Bug#800947: ACL for /var/log/journal not set for group adm

[Felipe Sateler]

On 5 October 2015 at 12:20, Michael Biebl <biebl at debian.org> wrote:
> Am 05.10.2015 um 13:57 schrieb Raphaël Halimi:
>> Le 05/10/2015 13:21, Michael Biebl a écrit :
>>> Apparently the files were created before the ACLs have been set for
>>> /var/log/journal/3deacfa10d0c169adfdeb36c50522bd6
>>> so the journal files that were created did not inherit the correct ACLs
>>> from the parent directory.
>>>
>>> Possibly you created /var/log/journal or set Storage=persistent, but did
>>> *not* reboot the system afterwards, which would trigger systemd-tmpfiles
>>> to be run. And once you restart systemd-journald (which can happen by
>>> systemd update), the journal files were created without the ACLs set.
>>>
>>> On next reboot, the systemd.conf tmpfile did apply the ACL for the
>>> directory, but it was too late at that point.
>>
>> No, I rebooted immediately after creating the directory.
>
> Hm, right. There might be a race condition during boot, where
> systemd-journald-flush.service is started before systemd-tmpfiles.service.
> We could order systemd-journald-flush.service *after*
> systemd-tmpfiles.service.
>
> But, when using Storage=persistent, journald will create the directory
> /var/log/journal/ itself. So this won't help in that case, unless
> systemd-journald re-added the code to apply ACLs itself.

That would be a bug in (upstream) systemd, I think. Journald appears
to set the ACL on new files but not on the /v/l/j directory.

>
> This change sucks from a user experience POV, as you basically now need
> to make sure to apply the correct ACL yourself. I think the supplied ACL
> rule in /usr/lib/tmpfiles.d/systemd.conf is pretty much useless.
>
> Martin, any ideas?

I think a reasonable alternative is to ship using Storage=volatile by
default, and ship the directory in the package (or create it in
postinst).



-- 

Saludos,
Felipe Sateler