[systemd-devel] [PATCH] Fix permissions on new journal files
Greg KH
greg at kroah.com
Tue Apr 15 12:49:45 PDT 2014
On Tue, Mar 25, 2014 at 12:13:56PM -0400, Dave Reisner wrote:
> On Tue, Mar 25, 2014 at 09:09:57AM -0700, Greg KH wrote:
> > On Tue, Mar 25, 2014 at 12:01:01PM -0400, Dave Reisner wrote:
> > > On Tue, Mar 25, 2014 at 04:54:34PM +0100, Thomas Bächler wrote:
> > > > Am 25.03.2014 01:40, schrieb Lennart Poettering:
> > > > >> This is just a kludge... Why is system.journal to be treated differently?
> > > > >> It seems that the proper fix is to set the mode on the directory properly
> > > > >> during installation.
> > > > >
> > > > > Precisely, packaging script are expected to properly chown and setfacl
> > > > > the directory on install. From the .spec file in Fedora:
> > > >
> > > > This completely ignores the problem Dave mentions in his earlier post:
> > > > Volatile journals are owned by root:root.
> > >
> > > I talked to Lennart about this last night on IRC -- we agreed that the
> > > solution here is to introduce an 'M' action in the tmpfiles language
> > > which is a recursive version of 'm'.
> >
> > Cool, want me to code this up?
>
> Go right ahead!
Ok, I took a look at this today, at the systemd hackfest, and good news,
I think it's already implemented!
Look at the 'Z' option, it does the fixup of permissions in a recursive
manner. For good measure, it also fixes up the security permissions,
which is exactly what 'm' does as well.
I'll go test it out, to be sure...
thanks,
greg k-h
More information about the systemd-devel
mailing list