diff options
-rw-r--r-- | configure.ac | 9 | ||||
-rw-r--r-- | tmpfiles.d/systemd.conf.m4 | 23 |
2 files changed, 27 insertions, 5 deletions
diff --git a/configure.ac b/configure.ac index 1d668623a4..d6320d2022 100644 --- a/configure.ac +++ b/configure.ac @@ -507,6 +507,14 @@ if test "x$enable_apparmor" != "xno"; then fi AM_CONDITIONAL(HAVE_APPARMOR, [test "$have_apparmor" = "yes"]) +have_adm_group=no +AC_ARG_ENABLE(adm-group, AS_HELP_STRING([--disable-adm-group], [disable adm group])) +AS_IF([test "x$enable_adm_group" != "xno"], [ + AC_DEFINE(ENABLE_ADM_GROUP, 1, [Define if the ACL for adm group should be enabled]) + have_adm_group=yes + M4_DEFINES="$M4_DEFINES -DENABLE_ADM_GROUP" +]) + have_wheel_group=no AC_ARG_ENABLE(wheel-group, AS_HELP_STRING([--disable-wheel-group], [disable wheel group])) AS_IF([test "x$enable_wheel_group" != "xno"], [ @@ -1657,6 +1665,7 @@ AC_MSG_RESULT([ Zsh completions dir: ${with_zshcompletiondir} Extra start script: ${RC_LOCAL_SCRIPT_PATH_START} Extra stop script: ${RC_LOCAL_SCRIPT_PATH_STOP} + Adm group: ${have_adm_group} Wheel group: ${have_wheel_group} Debug shell: ${SUSHELL} @ ${DEBUGTTY} TTY GID: ${TTY_GID} diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 index 276bc6b1ba..150dab1e5b 100644 --- a/tmpfiles.d/systemd.conf.m4 +++ b/tmpfiles.d/systemd.conf.m4 @@ -26,32 +26,45 @@ d /run/log 0755 root root - z /run/log/journal 2755 root systemd-journal - - Z /run/log/journal/%m ~2750 root systemd-journal - - -m4_ifdef(`HAVE_ACL', +m4_ifdef(`HAVE_ACL',`m4_dnl +m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl m4_ifdef(`ENABLE_WHEEL_GROUP',`` a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x A+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x '',`` a+ /run/log/journal/%m - - - - d:group:adm:r-x A+ /run/log/journal/%m - - - - group:adm:r-x -''))m4_dnl +'')',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /run/log/journal/%m - - - - d:group:wheel:r-x +A+ /run/log/journal/%m - - - - group:wheel:r-x +'')')')m4_dnl z /var/log/journal 2755 root systemd-journal - - z /var/log/journal/%m 2755 root systemd-journal - - z /var/log/journal/%m/system.journal 0640 root systemd-journal - - -m4_ifdef(`HAVE_ACL', +m4_ifdef(`HAVE_ACL',`m4_dnl +m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl m4_ifdef(`ENABLE_WHEEL_GROUP',`` a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- -'',`` +'', `` a+ /var/log/journal - - - - d:group:adm:r-x a+ /var/log/journal - - - - group:adm:r-x a+ /var/log/journal/%m - - - - d:group:adm:r-x a+ /var/log/journal/%m - - - - group:adm:r-x a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- -''))m4_dnl +'')',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /var/log/journal - - - - d:group:wheel:r-x +a+ /var/log/journal - - - - group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- +'')')')m4_dnl d /var/lib/systemd 0755 root root - d /var/lib/systemd/coredump 0755 root root 3d |