On Tue, 26.08.14 15:43, WaLyong Cho (walyong....@samsung.com) wrote:
> There is no Bofore= or After= dependencies between
> systemd-journald.service and systemd-tmpfiles-setup.service. So if both
> "/run/log/journal" and "/var/log/journal" does not exist then those can
> be make as root:root and also its ids directory and journal files. To
> make sure, do chown systemd-journal group to journal directories and
> files.
Hmm? /run/log/journal will be recursively updated, and /var/log/journal
is not created by journald ever, but only by tmpfiles, which uses g+s to
ensure all files that will be created have the right owner from the
beginning.
> +static int chown_group_systemd_journal(const char *path) {
> + int r;
> + gid_t gid;
> + _cleanup_free_ char *journal_group = NULL;
> +
> + r = in_group("systemd-journal");
> + if (r < 0)
> + return r;
> +
> + r = access(path, F_OK);
> + if (r < 0)
> + return -errno;
> +
> + r = asprintf(&journal_group, "systemd-journal");
> + if (r < 0)
> + return -ENOMEM;
> +
> + r = get_group_creds((const char **)&journal_group, &gid);
> + if (r < 0)
> + return r;
We cannot do this. This internally invokes getpwent() which is an NSS
calls. NSS calls might end up being IPC calls to some external daemon,
which might want to log, back into journald. This hence means we'd have
a cyclic dependency.
journald is not allowed to *ever* do NSS calls (and neither is PID 1
actually). We must apply the ownership from the outside via tmpfiles or
so hence.
Lennart
--
Lennart Poettering, Red Hat
_______________________________________________
systemd-devel mailing list
systemd-devel@lists.freedesktop.org
http://lists.freedesktop.org/mailman/listinfo/systemd-devel
