Bug 1268628

Summary: /usr/lib/tmpfiles.d/systemd.conf is broken
Product: [Fedora] Fedora Reporter: Harald Reindl <h.reindl>
Component: dracutAssignee: dracut-maint-list
Status: CLOSED EOL QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 22CC: dracut-maint-list, frankk74, harald, johannbg, jonathan, jsynacek, lnykryn, martin.wilck, msekleta, s, systemd-maint, zbyszek
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2016-07-19 18:06:06 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Description Harald Reindl 2015-10-03 23:10:41 UTC
what about maintainers reading their logfiles?

is it *really* that hard to grep systemlogs for the three words "error", "warning" and "failed"? what - it's nothing critical - well, why then this stuff exists at all if it's pointless?

Oct  4 01:06:19 testserver systemd-tmpfiles: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Oct  4 01:06:19 testserver systemd-tmpfiles: Failed to parse ACL "group:adm:r-x,group:wheel:r-x": Invalid argument. Ignoring
Oct  4 01:06:19 testserver systemd-tmpfiles: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Oct  4 01:06:19 testserver systemd-tmpfiles: Failed to parse ACL "group:adm:r-x,group:wheel:r-x": Invalid argument. Ignoring


[root@testserver:/usr/lib/tmpfiles.d]$ find.sh "d:group:adm:r-x,d:group:wheel" conf
/usr/lib/tmpfiles.d/systemd.conf

[root@testserver:/usr/lib/tmpfiles.d]$ rpm -q --file /usr/lib/tmpfiles.d/systemd.conf
systemd-219-24.fc22.x86_64

Comment 1 Harald Reindl 2015-12-02 10:07:21 UTC
it's just laughable that this bug now made it even to RHEL7.2 / CentOS CR

[root@backup-hosting:~]$ rpm -q systemd
systemd-219-19.el7.x86_64

Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "group:adm:r-x,group:wheel:r-x": Invalid argument. Ignoring
Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "d:group:adm:r-x,d:group:wheel:r-x": Invalid argument. Ignoring
Dec  2 11:03:28 backup-hosting systemd-tmpfiles: Failed to parse ACL "group:adm:r-x,group:wheel:r-x": Invalid argument. Ignoring

Comment 2 Harald Reindl 2015-12-02 12:48:57 UTC
https://bugzilla.redhat.com/show_bug.cgi?id=1287537 is not public

Comment 3 Lukáš Nykrýn 2015-12-03 09:15:06 UTC
Maybe the best way to fix this is to add those groups to dracut. Harald what do you think?

Comment 4 Lukáš Nykrýn 2015-12-03 09:16:37 UTC
Just to be clear, by Harald I mean Harald Hoyer :)

Comment 5 Frank K 2015-12-07 20:37:16 UTC
<Noob alert> Sorry if I am off base here. </Noob alert>

I think this might be simpler fix or at a least a work around.

I am not sure about the requirement for dracut updates but the workaround below seems to work without a code fix (but that doesn't mean one could not still be needed).

https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1480552 has this fix for what appears to be a typo from from systemd folks:

The removal of the faulty ",d" should fix this issue.

--- debian/patches/Fix-up-tmpfiles.d-permissions-properly.patch.orig 2015-08-04 15:28:25.000000000 +0200
+++ debian/patches/Fix-up-tmpfiles.d-permissions-properly.patch 2015-08-08 19:06:27.066553978 +0200
@@ -48,7 +48,7 @@
  m4_ifdef(`HAVE_ACL',``
 -a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
 -a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
-+a+ /var/log/journal/%m - - - - d:group:adm:r-x,d
++a+ /var/log/journal/%m - - - - d:group:adm:r-x
 +a+ /var/log/journal/%m - - - - group:adm:r-x
  '')m4_dnl

But after applying the fix a new initramfs needs to be build via dracut. This error was introduced in systemd 219:

systemd-tmpfiles --version
systemd 219
+PAM +AUDIT +SELINUX +IMA -APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ -LZ4 -SECCOMP +BLKID +ELFUTILS +KMOD +IDN

I checked on the systemd changelog and latest version of the code hasn't been changed anything in this area: 

https://github.com/systemd/systemd/blob/master/NEWS @228

https://github.com/systemd/systemd/blob/master/tmpfiles.d/systemd.conf.m4

/usr/lib/tmpfiles.d/systemd.conf still has the errors.

And this was the closest but not directly related issue.

https://github.com/systemd/systemd/issues/1397

If this is an accurate assessment does that mean someone (me) should log an issue with systemd folks?

Comment 6 Martin Wilck 2015-12-08 07:12:40 UTC
(In reply to Frank K from comment #5)
> <Noob alert> Sorry if I am off base here. </Noob alert>

sort of. That patch seems to fix a bug in Ubuntu which isn't directly related to the discussion here (although it may cause the same error message to be printed). AFAICS that bug was not present in Fedora and RHEL.

This bug here won't be fixed unless dracut defines group "wheel" and "adm" in the initrd.

Comment 8 Harald Reindl 2016-02-09 14:51:42 UTC
upstream don't help Fedora while simply read bootlogs would have prevented to make it in any stable release

Comment 9 Fedora End Of Life 2016-07-19 18:06:06 UTC
Fedora 22 changed to end-of-life (EOL) status on 2016-07-19. Fedora 22 is
no longer maintained, which means that it will not receive any further
security or bug fix updates. As a result we are closing this bug.

If you can reproduce this bug against a currently maintained version of
Fedora please feel free to reopen this bug against that version. If you
are unable to reopen this bug, please file a new report against the
current release. If you experience problems, please add a comment to this
bug.

Thank you for reporting this bug and we are sorry it could not be fixed.