Merge pull request #17253 from Luap99/journal-event-user

journald: podman events only show events for current user
containers · Jan 27, 2023 · 09b97e3 · 09b97e3
2 parents a3a826a + e519910
commit 09b97e3
Show file tree

Hide file tree

Showing 2 changed files with 19 additions and 1 deletion.
diff --git a/libpod/container_log_linux.go b/libpod/container_log_linux.go
@@ -7,12 +7,14 @@ import (
 	"context"
 	"errors"
 	"fmt"
+	"strconv"
 	"strings"
 	"time"
 
 	"github.com/containers/podman/v4/libpod/define"
 	"github.com/containers/podman/v4/libpod/events"
 	"github.com/containers/podman/v4/libpod/logs"
+	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/coreos/go-systemd/v22/journal"
 	"github.com/coreos/go-systemd/v22/sdjournal"
 	"github.com/sirupsen/logrus"
@@ -69,6 +71,12 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption
 	if err := journal.AddMatch(match.String()); err != nil {
 		return fmt.Errorf("adding filter to journald logger: %v: %w", match, err)
 	}
+	// Make sure we only read events for the current user, while it is unlikely that there
+	// is a container ID duplication for two users, it is better to have it just in case.
+	uidMatch := sdjournal.Match{Field: "_UID", Value: strconv.Itoa(rootless.GetRootlessUID())}
+	if err := journal.AddMatch(uidMatch.String()); err != nil {
+		return fmt.Errorf("adding filter to journald logger: %v: %w", uidMatch, err)
+	}
 
 	// Add the filter for logs.  Note the disjunction so that we match
 	// either the events or the logs.
@@ -79,6 +87,9 @@ func (c *Container) readFromJournal(ctx context.Context, options *logs.LogOption
 	if err := journal.AddMatch(match.String()); err != nil {
 		return fmt.Errorf("adding filter to journald logger: %v: %w", match, err)
 	}
+	if err := journal.AddMatch(uidMatch.String()); err != nil {
+		return fmt.Errorf("adding filter to journald logger: %v: %w", uidMatch, err)
+	}
 
 	if options.Since.IsZero() {
 		if err := journal.SeekHead(); err != nil {

diff --git a/libpod/events/journal_linux.go b/libpod/events/journal_linux.go
@@ -11,6 +11,7 @@ import (
 	"strconv"
 	"time"
 
+	"github.com/containers/podman/v4/pkg/rootless"
 	"github.com/containers/podman/v4/pkg/util"
 	"github.com/coreos/go-systemd/v22/journal"
 	"github.com/coreos/go-systemd/v22/sdjournal"
@@ -108,7 +109,13 @@ func (e EventJournalD) Read(ctx context.Context, options ReadOptions) error {
 	// match only podman journal entries
 	podmanJournal := sdjournal.Match{Field: "SYSLOG_IDENTIFIER", Value: "podman"}
 	if err := j.AddMatch(podmanJournal.String()); err != nil {
-		return fmt.Errorf("failed to add journal filter for event log: %w", err)
+		return fmt.Errorf("failed to add SYSLOG_IDENTIFIER journal filter for event log: %w", err)
+	}
+
+	// make sure we only read events for the current user
+	uidMatch := sdjournal.Match{Field: "_UID", Value: strconv.Itoa(rootless.GetRootlessUID())}
+	if err := j.AddMatch(uidMatch.String()); err != nil {
+		return fmt.Errorf("failed to add _UID journal filter for event log: %w", err)
 	}
 
 	if len(options.Since) == 0 && len(options.Until) == 0 && options.Stream {