Am 05.10.2015 um 13:57 schrieb Raphaël Halimi: > Le 05/10/2015 13:21, Michael Biebl a écrit : >> Apparently the files were created before the ACLs have been set for >> /var/log/journal/3deacfa10d0c169adfdeb36c50522bd6 >> so the journal files that were created did not inherit the correct ACLs >> from the parent directory. >> >> Possibly you created /var/log/journal or set Storage=persistent, but did >> *not* reboot the system afterwards, which would trigger systemd-tmpfiles >> to be run. And once you restart systemd-journald (which can happen by >> systemd update), the journal files were created without the ACLs set. >> >> On next reboot, the systemd.conf tmpfile did apply the ACL for the >> directory, but it was too late at that point. > > No, I rebooted immediately after creating the directory.
Hm, right. There might be a race condition during boot, where systemd-journald-flush.service is started before systemd-tmpfiles.service. We could order systemd-journald-flush.service *after* systemd-tmpfiles.service. But, when using Storage=persistent, journald will create the directory /var/log/journal/ itself. So this won't help in that case, unless systemd-journald re-added the code to apply ACLs itself. This change sucks from a user experience POV, as you basically now need to make sure to apply the correct ACL yourself. I think the supplied ACL rule in /usr/lib/tmpfiles.d/systemd.conf is pretty much useless. Martin, any ideas? Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Pkg-systemd-maintainers mailing list Pkg-systemd-maintainers@lists.alioth.debian.org http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/pkg-systemd-maintainers
