|
 |
17b0f1 |
From 2a1f91ffc371f2bc3767a806ff387517ff9b9fc8 Mon Sep 17 00:00:00 2001
|
|
|
17b0f1 |
From: Lennart Poettering <lennart@poettering.net>
|
|
|
17b0f1 |
Date: Thu, 9 Jul 2015 18:43:55 -0300
|
|
|
17b0f1 |
Subject: [PATCH] tmpfiles: don't recursively descend into journal directories
|
|
|
17b0f1 |
in /var
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Do so only in /run. We shouldn't alter ACLs for existing files in /var,
|
|
|
17b0f1 |
but only for new files. If the admin made changes to the ACLs they
|
|
|
17b0f1 |
shouls stay in place.
|
|
|
17b0f1 |
|
|
|
17b0f1 |
We should still do recursive ACL changes for files in /run, since those
|
|
|
17b0f1 |
are not persistent, and will hence lack ACLs on every boot.
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Also, /var/log/journal might be quit large, /run/log/journal is usually
|
|
|
17b0f1 |
not, hence we should avoid the recursive descending on /var, but not on
|
|
|
17b0f1 |
/run.
|
|
|
17b0f1 |
|
|
|
17b0f1 |
Fixes #534
|
|
|
17b0f1 |
|
|
|
17b0f1 |
(cherry picked from commit 8b258a645ae63dff3ab8dde6520d2e770e2a40f1)
|
|
|
17b0f1 |
Related: #1411199
|
|
|
17b0f1 |
---
|
|
|
17b0f1 |
tmpfiles.d/systemd.conf.m4 | 2 +-
|
|
|
17b0f1 |
1 file changed, 1 insertion(+), 1 deletion(-)
|
|
|
17b0f1 |
|
|
|
17b0f1 |
diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
|
|
|
17b0f1 |
index b447b01f58..d9d51af929 100644
|
|
|
17b0f1 |
--- a/tmpfiles.d/systemd.conf.m4
|
|
|
17b0f1 |
+++ b/tmpfiles.d/systemd.conf.m4
|
|
|
17b0f1 |
@@ -35,7 +35,7 @@ z /var/log/journal 2755 root systemd-journal - -
|
|
|
17b0f1 |
z /var/log/journal/%m 2755 root systemd-journal - -
|
|
|
17b0f1 |
m4_ifdef(`HAVE_ACL',``
|
|
|
17b0f1 |
a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
|
|
|
17b0f1 |
-A+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
|
|
|
17b0f1 |
+a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
|
|
|
17b0f1 |
'')m4_dnl
|
|
|
17b0f1 |
|
|
|
17b0f1 |
d /var/lib/systemd 0755 root root -
|