Re: [systemd-devel] [PATCH 1/2] autogen: add shortcut for building with clang
On Fri, 27.12.13 22:25, Thomas H.P. Andersen (pho...@gmail.com) wrote: From: Thomas Hindoe Paaboel Andersen pho...@gmail.com For a while I have been cleaning up warnings when building with clang. There are currently only two sources of warnings left: Wcast-align and Wgnu. I am not convinced that fixing up those up is feasible so I run with them disabled to spot regressions. E.g. clang is a bit more strict wrt to unused variables with the cleanup attribute and I have fixed a number of those since. Like the other options in autogen.sh I have a shortcut for clang as well. I use 'l' for llvm. --- autogen.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/autogen.sh b/autogen.sh index e6289b3..91df10a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -62,6 +62,9 @@ elif [ x$1 = xg ]; then elif [ x$1 = xa ]; then ./configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' --enable-kdbus $args make clean +elif [ x$1 = xl ]; then +./configure CC=clang CFLAGS='-g -O0 -ftrapv -Wno-cast-align -Wno-gnu' --enable-kdbus $args +make clean else echo echo Looks good! Please commit! Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 2/2] autogen: add shortcut for running scan-build
On Fri, 27.12.13 22:25, Thomas H.P. Andersen (pho...@gmail.com) wrote: From: Thomas Hindoe Paaboel Andersen pho...@gmail.com scan-build is a static analyzer in llvm. As ususal static analyzers tend to mostly find theoretical bugs in software that has been in production for a while. For in-development code it can be useful to check if new issues is added as there is a chance to spot real problems before release. For systemd we are now down to 297 issues - the vast majority are false positives because the tool does not understand the cleanup attribute. Running clang's static analyzer scan-build is a bit messy. You have to run both configure and make inside the build-scan tool. To have an easy shortcut from autogen.sh I thus call both directly from it. This makes it different from the other options in autogen.sh. I chose 's' for static analysis. scan-build is in the package clang-analyzer on fedora. On fedora we also need to set --use-analyzer=/usr/bin/clang On my system I do not need to set --use-analyzer here? It works fine without? --- autogen.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/autogen.sh b/autogen.sh index 91df10a..b6d197d 100755 --- a/autogen.sh +++ b/autogen.sh @@ -65,6 +65,9 @@ elif [ x$1 = xa ]; then elif [ x$1 = xl ]; then ./configure CC=clang CFLAGS='-g -O0 -ftrapv -Wno-cast-align -Wno-gnu' --enable-kdbus $args make clean +elif [ x$1 = xs ]; then +scan-build --use-analyzer=/usr/bin/clang ./configure CFLAGS='-g -O0 -ftrapv' --enable-kdbus $args +scan-build --use-analyzer=/usr/bin/clang make else echo echo Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Add SELinuxContext configuration item
On Fri, 27.12.13 23:26, m...@zarb.org (m...@zarb.org) wrote: From: Michael Scherer m...@zarb.org This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service. Hmm, so far (as I understood it) the SELinux guys always wanted to make sure that label configuration stays in the the selinux database and nowhere else. I'd like Dan Walsh's opinion whether this addition fits into what the SELinux guys want or not. Dan? Patch looks fine though. Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 1/4] bus: driverd; add missing format string parameter
On Sat, 28.12.13 13:54, Marc-Antoine Perennou (marc-anto...@perennou.com) wrote:
This was causing a nasty coredump
Thanks! Applied!
(So this wasn't detected earlier due to a format string attribute fuckup
for sd_bus_error_setf() and a couple of other calls. Fixed those too.)
---
src/bus-driverd/bus-driverd.c | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/src/bus-driverd/bus-driverd.c b/src/bus-driverd/bus-driverd.c
index 57023ec..44172c4 100644
--- a/src/bus-driverd/bus-driverd.c
+++ b/src/bus-driverd/bus-driverd.c
@@ -346,7 +346,7 @@ static int driver_remove_match(sd_bus *bus,
sd_bus_message *message, void *userd
m = hashmap_get(c-matches, normalized);
if (!m) {
-r = sd_bus_error_setf(error,
SD_BUS_ERROR_MATCH_RULE_NOT_FOUND, Match rule \%s\ not found.);
+r = sd_bus_error_setf(error,
SD_BUS_ERROR_MATCH_RULE_NOT_FOUND, Match rule \%s\ not found.,
normalized);
goto finish;
}
Lennart
--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Add SELinuxContext configuration item
On Sat, Dec 28, 2013 at 2:30 PM, Lennart Poettering
lenn...@poettering.net wrote:
On Fri, 27.12.13 23:26, m...@zarb.org (m...@zarb.org) wrote:
This permit to let system administrators decide of the domain of a service.
This can be used with templated units to have each service in a différent
domain ( for example, a per customer database, using MLS or anything ),
or can be used to force a non selinux enabled system (jvm, erlang, etc)
to start in a different domain for each service.
Hmm, so far (as I understood it) the SELinux guys always wanted to make
sure that label configuration stays in the the selinux database and
nowhere else.
I'd like Dan Walsh's opinion whether this addition fits into what the
SELinux guys want or not. Dan?
I guess it matches a bit what we do for udev with SECLABEL{selinux}=.
Kay
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 2/4] bus: driverd: don't remove twice a match from the list
On Sat, 28.12.13 13:54, Marc-Antoine Perennou (marc-anto...@perennou.com) wrote:
match_free already does it
---
src/bus-driverd/bus-driverd.c | 4 +---
1 file changed, 1 insertion(+), 3 deletions(-)
diff --git a/src/bus-driverd/bus-driverd.c b/src/bus-driverd/bus-driverd.c
index 44172c4..b423420 100644
--- a/src/bus-driverd/bus-driverd.c
+++ b/src/bus-driverd/bus-driverd.c
@@ -129,10 +129,8 @@ static int match_new(Client *c, struct
bus_match_component *components, unsigned
first = hashmap_get(c-matches, m-match);
LIST_PREPEND(matches, first, m);
r = hashmap_replace(c-matches, m-match, first);
-if (r 0) {
-LIST_REMOVE(matches, first, m);
+if (r 0)
goto fail;
-}
Hmm, did you run into an actual problem with this?
match_free() only undoes the registration if m-client is actually
set. Which it isn't in this case, since we actually set m-client after
the hashmap_replace() succeeded. Actually, we use whether m-client is
set or not as indication whether we have to remove the match from the
hashmap and the list that is appended to each entry.
To me it appears the currently code is quite correct, or am I missing
anything?
Lennart
--
Lennart Poettering, Red Hat
___
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 4/4] gitignore: add back user@.service
On Sat, 28.12.13 13:54, Marc-Antoine Perennou (marc-anto...@perennou.com) wrote: --- units/.gitignore | 1 + 1 file changed, 1 insertion(+) diff --git a/units/.gitignore b/units/.gitignore index 6de2aad..cb9fa1c 100644 --- a/units/.gitignore +++ b/units/.gitignore @@ -66,3 +66,4 @@ /systemd-user-sessions.service /systemd-vconsole-setup.service /user@.service.m4 +/user@.service Applied this one! Thanks! Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH] Add SELinuxContext configuration item
Le samedi 28 décembre 2013 à 14:30 +0100, Lennart Poettering a écrit : On Fri, 27.12.13 23:26, m...@zarb.org (m...@zarb.org) wrote: From: Michael Scherer m...@zarb.org This permit to let system administrators decide of the domain of a service. This can be used with templated units to have each service in a différent domain ( for example, a per customer database, using MLS or anything ), or can be used to force a non selinux enabled system (jvm, erlang, etc) to start in a different domain for each service. Hmm, so far (as I understood it) the SELinux guys always wanted to make sure that label configuration stays in the the selinux database and nowhere else. Yep, I know and they are right, we shouldn't put configuration everywhere in the system. But there is a few cases where the selinux policy cannot express what we want ( or at least, I do not know how to do it ). First case is doing something like openshift, with 1 different domain per user. Since the transitions are mostly handled in kernel space ( except for specific case like sepostgresql ), it kinda restrict what we can do in term of smart transition. In the case of openshift, this use a specific pam module (pam_openshift) and specific plugins in the code, because the policy is a bit too static to handle that. So using templated units, we could do for example : SELinuxContext=staff_u:staff_r:%s_t:s0-s0:c0.c1023 or similar tricks. Or just handle things manually, with static SELinuxContext ( or include, or anything ). The second case is caused by a limitation of the current way of doing transition. My main motivation is to solve https://bugzilla.redhat.com/show_bug.cgi?id=969757 , because right now, we cannot ask to erlang to run in a different domain unless if we write 1 shell wrapper per erlang application just to trigger the transition, or until we make erlang selinux-aware, like postgresql is. So rather than duplicate shell wrappers or adding code everywhere, I was thinking doing it in systemd directly would be beneficial for everybody by reducing needed changes to the only stuff that matter, having the context we want to switch to. I do not expect SELinuxContext to be used by upstream units, and I guess that a distribution can decide to have them being unused by policy if that's a issue. It should also be noted that upstart do support a similar configuration for apparmor, https://code.launchpad.net/~mdeslaur/upstart/apparmor-support/+merge/164169 And I was pondering on adding it as well to systemd, since some systemd consumers are using apparmor, and because feature parity is IMHO important if we want to let people use systemd on Ubuntu. I'd like Dan Walsh's opinion whether this addition fits into what the SELinux guys want or not. Dan? Patch looks fine though. -- Michael Scherer ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 2/2] autogen: add shortcut for running scan-build
On Sat, Dec 28, 2013 at 1:14 PM, Lennart Poettering lenn...@poettering.net wrote: On Fri, 27.12.13 22:25, Thomas H.P. Andersen (pho...@gmail.com) wrote: From: Thomas Hindoe Paaboel Andersen pho...@gmail.com scan-build is a static analyzer in llvm. As ususal static analyzers tend to mostly find theoretical bugs in software that has been in production for a while. For in-development code it can be useful to check if new issues is added as there is a chance to spot real problems before release. For systemd we are now down to 297 issues - the vast majority are false positives because the tool does not understand the cleanup attribute. Running clang's static analyzer scan-build is a bit messy. You have to run both configure and make inside the build-scan tool. To have an easy shortcut from autogen.sh I thus call both directly from it. This makes it different from the other options in autogen.sh. I chose 's' for static analysis. scan-build is in the package clang-analyzer on fedora. On fedora we also need to set --use-analyzer=/usr/bin/clang On my system I do not need to set --use-analyzer here? It works fine without? Ah, it was fixed a month ago in v3.3-3: https://bugzilla.redhat.com/show_bug.cgi?id=982645 Ok to commit with that removed? ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 1/2] autogen: add shortcut for building with clang
On Sat, Dec 28, 2013 at 1:13 PM, Lennart Poettering lenn...@poettering.net wrote: On Fri, 27.12.13 22:25, Thomas H.P. Andersen (pho...@gmail.com) wrote: From: Thomas Hindoe Paaboel Andersen pho...@gmail.com For a while I have been cleaning up warnings when building with clang. There are currently only two sources of warnings left: Wcast-align and Wgnu. I am not convinced that fixing up those up is feasible so I run with them disabled to spot regressions. E.g. clang is a bit more strict wrt to unused variables with the cleanup attribute and I have fixed a number of those since. Like the other options in autogen.sh I have a shortcut for clang as well. I use 'l' for llvm. --- autogen.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/autogen.sh b/autogen.sh index e6289b3..91df10a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -62,6 +62,9 @@ elif [ x$1 = xg ]; then elif [ x$1 = xa ]; then ./configure CFLAGS='-g -O0 -Wsuggest-attribute=pure -Wsuggest-attribute=const -ftrapv' --enable-kdbus $args make clean +elif [ x$1 = xl ]; then +./configure CC=clang CFLAGS='-g -O0 -ftrapv -Wno-cast-align -Wno-gnu' --enable-kdbus $args +make clean else echo echo Looks good! Please commit! Pushed. Thanks. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 2/2] autogen: add shortcut for running scan-build
On Sat, 28.12.13 21:22, Thomas H.P. Andersen (pho...@gmail.com) wrote: On Sat, Dec 28, 2013 at 1:14 PM, Lennart Poettering lenn...@poettering.net wrote: On Fri, 27.12.13 22:25, Thomas H.P. Andersen (pho...@gmail.com) wrote: From: Thomas Hindoe Paaboel Andersen pho...@gmail.com scan-build is a static analyzer in llvm. As ususal static analyzers tend to mostly find theoretical bugs in software that has been in production for a while. For in-development code it can be useful to check if new issues is added as there is a chance to spot real problems before release. For systemd we are now down to 297 issues - the vast majority are false positives because the tool does not understand the cleanup attribute. Running clang's static analyzer scan-build is a bit messy. You have to run both configure and make inside the build-scan tool. To have an easy shortcut from autogen.sh I thus call both directly from it. This makes it different from the other options in autogen.sh. I chose 's' for static analysis. scan-build is in the package clang-analyzer on fedora. On fedora we also need to set --use-analyzer=/usr/bin/clang On my system I do not need to set --use-analyzer here? It works fine without? Ah, it was fixed a month ago in v3.3-3: https://bugzilla.redhat.com/show_bug.cgi?id=982645 Ok to commit with that removed? Sure! Go ahead! Lennart -- Lennart Poettering, Red Hat ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] [PATCH 2/2] autogen: add shortcut for running scan-build
On Sat, Dec 28, 2013 at 10:12 PM, Lennart Poettering lenn...@poettering.net wrote: On Sat, 28.12.13 21:22, Thomas H.P. Andersen (pho...@gmail.com) wrote: On Sat, Dec 28, 2013 at 1:14 PM, Lennart Poettering lenn...@poettering.net wrote: On Fri, 27.12.13 22:25, Thomas H.P. Andersen (pho...@gmail.com) wrote: From: Thomas Hindoe Paaboel Andersen pho...@gmail.com scan-build is a static analyzer in llvm. As ususal static analyzers tend to mostly find theoretical bugs in software that has been in production for a while. For in-development code it can be useful to check if new issues is added as there is a chance to spot real problems before release. For systemd we are now down to 297 issues - the vast majority are false positives because the tool does not understand the cleanup attribute. Running clang's static analyzer scan-build is a bit messy. You have to run both configure and make inside the build-scan tool. To have an easy shortcut from autogen.sh I thus call both directly from it. This makes it different from the other options in autogen.sh. I chose 's' for static analysis. scan-build is in the package clang-analyzer on fedora. On fedora we also need to set --use-analyzer=/usr/bin/clang On my system I do not need to set --use-analyzer here? It works fine without? Ah, it was fixed a month ago in v3.3-3: https://bugzilla.redhat.com/show_bug.cgi?id=982645 Ok to commit with that removed? Sure! Go ahead! Thanks. Pushed. ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
[systemd-devel] [PATCH 1/2] journal: fix access to munmapped memory in sd_journal_enumerate_unique
Two patches:
1/2 fixes an error which I encountered while writing 2/2,
2/2 add globbing to journalctl --unit or --user-unit.
For example journalctl --unit=lvm2* yields the following for me:
Journal filter: ((OBJECT_SYSTEMD_UNIT=lvm2-activation.service AND _UID=0) OR
(UNIT=lvm2-activation.service AND _PID=1) OR
(COREDUMP_UNIT=lvm2-activation.service AND _UID=0 AND
MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR
_SYSTEMD_UNIT=lvm2-activation.service OR
(OBJECT_SYSTEMD_UNIT=lvm2-lvmetad.service AND _UID=0) OR
(UNIT=lvm2-lvmetad.service AND _PID=1) OR
(COREDUMP_UNIT=lvm2-lvmetad.service AND _UID=0 AND
MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR
_SYSTEMD_UNIT=lvm2-lvmetad.service OR
(OBJECT_SYSTEMD_UNIT=lvm2-monitor.service AND _UID=0) OR
(UNIT=lvm2-monitor.service AND _PID=1) OR
(COREDUMP_UNIT=lvm2-monitor.service AND _UID=0 AND
MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR
_SYSTEMD_UNIT=lvm2-monitor.service OR
(OBJECT_SYSTEMD_UNIT=lvm2-pvscan@8:2.service AND _UID=0) OR
(UNIT=lvm2-pvscan@8:2.service AND _PID=1) OR
(COREDUMP_UNIT=lvm2-pvscan@8:2.service AND _UID=0 AND
MESSAGE_ID=fc2e22bc6ee647b6b90729ab34a250b1) OR
_SYSTEMD_UNIT=lvm2-pvscan@8:2.service)
Zbyszek
--8--
sd_j_e_u needs to keep a reference to an object while comparing it
with possibly duplicate objects in other files. Because the size of
mmap cache is limited, with enough files and object to compare to,
at some point the object being compared would be munmapped, resulting
in a segmentation fault.
Fix this issue by turning keep_always into a reference count that can
be increased and decreased. Other callers which set keep_always=true
are unmodified: their references are never released but are ignored
when the whole file is closed, which happens at some point. keep_always
is increased in sd_j_e_u and later on released.
---
src/journal/journal-file.c | 5 +---
src/journal/journal-file.h | 24 +++
src/journal/journal-verify.c | 4
src/journal/mmap-cache.c | 57 +++-
src/journal/mmap-cache.h | 18 +-
src/journal/sd-journal.c | 18 +++---
6 files changed, 103 insertions(+), 23 deletions(-)
diff --git a/src/journal/journal-file.c b/src/journal/journal-file.c
index 121b40a..10ed146 100644
--- a/src/journal/journal-file.c
+++ b/src/journal/journal-file.c
@@ -419,7 +419,6 @@ int journal_file_move_to_object(JournalFile *f, int type,
uint64_t offset, Objec
void *t;
Object *o;
uint64_t s;
-unsigned context;
assert(f);
assert(ret);
@@ -428,10 +427,8 @@ int journal_file_move_to_object(JournalFile *f, int type,
uint64_t offset, Objec
if (!VALID64(offset))
return -EFAULT;
-/* One context for each type, plus one catch-all for the rest */
-context = type 0 type _OBJECT_TYPE_MAX ? type : 0;
-r = journal_file_move_to(f, context, false, offset,
sizeof(ObjectHeader), t);
+r = journal_file_move_to(f, type_to_context(type), false, offset,
sizeof(ObjectHeader), t);
if (r 0)
return r;
diff --git a/src/journal/journal-file.h b/src/journal/journal-file.h
index 2eed086..50dbe29 100644
--- a/src/journal/journal-file.h
+++ b/src/journal/journal-file.h
@@ -128,6 +128,10 @@ int journal_file_open_reliably(
#define ALIGN64(x) (((x) + 7ULL) ~7ULL)
#define VALID64(x) (((x) 7ULL) == 0ULL)
+/* Use six characters to cover the offsets common in smallish journal
+ * files without adding too many zeros. */
+#define OFSfmt %06PRIx64
+
static inline bool VALID_REALTIME(uint64_t u) {
/* This considers timestamps until the year 3112 valid. That should be
plenty room... */
return u 0 u (1ULL 55);
@@ -197,3 +201,23 @@ int journal_file_get_cutoff_realtime_usec(JournalFile *f,
usec_t *from, usec_t *
int journal_file_get_cutoff_monotonic_usec(JournalFile *f, sd_id128_t boot,
usec_t *from, usec_t *to);
bool journal_file_rotate_suggested(JournalFile *f, usec_t max_file_usec);
+
+
+static unsigned type_to_context(int type) {
+/* One context for each type, plus one catch-all for the rest */
+return type 0 type _OBJECT_TYPE_MAX ? type : 0;
+}
+
+static inline int journal_file_object_keep(JournalFile *f, Object *o, uint64_t
offset) {
+unsigned context = type_to_context(o-object.type);
+
+return mmap_cache_get(f-mmap, f-fd, f-prot, context, true,
+ offset, o-object.size, f-last_stat, NULL);
+}
+
+static inline int journal_file_object_release(JournalFile *f, Object *o,
uint64_t offset) {
+unsigned context = type_to_context(o-object.type);
+
+return mmap_cache_release(f-mmap, f-fd, f-prot, context,
+ offset, o-object.size);
+}
diff --git a/src/journal/journal-verify.c b/src/journal/journal-verify.c
index 3405811..5f45f40 100644
--- a/src/journal/journal-verify.c
+++
[systemd-devel] [PATCH 2/2] journalctl: allow globbing in --unit and --user-unit
This is a continuation of e3e0314b systemctl: allow globbing in commands
which take multiple unit names.
Multiple patterns can be specified, as separate arguments, or as one argument
with patterns seperated by commas.
If patterns are given, at least one unit must be matched (by any of the
patterns).
This is different behaviour than systemctl, but here it is necessary because
otherwise anything would be matched, which is unlikely to be the intended
behaviour.
https://bugs.freedesktop.org/show_bug.cgi?id=59336
---
src/journal/journalctl.c | 175 +++
1 file changed, 160 insertions(+), 15 deletions(-)
diff --git a/src/journal/journalctl.c b/src/journal/journalctl.c
index 42c16f6..2d99ade 100644
--- a/src/journal/journalctl.c
+++ b/src/journal/journalctl.c
@@ -21,6 +21,7 @@
#include locale.h
#include fcntl.h
+#include fnmatch.h
#include errno.h
#include stddef.h
#include string.h
@@ -49,6 +50,7 @@
#include build.h
#include pager.h
#include strv.h
+#include set.h
#include journal-internal.h
#include journal-def.h
#include journal-verify.h
@@ -983,40 +985,177 @@ static int add_dmesg(sd_journal *j) {
return 0;
}
-static int add_units(sd_journal *j) {
-_cleanup_free_ char *u = NULL;
+static int get_possible_units(sd_journal *j,
+ const char *fields,
+ char **patterns,
+ Set **units) {
+_cleanup_set_free_free_ Set *found;
+const char *field;
int r;
+
+found = set_new(string_hash_func, string_compare_func);
+if (!found)
+return log_oom();
+
+NULSTR_FOREACH(field, fields) {
+const void *data;
+size_t size;
+
+r = sd_journal_query_unique(j, field);
+if (r 0)
+return r;
+
+SD_JOURNAL_FOREACH_UNIQUE(j, data, size) {
+char **pattern, *eq;
+size_t prefix;
+_cleanup_free_ char *u = NULL;
+
+eq = memchr(data, '=', size);
+if (eq)
+prefix = eq - (char*) data + 1;
+else
+prefix = 0;
+
+u = strndup((char*) data + prefix, size - prefix);
+if (!u)
+return log_oom();
+
+STRV_FOREACH(pattern, patterns)
+if (fnmatch(*pattern, u, FNM_NOESCAPE) == 0) {
+log_debug(Matched %s with pattern
%s=%s, u, field, *pattern);
+
+r = set_consume(found, u);
+u = NULL;
+if (r 0 r != -EEXIST)
+return r;
+
+break;
+}
+}
+}
+
+*units = found;
+found = NULL;
+return 0;
+}
+
+/* This list is supposed to return the superset of unit names
+ * possibly matched by rules added with add_matches_for_unit... */
+#define SYSTEM_UNITS \
+_SYSTEMD_UNIT\0\
+COREDUMP_UNIT\0\
+UNIT\0 \
+OBJECT_SYSTEMD_UNIT\0 \
+_SYSTEMD_SLICE\0
+
+/* ... and add_matches_for_user_unit */
+#define USER_UNITS \
+_SYSTEMD_USER_UNIT\0 \
+USER_UNIT\0\
+COREDUMP_USER_UNIT\0 \
+OBJECT_SYSTEMD_USER_UNIT\0
+
+static int add_units(sd_journal *j) {
+_cleanup_strv_free_ char **patterns = NULL;
+int r, count = 0;
char **i;
assert(j);
STRV_FOREACH(i, arg_system_units) {
-u = unit_name_mangle(*i, MANGLE_NOGLOB);
+_cleanup_free_ char *u = NULL;
+
+u = unit_name_mangle(*i, MANGLE_GLOB);
if (!u)
return log_oom();
-r = add_matches_for_unit(j, u);
-if (r 0)
-return r;
-r = sd_journal_add_disjunction(j);
+
+if (string_is_glob(u)) {
+r = strv_push(patterns, u);
+if (r 0)
+return r;
+u = NULL;
+} else {
+r = add_matches_for_unit(j, u);
+if (r 0)
+return r;
+r = sd_journal_add_disjunction(j);
+if (r 0)
+return r;
+count ++;
+}
+}
+
+if (!strv_isempty(patterns)) {
+
