><manvolnum>1</manvolnum></citerefentry>'s
+ <option>--setup-keys</option>
+ command), forward secure sealing (FSS) for
+ all persistent journal files is
+ enabled.</para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>RateLimitInterval=</varname></term>
<term><varname>RateLimitBurst=</varname></term>
<filename>/dev/console</filename>.</para></listitem>
</varlistentry>
- <varlistentry>
- <term><varname>Storage=</varname></term>
-
- <listitem><para>Controls where to
- store journal data. One of
- <literal>volatile</literal>,
- <literal>persistent</literal>,
- <literal>auto</literal> and
- <literal>none</literal>. If
- <literal>volatile</literal> journal
- log data will be stored only in
- memory, i.e. below the
- <filename>/run/log/journal</filename>
- hierarchy (which is created if
- needed). If
- <literal>persistent</literal> data will
- be stored preferably on disk,
- i.e. below the
- <filename>/var/log/journal</filename>
- hierarchy (which is created if
- needed), with a fallback to
- <filename>/run/log/journal</filename>
- (which is created if needed), during
- early boot and if the disk is not
- writable. <literal>auto</literal> is
- similar to
- <literal>persistent</literal> but the
- directory
- <filename>/var/log/journal</filename>
- is not created if needed, so that its
- existence controls where log data
- goes. <literal>none</literal> turns
- off all storage, all log data received
- will be dropped. Forwarding to other
- targets, such as the console, the
- kernel log buffer or a syslog daemon
- will still work however. Defaults to
- <literal>auto</literal>.</para></listitem>
- </varlistentry>
</variablelist>
</refsect1>
%struct-type
%includes
%%
+Journal.Storage, config_parse_storage, 0, offsetof(Server, storage)
+Journal.Compress, config_parse_bool, 0, offsetof(Server, compress)
+Journal.Seal, config_parse_bool, 0, offsetof(Server, seal)
Journal.RateLimitInterval, config_parse_usec, 0, offsetof(Server, rate_limit_interval)
Journal.RateLimitBurst, config_parse_unsigned, 0, offsetof(Server, rate_limit_burst)
-Journal.Compress, config_parse_bool, 0, offsetof(Server, compress)
Journal.SystemMaxUse, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_use)
Journal.SystemMaxFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.max_size)
Journal.SystemMinFileSize, config_parse_bytes_off, 0, offsetof(Server, system_metrics.min_size)
Journal.MaxLevelSyslog, config_parse_level, 0, offsetof(Server, max_level_syslog)
Journal.MaxLevelKMsg, config_parse_level, 0, offsetof(Server, max_level_kmsg)
Journal.MaxLevelConsole, config_parse_level, 0, offsetof(Server, max_level_console)
-Journal.Storage, config_parse_storage, 0, offsetof(Server, storage)
journal_file_close(f);
}
- r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, false, &s->system_metrics, s->mmap, s->system_journal, &f);
+ r = journal_file_open_reliably(p, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, s->system_journal, &f);
free(p);
if (r < 0)
}
if (s->system_journal) {
- r = journal_file_rotate(&s->system_journal, s->compress, true);
+ r = journal_file_rotate(&s->system_journal, s->compress, s->seal);
if (r < 0)
if (s->system_journal)
log_error("Failed to rotate %s: %s", s->system_journal->path, strerror(-r));
}
HASHMAP_FOREACH_KEY(f, k, s->user_journals, i) {
- r = journal_file_rotate(&f, s->compress, false);
+ r = journal_file_rotate(&f, s->compress, s->seal);
if (r < 0)
if (f->path)
log_error("Failed to rotate %s: %s", f->path, strerror(-r));
if (!fn)
return -ENOMEM;
- r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, true, &s->system_metrics, s->mmap, NULL, &s->system_journal);
+ r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal);
free(fn);
if (r >= 0)
zero(*s);
s->syslog_fd = s->native_fd = s->stdout_fd = s->signal_fd = s->epoll_fd = s->dev_kmsg_fd = -1;
s->compress = true;
+ s->seal = true;
s->rate_limit_interval = DEFAULT_RATE_LIMIT_INTERVAL;
s->rate_limit_burst = DEFAULT_RATE_LIMIT_BURST;
projects / platform / upstream / systemd.git / commitdiff