Bug#800947: ACL for /var/log/journal not set for group adm

[Felipe Sateler]

On 7 October 2015 at 12:17, Josh Triplett <josh at joshtriplett.org> wrote:
> On Wed, 7 Oct 2015 13:55:30 +0200 Michael Biebl <biebl at debian.org> wrote:
>> Am 05.10.2015 um 17:35 schrieb Felipe Sateler:
>> > I think a reasonable alternative is to ship using Storage=volatile by
>> > default, and ship the directory in the package (or create it in
>> > postinst).
>>
>> After thinking more about this, I think this is the only sane solution:
>> - Ship /var/log/journal in the systemd package
>> - Apply the ACL to /var/log/journal (not the subdirectory) in postinst
>> - Set the default from auto to volatile
>> - If a user had already created a /var/log/journal directory, check for
>> that in preinst and create a journald.conf.d snippet setting
>> Storage=persistent
>> - Update the instructions in README.Debian how to enable persistent
>> journal. Recommend to use a drop-in config in
>> /etc/systemd/journald.conf.d/ containing
>>
>> [Journal]
>> Storage=persistent
>>
>>
>> I don't see a way how we can make Storage=auto work properly.
>>
>> A nice side-effect of no-longer using Storage=auto would be, that we
>> could make systemd-container ship /var/log/journal/remote without problems.
>>
>>
>> Thoughts?
>
> This seems like the right answer.  Would you also consider providing a
> package ("systemd-journal-persistent") that 1) ships an
> /etc/systemd/journald.conf.d/systemd-journal-persistent.conf with that
> snippet, and 2) Provides system-log-daemon and linux-kernel-log-daemon,
> just as syslog daemon packages do?  That would make it much easier to
> configure systems to use the journal as their primary log/syslog without
> duplication.

I don't think system-log-daemon is an interface that promises
persistent logging. Otherwise the packages having Depends:
system-log-daemon (there are some) should have bugs filed against
them, as they would not be able to run in volatile systems.

-- 

Saludos,
Felipe Sateler