journald: lower the maximum entry size limit to ½ for non-sealed fds

We immediately read the whole contents into memory, making thigs much more
expensive. Sealed fds should be used instead since they are more efficient
on our side.

(cherry picked from commit 6670c9de196c8e2d5e84a8890cbb68f70c4db6e3)
(cherry picked from commit f0ad5fe17fc6cee1f04f8f93899538ea2e96256c)

Gbp-Pq: Name journald-lower-the-maximum-entry-size-limit-to-for-non-se.patch

diff --git a/src/journal/journald-native.c b/src/journal/journald-native.c
index 50aad6d134e6b3aeb20d6ba54a23b94db53b8be6..221188db1668dc6ad60b6b82ecfac3a382bca3ea 100644 (file)
--- a/src/journal/journald-native.c
+++ b/src/journal/journald-native.c
@@ -376,8 +376,10 @@ void server_process_native_file(
         if (st.st_size <= 0)
                 return;
 
-        if (st.st_size > ENTRY_SIZE_MAX) {
-                log_error("File passed too large. Ignoring.");
+        /* When !sealed, set a lower memory limit. We have to read the file,
+         * effectively doubling memory use. */
+        if (st.st_size > ENTRY_SIZE_MAX / (sealed ? 1 : 2)) {
+                log_error("File passed too large (%"PRIu64" bytes). Ignoring.", (uint64_t) st.st_size);
                 return;
         }