[systemd-commits] 2 commits - src/journal tmpfiles.d/systemd.conf

Lennart Poettering lennart at kemper.freedesktop.org
Wed Jun 11 01:38:33 PDT 2014 

 src/journal/journald-server.c |    5 ++++-
 tmpfiles.d/systemd.conf       |    7 ++++---
 2 files changed, 8 insertions(+), 4 deletions(-)

New commits:
commit fc1d70af2101e16c9e6f3c5bfd5ab315ee9e6dae
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Jun 11 10:36:13 2014 +0200

    journald: create /run/log/journal with the correct access modes

diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c
index 3211773..eda5dcf 100644
--- a/src/journal/journald-server.c
+++ b/src/journal/journald-server.c
@@ -990,7 +990,10 @@ static int system_journal_open(Server *s) {
                         /* OK, we really need the runtime journal, so create
                          * it if necessary. */
 
-                        (void) mkdir_parents(fn, 0755);
+                        (void) mkdir("/run/log", 0755);
+                        (void) mkdir("/run/log/journal", 0755);
+                        (void) mkdir_parents(fn, 0750);
+
                         r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal);
                         free(fn);
 

commit 176f2acf8dee45fee832fd2ab07243f63783a238
Author: Lennart Poettering <lennart at poettering.net>
Date:   Wed Jun 11 10:23:16 2014 +0200

    tmpfiles: don't allow read access to journal files to users not in systemd-journal
    
    Also, don't apply access mode recursively to /var/log/journal/*/, since
    that might be quite large, and should be correct anyway.

diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index b07d050..fbc4782 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -20,7 +20,8 @@ d /run/systemd/netif 0755 systemd-network systemd-network -
 d /run/systemd/netif/links 0755 systemd-network systemd-network -
 d /run/systemd/netif/leases 0755 systemd-network systemd-network -
 
-z /var/log/journal 2755 root systemd-journal - -
-Z /var/log/journal/%m ~2755 root systemd-journal - -
 z /run/log/journal 2755 root systemd-journal - -
-Z /run/log/journal/%m ~2755 root systemd-journal - -
+Z /run/log/journal/%m ~2750 root systemd-journal - -
+
+z /var/log/journal 2755 root systemd-journal - -
+z /var/log/journal/%m 2755 root systemd-journal - -

More information about the systemd-commits mailing list