diff options
author | Lennart Poettering <lennart@poettering.net> | 2014-06-11 10:23:16 +0200 |
---|---|---|
committer | Lennart Poettering <lennart@poettering.net> | 2014-06-11 10:29:01 +0200 |
commit | 176f2acf8dee45fee832fd2ab07243f63783a238 (patch) | |
tree | 05f15a99edc2225e5e5b9062e1cdccafb04705b4 /tmpfiles.d | |
parent | e90738c9bbf626be2d7f6a562ed427f4fc3ec238 (diff) |
tmpfiles: don't allow read access to journal files to users not in systemd-journal
Also, don't apply access mode recursively to /var/log/journal/*/, since
that might be quite large, and should be correct anyway.
Diffstat (limited to 'tmpfiles.d')
-rw-r--r-- | tmpfiles.d/systemd.conf | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf index b07d0504aa..fbc47823db 100644 --- a/tmpfiles.d/systemd.conf +++ b/tmpfiles.d/systemd.conf @@ -20,7 +20,8 @@ d /run/systemd/netif 0755 systemd-network systemd-network - d /run/systemd/netif/links 0755 systemd-network systemd-network - d /run/systemd/netif/leases 0755 systemd-network systemd-network - -z /var/log/journal 2755 root systemd-journal - - -Z /var/log/journal/%m ~2755 root systemd-journal - - z /run/log/journal 2755 root systemd-journal - - -Z /run/log/journal/%m ~2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - |