summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorFranck Bui <fbui@suse.com>2016-05-04 01:29:11 +0200
committerZbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>2016-05-03 19:29:11 -0400
commitd428dd6ac9a56e7b3421fb8ef3aac9937a4a2e62 (patch)
treeeae134261dc16515cc459a8430cba63b7b9dc152
parent98973d0eff84a160677b47b1cdeb8925fcf1b419 (diff)
tmpfiles: don't set the x bit for volatile system journal when ACL support is enabled (#3079)
When ACL support is enabled, systemd-tmpfiles-setup service sets the following ACL entries to the volatile system journal: $ getfacl /run/log/journal/*/system.journal getfacl: Removing leading '/' from absolute path names # file: run/log/journal/xxx/system.journal # owner: root # group: systemd-journal user::rwx group::r-- group:wheel:r-x group:adm:r-x mask::r-x other::--- This patch makes sure that the exec bit is not set anymore for the volatile system journals.
-rw-r--r--tmpfiles.d/systemd.conf.m49
1 files changed, 6 insertions, 3 deletions
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
index 150dab1e5b..2cd58e9121 100644
--- a/tmpfiles.d/systemd.conf.m4
+++ b/tmpfiles.d/systemd.conf.m4
@@ -30,14 +30,17 @@ m4_ifdef(`HAVE_ACL',`m4_dnl
m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl
m4_ifdef(`ENABLE_WHEEL_GROUP',``
a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
-A+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r--
'',``
a+ /run/log/journal/%m - - - - d:group:adm:r-x
-A+ /run/log/journal/%m - - - - group:adm:r-x
+a+ /run/log/journal/%m - - - - group:adm:r-x
+a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--
'')',`m4_dnl
m4_ifdef(`ENABLE_WHEEL_GROUP',``
a+ /run/log/journal/%m - - - - d:group:wheel:r-x
-A+ /run/log/journal/%m - - - - group:wheel:r-x
+a+ /run/log/journal/%m - - - - group:wheel:r-x
+a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r--
'')')')m4_dnl
z /var/log/journal 2755 root systemd-journal - -