On Wed, 2022-03-16 at 08:01 +0800, Paul Wise wrote: > On Tue, 2022-03-15 at 13:28 +0000, Luca Boccassi wrote: > > > Yes indeed, logs can be filtered by invocation id, eg: > > > > journalctl INVOCATION_ID=abcdefg > > That sounds useful. > > > Also to make a unit's log "private" (not stored in the system > > journal) > > LogNamespace= can be used, see: > > > > https://www.freedesktop.org/software/systemd/man/systemd.exec.html#LogNamespace= > > That sounds useful too but not for my use-case due to: > > This option is only available for system services and is not > supported for services running in per-user instances of the > service manager. > > I guess the reason for this is that it uses mount namespaces to > override the journald socket, rather than just pointing the process > at > a different socket via another mechanism. That will actually work from v251 too (as long as PrivateUsers=yes and TemporaryFileSystem=/run are also configured), with one caveat: given the journald instance is a system unit rather than a user one, a user unit won't have privileges to start it automagically. But it's very trivial to start it manually if you are configuring the user unit, since it's just a template based on the chosen namespace. Ie, for a unit with LogNamespace=foo, a 'systemctl start systemd-journald@foo.service' once at boot will do the trick. I'll see if I can make it work safely and automagically, without the manual start, before the next release, but no promises. Journal files will be stored under /[var|run]/log/journal/<machineid>.foo/ and be separated from the system ones. -- Kind regards, Luca Boccassi
Attachment:
signature.asc
Description: This is a digitally signed message part