From 8dfa6d7536994c1a75b5d8a2af009efa9135b395 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 7 Jun 2023 15:19:25 +0200
Subject: [PATCH] sd-journal: when SD_JOURNAL_CURRENT_USER is set, and called
 from system UID, imply SD_JOURNAL_SYSTEM

Fixes: #26742 #23679
(cherry picked from commit 97c621b72d8c5b5eb4bf7f177cd885bfc01518c9)

Resolves: RHEL-31070
---
 src/libsystemd/sd-journal/sd-journal.c | 20 ++++++++++++++------
 1 file changed, 14 insertions(+), 6 deletions(-)

diff --git a/src/libsystemd/sd-journal/sd-journal.c b/src/libsystemd/sd-journal/sd-journal.c
index 9ab31fbbc8..723beec0e8 100644
--- a/src/libsystemd/sd-journal/sd-journal.c
+++ b/src/libsystemd/sd-journal/sd-journal.c
@@ -41,6 +41,7 @@
 #include "string-util.h"
 #include "strv.h"
 #include "syslog-util.h"
+#include "uid-alloc-range.h"
 
 #define JOURNAL_FILES_MAX 7168
 
@@ -1217,25 +1218,32 @@ static bool file_has_type_prefix(const char *prefix, const char *filename) {
 static bool file_type_wanted(int flags, const char *filename) {
         assert(filename);
 
-        if (!endswith(filename, ".journal") && !endswith(filename, ".journal~"))
+        if (!ENDSWITH_SET(filename, ".journal", ".journal~"))
                 return false;
 
         /* no flags set → every type is OK */
         if (!(flags & (SD_JOURNAL_SYSTEM | SD_JOURNAL_CURRENT_USER)))
                 return true;
 
-        if (flags & SD_JOURNAL_SYSTEM && file_has_type_prefix("system", filename))
-                return true;
-
-        if (flags & SD_JOURNAL_CURRENT_USER) {
+        if (FLAGS_SET(flags, SD_JOURNAL_CURRENT_USER)) {
                 char prefix[5 + DECIMAL_STR_MAX(uid_t) + 1];
 
-                xsprintf(prefix, "user-"UID_FMT, getuid());
+                xsprintf(prefix, "user-" UID_FMT, getuid());
 
                 if (file_has_type_prefix(prefix, filename))
                         return true;
+
+                /* If SD_JOURNAL_CURRENT_USER is specified and we are invoked under a system UID, then
+                 * automatically enable SD_JOURNAL_SYSTEM too, because journald will actually put system user
+                 * data into the system journal. */
+
+                if (uid_for_system_journal(getuid()))
+                        flags |= SD_JOURNAL_SYSTEM;
         }
 
+        if (FLAGS_SET(flags, SD_JOURNAL_SYSTEM) && file_has_type_prefix("system", filename))
+                return true;
+
         return false;
 }