Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

journald: podman events only show events for current user #17253

Merged
merged 2 commits into from
Jan 27, 2023
Merged

journald: podman events only show events for current user #17253

merged 2 commits into from
Jan 27, 2023

Conversation

Luap99
Copy link
Member

@Luap99 Luap99 commented Jan 27, 2023

I noticed this while running some things in parallel, podman events
would show events from other users. Because all events are written to
the journal everybody can see them. So when we read the journal we must
filter events for only the current UID.

To reproduce run podman events as user then in another window create a
container as root for example. After this patch it will correctly ignore
these events from other users.

[NO NEW TESTS NEEDED] I don't think we can test with two users at the same
time.

journald: podman logs only show logs for current user

In the super rare case that there are two containers with the same ID
for two different users, podman logs with the journald driver would show
logs from both containers.

[NO NEW TESTS NEEDED] Impossible to reproduce.

Does this PR introduce a user-facing change?

Fixed a bug where podman events with the journald driver could show events from other users.

@Luap99
journald: podman events only show events for current user
2ab90f2 
I noticed this while running some things in parallel, podman events
would show events from other users. Because all events are written to
the journal everybody can see them. So when we read the journal we must
filter events for only the current UID.

To reproduce run `podman events` as user then in another window create a
container as root for example. After this patch it will correctly ignore
these events from other users.

[NO NEW TESTS NEEDED] I don't think we can test with two users at the same
time.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@Luap99
journald: podman logs only show logs for current user
e519910 
In the super rare case that there are two containers with the same ID
for two different users, podman logs with the journald driver would show
logs from both containers.

[NO NEW TESTS NEEDED] Impossible to reproduce.

Signed-off-by: Paul Holzinger <pholzing@redhat.com>
@mheon
Copy link
Member

mheon commented Jan 27, 2023

LGTM

@rhatdan
Copy link
Member

rhatdan commented Jan 27, 2023

/approve
/lgtm
/hold

@openshift-ci openshift-ci bot added do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. lgtm Indicates that a PR is ready to be merged. labels Jan 27, 2023
@openshift-ci
Copy link
Contributor

openshift-ci bot commented Jan 27, 2023

[APPROVALNOTIFIER] This PR is APPROVED

This pull-request has been approved by: Luap99, rhatdan

The full list of commands accepted by this bot can be found here.

The pull request process is described here

Needs approval from an approver in each of these files:

Approvers can indicate their approval by writing /approve in a comment
Approvers can cancel approval by writing /approve cancel in a comment

@openshift-ci openshift-ci bot added the approved Indicates a PR has been approved by an approver from all required OWNERS files. label Jan 27, 2023
@Luap99
Copy link
Member Author

Luap99 commented Jan 27, 2023

/hold cancel

@openshift-ci openshift-ci bot removed the do-not-merge/hold Indicates that a PR should not merge because someone has issued a /hold command. label Jan 27, 2023
@openshift-merge-robot openshift-merge-robot merged commit 09b97e3 into containers:main Jan 27, 2023
@Luap99 Luap99 deleted the journal-event-user branch January 27, 2023 18:59
@baude
Copy link
Member

baude commented Jan 27, 2023

/cherrypick v4.4

@openshift-cherrypick-robot openshift-cherrypick-robot mentioned this pull request Jan 27, 2023
Merged
@openshift-cherrypick-robot
Copy link
Collaborator

@baude: new pull request created: #17254

In response to this:

/cherrypick v4.4

Instructions for interacting with me using PR comments are available here. If you have questions or suggestions related to my behavior, please file an issue against the kubernetes/test-infra repository.

vrothberg
vrothberg reviewed Jan 30, 2023
View reviewed changes
Copy link
Member

@vrothberg vrothberg left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Nice catch!

@edsantiago edsantiago mentioned this pull request Jan 30, 2023
Open
@larry-cable
Copy link

should podman events not support the ability for a superuser to obtain events for all current activity independent of user identity?

@vrothberg
Copy link
Member

should podman events not support the ability for a superuser to obtain events for all current activity independent of user identity?

That's not on the roadmap. A superuser can query the journal (e.g., via journalctl) to see the events of all user on the system (including Podman events).

@github-actions github-actions bot added the locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments. label Aug 25, 2023
@github-actions github-actions bot locked as resolved and limited conversation to collaborators Aug 25, 2023
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@vrothberg vrothberg vrothberg left review comments

Assignees

@rhatdan rhatdan

Labels
approved Indicates a PR has been approved by an approver from all required OWNERS files. lgtm Indicates that a PR is ready to be merged. locked - please file new issue/PR Assist humans wanting to comment on an old issue or PR with locked comments.
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
8 participants
@Luap99 @mheon @rhatdan @baude @openshift-cherrypick-robot @larry-cable @vrothberg @openshift-merge-robot