[systemd-devel] [PATCH] journal: grant systemd-journal group permission
Lennart Poettering
lennart at poettering.net
Wed Oct 22 14:53:37 PDT 2014
On Fri, 29.08.14 22:03, WaLyong Cho (walyong.cho at samsung.com) wrote:
> On 08/27/2014 02:55 AM, Lennart Poettering wrote:
> > On Tue, 26.08.14 15:43, WaLyong Cho (walyong.cho at samsung.com) wrote:
> >
> >> There is no Bofore= or After= dependencies between
> >> systemd-journald.service and systemd-tmpfiles-setup.service. So if both
> >> "/run/log/journal" and "/var/log/journal" does not exist then those can
> >> be make as root:root and also its ids directory and journal files. To
> >> make sure, do chown systemd-journal group to journal directories and
> >> files.
> >
> > Hmm? /run/log/journal will be recursively updated, and /var/log/journal
> > is not created by journald ever, but only by tmpfiles, which uses g+s to
> > ensure all files that will be created have the right owner from the
> > beginning.
> >
> I hope you test like me. Set *Storage=persistent* in journald.conf and
> remove(back it up to other) "/var/log/journal" and restart.
Ah, umm. Yuck. Storage=persistent is indeed a different case...
Hmm, not sure what we can do here. We cannot do NSS lookups in
journald though, we need to find another way.
Hmm, one idea is to make systemd-journal-flush synchronous, and then
order it before systemd-tmpfiles. That way, if Storage=persistent is
set we would *know* that the dir is first created, and tmpfiles could
then just adjust the ACLs for it...
However, making systemd-journal-flush isn't that easy I fear. It would
be easy if we had dbus as IPC, but that's something we cannot use
unless we have kdbus, since we cannot allow a cyclic loop between
dbus-daemon logging to journald, and journald waiting for dbus....
I need to think about this more...
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list