On Wed, 22.10.14 23:53, Lennart Poettering (lenn...@poettering.net) wrote: > On Fri, 29.08.14 22:03, WaLyong Cho (walyong....@samsung.com) wrote: > > > On 08/27/2014 02:55 AM, Lennart Poettering wrote: > > > On Tue, 26.08.14 15:43, WaLyong Cho (walyong....@samsung.com) wrote: > > > > > >> There is no Bofore= or After= dependencies between > > >> systemd-journald.service and systemd-tmpfiles-setup.service. So if both > > >> "/run/log/journal" and "/var/log/journal" does not exist then those can > > >> be make as root:root and also its ids directory and journal files. To > > >> make sure, do chown systemd-journal group to journal directories and > > >> files. > > > > > > Hmm? /run/log/journal will be recursively updated, and /var/log/journal > > > is not created by journald ever, but only by tmpfiles, which uses g+s to > > > ensure all files that will be created have the right owner from the > > > beginning. > > > > > I hope you test like me. Set *Storage=persistent* in journald.conf and > > remove(back it up to other) "/var/log/journal" and restart. > > Ah, umm. Yuck. Storage=persistent is indeed a different case... > > Hmm, not sure what we can do here. We cannot do NSS lookups in > journald though, we need to find another way. > > Hmm, one idea is to make systemd-journal-flush synchronous, and then > order it before systemd-tmpfiles. That way, if Storage=persistent is > set we would *know* that the dir is first created, and tmpfiles could > then just adjust the ACLs for it... > > However, making systemd-journal-flush isn't that easy I fear. It would > be easy if we had dbus as IPC, but that's something we cannot use > unless we have kdbus, since we cannot allow a cyclic loop between > dbus-daemon logging to journald, and journald waiting for dbus.... > > I need to think about this more...
OK, I thought a bit about this more. And now changed systemd-journal-flush.service to be asynchronous, so that it can be ordered before systemd-tmpfiles-setup.service and the ownership of the dirs can be correctly applied. Please give this a test run. I implemented this via a new "journalctl --flush" command which will first send SIGUSR1 to journald, and then wait for /run/systemd/journal/flushed to appear in the FS which is what journald uses internally to remember if it already flushed the journal or not. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
