On 5 October 2015 at 12:20, Michael Biebl <[email protected]> wrote: > Am 05.10.2015 um 13:57 schrieb Raphaël Halimi: >> Le 05/10/2015 13:21, Michael Biebl a écrit : >>> Apparently the files were created before the ACLs have been set for >>> /var/log/journal/3deacfa10d0c169adfdeb36c50522bd6 >>> so the journal files that were created did not inherit the correct ACLs >>> from the parent directory. >>> >>> Possibly you created /var/log/journal or set Storage=persistent, but did >>> *not* reboot the system afterwards, which would trigger systemd-tmpfiles >>> to be run. And once you restart systemd-journald (which can happen by >>> systemd update), the journal files were created without the ACLs set. >>> >>> On next reboot, the systemd.conf tmpfile did apply the ACL for the >>> directory, but it was too late at that point. >> >> No, I rebooted immediately after creating the directory. > > Hm, right. There might be a race condition during boot, where > systemd-journald-flush.service is started before systemd-tmpfiles.service. > We could order systemd-journald-flush.service *after* > systemd-tmpfiles.service. > > But, when using Storage=persistent, journald will create the directory > /var/log/journal/ itself. So this won't help in that case, unless > systemd-journald re-added the code to apply ACLs itself.
That would be a bug in (upstream) systemd, I think. Journald appears to set the ACL on new files but not on the /v/l/j directory. > > This change sucks from a user experience POV, as you basically now need > to make sure to apply the correct ACL yourself. I think the supplied ACL > rule in /usr/lib/tmpfiles.d/systemd.conf is pretty much useless. > > Martin, any ideas? I think a reasonable alternative is to ship using Storage=volatile by default, and ship the directory in the package (or create it in postinst). -- Saludos, Felipe Sateler _______________________________________________ Pkg-systemd-maintainers mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
