journald: fix ignored filtering patterns for delegated cgroups

If a service defines Delegate=yes, its subcgroup won't inherit the
LogFilterPatterns= option, because the option is stored on the unit's
cgroup attributes, not on the subcgroup.

Fixed by using the unit's cgroup attributes instead.

src/journal/journald-client.c

@@ -46,16 +46,20 @@ static int client_parse_log_filter_nulstr(const char *nulstr, size_t len, Set **
 
 int client_context_read_log_filter_patterns(ClientContext *c, const char *cgroup) {
         char *deny_list_xattr, *xattr_end;
-        _cleanup_free_ char *xattr = NULL;
+        _cleanup_free_ char *xattr = NULL, *unit_cgroup = NULL;
         _cleanup_set_free_ Set *allow_list = NULL, *deny_list = NULL;
         int r;
 
         assert(c);
 
-        r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, cgroup, "user.journald_log_filter_patterns", &xattr);
+        r = cg_path_get_unit_path(cgroup, &unit_cgroup);
+        if (r < 0)
+                return log_debug_errno(r, "Failed to get the unit's cgroup path for %s: %m", cgroup);
+
+        r = cg_get_xattr_malloc(SYSTEMD_CGROUP_CONTROLLER, unit_cgroup, "user.journald_log_filter_patterns", &xattr);
         if (r < 0) {
                 if (!ERRNO_IS_XATTR_ABSENT(r))
-                        return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", cgroup);
+                        return log_debug_errno(r, "Failed to get user.journald_log_filter_patterns xattr for %s: %m", unit_cgroup);
 
                 client_set_filtering_patterns(c, NULL, NULL);
                 return 0;

test/testsuite-04.units/delegated-cgroup-filtering.service

@@ -0,0 +1,8 @@
+[Unit]
+Description=Test service for delegated logs filtering
+
+[Service]
+Type=simple
+ExecStart=/usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload.sh
+Delegate=yes
+SyslogLevel=notice

test/units/delegated_cgroup_filtering_payload.sh

@@ -0,0 +1,12 @@
+#!/bin/sh
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+mkdir /sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child
+/bin/sh /usr/lib/systemd/tests/testdata/units/delegated_cgroup_filtering_payload_child.sh &
+
+while true
+do
+	echo "parent_process: hello, world!"
+	echo "parent_process: hello, people!"
+    sleep .15
+done

test/units/delegated_cgroup_filtering_payload_child.sh

@@ -0,0 +1,11 @@
+#!/bin/sh
+# SPDX-License-Identifier: LGPL-2.1-or-later
+
+echo $$ >/sys/fs/cgroup/system.slice/delegated-cgroup-filtering.service/the_child/cgroup.procs
+
+while true
+do
+	echo "child_process: hello, world!"
+	echo "child_process: hello, people!"
+    sleep .15
+done

test/units/testsuite-04.sh

@@ -185,8 +185,8 @@ function add_logs_filtering_override() {
     LOG_FILTER=${3:-""}
 
     mkdir -p /etc/systemd/system/"$UNIT".d/
-    echo "[Service]" >/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
-    echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/logs-filtering.service.d/"${OVERRIDE_NAME}".conf
+    echo "[Service]" >/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
+    echo "LogFilterPatterns=$LOG_FILTER" >>/etc/systemd/system/"$UNIT".d/"${OVERRIDE_NAME}".conf
     systemctl daemon-reload
 }
 
@@ -256,7 +256,14 @@ if is_xattr_supported; then
     add_logs_filtering_override "logs-filtering.service" "10-allow-with-escape-char" "\x7emore~"
     [[ -n $(run_service_and_fetch_logs "logs-filtering.service") ]]
 
+    add_logs_filtering_override "delegated-cgroup-filtering.service" "00-allow-all" ".*"
+    [[ -n $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
+
+    add_logs_filtering_override "delegated-cgroup-filtering.service" "01-discard-hello" "~hello"
+    [[ -z $(run_service_and_fetch_logs "delegated-cgroup-filtering.service") ]]
+
     rm -rf /etc/systemd/system/logs-filtering.service.d
+    rm -rf /etc/systemd/system/delegated-cgroup-filtering.service.d
 fi
 
 touch /testok