-
Committer:
Jamie Strandboge
-
Date:
2017-05-04 14:15:28 UTC
-
mfrom:
(3657.1.2 apparmor.trunk)
-
Revision ID:
jamie@ubuntu.com-20170504141528-4r356io2kxlgfeum
Update base abstraction for additional journald sockets
The base abstraction already allows write access to
/run/systemd/journal/dev-log but journald offers both:
- a native journal API at /run/systemd/journal/socket (see sd_journal_print(4))
- /run/systemd/journal/stdout for connecting a program's output to the journal
(see systemd-cat(1)).
In addition to systemd-cat, the stdout access is required for nested container
(eg, LXD) logs to show up in the host. Interestingly, systemd-cat and LXD
containers require 'r' in addtion to 'w' to work. journald does not allow
reading log entries from this socket so the access is deemed safe.
Signed-off-by: Jamie Strandboge <jamie@canonical.com>
Acked-by: Seth Arnold <seth.arnold@canonical.com>