Bug 1268628

it's just laughable that this bug now made it even to RHEL7.2 / CentOS CR

[root@backup-hosting:~]$ rpm -q systemd
systemd-219-19.el7.x86_64

Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "group:adm:r-x,group:wheel:r-x": Invalid argument. Ignoring
Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "group:adm:r-x,group:wheel:r-x": Invalid argument. Ignoring

https://bugzilla.redhat.com/show_bug.cgi?id=1287537 is not public

Maybe the best way to fix this is to add those groups to dracut. Harald what do you think?

Just to be clear, by Harald I mean Harald Hoyer :)

<Noob alert> Sorry if I am off base here. </Noob alert>

I think this might be simpler fix or at a least a work around.

I am not sure about the requirement for dracut updates but the workaround below seems to work without a code fix (but that doesn't mean one could not still be needed).

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1480552 has this fix for what appears to be a typo from from systemd folks:

The removal of the faulty ",d" should fix this issue.

--- debian/patches/Fix-up-tmpfiles.d-permissions-properly.patch.orig 2015-08-04 15:28:25.000000000 +0200
+++ debian/patches/Fix-up-tmpfiles.d-permissions-properly.patch 2015-08-08 19:06:27.066553978 +0200
@@ -48,7 +48,7 @@
  m4_ifdef(`HAVE_ACL',``
 -a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
 -a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
-+a+ /var/log/journal/%m - - - - d:group:adm:r-x,d
++a+ /var/log/journal/%m - - - - d:group:adm:r-x
 +a+ /var/log/journal/%m - - - - group:adm:r-x
  '')m4_dnl

But after applying the fix a new initramfs needs to be build via dracut. This error was introduced in systemd 219:

systemd-tmpfiles --version
systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

I checked on the systemd changelog and latest version of the code hasn't been changed anything in this area: 

https://github.com/systemd/systemd/blob/master/NEWS @228

https://github.com/systemd/systemd/blob/master/tmpfiles.d/systemd.conf.m4

/usr/lib/tmpfiles.d/systemd.conf still has the errors.

And this was the closest but not directly related issue.

https://github.com/systemd/systemd/issues/1397

If this is an accurate assessment does that mean someone (me) should log an issue with systemd folks?

(In reply to Frank K from comment #5)
> <Noob alert> Sorry if I am off base here. </Noob alert>

sort of. That patch seems to fix a bug in Ubuntu which isn't directly related to the discussion here (although it may cause the same error message to be printed). AFAICS that bug was not present in Fedora and RHEL.

This bug here won't be fixed unless dracut defines group "wheel" and "adm" in the initrd.

already upstream
https://github.com/haraldh/dracut/commit/1bcb63f97c0168ff91b9d930bb31ad32fb1f2976

upstream don't help Fedora while simply read bootlogs would have prevented to make it in any stable release

Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.