[systemd-devel] [PATCH] Fix permissions on new journal files

Greg KH gregkh at linuxfoundation.org
Thu Apr 17 21:44:04 PDT 2014


On Fri, Apr 18, 2014 at 05:59:46AM +0200, Zbigniew Jędrzejewski-Szmek wrote:
> On Tue, Apr 15, 2014 at 02:12:01PM -0700, Greg KH wrote:
> > When starting up journald on a new system, set the proper permissions on
> > the system.journal files, not only on the journal directory.
> > 
> > 
> > diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
> > index 7c6d6b9099b9..c47004532151 100644
> > --- a/tmpfiles.d/systemd.conf
> > +++ b/tmpfiles.d/systemd.conf
> > @@ -23,6 +23,6 @@ d /run/systemd/machines 0755 root root -
> >  d /run/systemd/shutdown 0755 root root -
> >  
> >  m /var/log/journal 2755 root systemd-journal - -
> > -m /var/log/journal/%m 2755 root systemd-journal - -
> > +Z /var/log/journal/%m 2755 root systemd-journal - -
> >  m /run/log/journal 2755 root systemd-journal - -
> > -m /run/log/journal/%m 2755 root systemd-journal - -
> > +Z /run/log/journal/%m 2755 root systemd-journal - -
> Applied.
> 
> Now I'm confused -- is there any difference between m and z? But that
> question is not important for this patch.

z can take a file glob, but m can not, that's the only difference I
found.

And yes, it's confusing, the documentation could be made a lot better
here, z and Z don't just do "security labeling", they also do what m
does.

Messy, but I don't really know how to change it this late, do you?

thanks,

greg k-h


More information about the systemd-devel mailing list