Age | Commit message (Collapse) | Author |
|
is enabled (#3079)
When ACL support is enabled, systemd-tmpfiles-setup service sets the following
ACL entries to the volatile system journal:
$ getfacl /run/log/journal/*/system.journal
getfacl: Removing leading '/' from absolute path names
# file: run/log/journal/xxx/system.journal
# owner: root
# group: systemd-journal
user::rwx
group::r--
group:wheel:r-x
group:adm:r-x
mask::r-x
other::---
This patch makes sure that the exec bit is not set anymore for the volatile
system journals.
|
|
|
|
https://github.com/systemd/systemd/issues/2492
|
|
https://github.com/systemd/systemd/issues/1397
|
|
This way, directories created later for containers or for
journald-remote, will be readable by adm & wheel groups by default,
similarly to /var/log/journal/%m itself.
https://github.com/systemd/systemd/issues/1971
|
|
Do so only in /run. We shouldn't alter ACLs for existing files in /var,
but only for new files. If the admin made changes to the ACLs they
shouls stay in place.
We should still do recursive ACL changes for files in /run, since those
are not persistent, and will hence lack ACLs on every boot.
Also, /var/log/journal might be quit large, /run/log/journal is usually
not, hence we should avoid the recursive descending on /var, but not on
/run.
Fixes #534
|
|
|
|
Choose which system users defined in sysusers.d/systemd.conf and files
or directories in tmpfiles.d/systemd.conf, should be provided depending
on comile-time configuration.
|