Bug 1570359
Summary: | RFE: convert systemd scriptlets to use systemd-tmpfiles and drop dependency on acl | ||
---|---|---|---|
Product: | [Fedora] Fedora | Reporter: | Tomasz Kłoczko <kloczko.tomasz> |
Component: | systemd | Assignee: | systemd-maint |
Status: | CLOSED CURRENTRELEASE | QA Contact: | Fedora Extras Quality Assurance <extras-qa> |
Severity: | unspecified | Docs Contact: | |
Priority: | unspecified | ||
Version: | rawhide | CC: | dtardon, lnykryn, msekleta, s, systemd-maint, zbyszek |
Target Milestone: | --- | ||
Target Release: | --- | ||
Hardware: | Unspecified | ||
OS: | Unspecified | ||
Whiteboard: | |||
Fixed In Version: | Doc Type: | If docs needed, set a value | |
Doc Text: | Story Points: | --- | |
Clone Of: | Environment: | ||
Last Closed: | 2022-08-23 16:53:24 UTC | Type: | Bug |
Regression: | --- | Mount Type: | --- |
Documentation: | --- | CRM: | |
Verified Versions: | Category: | --- | |
oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
Cloudforms Team: | --- | Target Upstream Version: | |
Embargoed: |
Description
Tomasz Kłoczko
2018-04-22 09:51:47 UTC
Another aspect of this change is that instead adding such hacks in %post rpm should be be able to handle %acl() the same way as it is not possible to use %caps() Method chosen to start use acl IMO it is kind of dirty hack. Any issues with acl will be not reported on "rpm -V systemd" systemd has been using acls since a long long time (probably not at the very beginning, but since around the time journald was first introduced). Various systemd binaries link to libacl, so libacl (which is bigger) was already required. I guess we could avoid the dependency on acl by converting that scriptlet to call systemd-tmpfiles instead. I'd be happy to take a patch for that. I've not been asking is systemd using libacl or not. I've been pointing on growing list of dependencies :) That is first. Second thing. I've one more time looked at setfacl params and looks like it gives the access to two groups: wheel and adm to allow change directory below /var/log/journal/ I don't see anything which is using ATM adm group. IMO this setfacl can be dropped as it is only about access to the directories below. Something like root:wheel/750 should be OK. "Requires(post): acl" has been in the spec file since 2013. adm is a group traditionally used to give access to logs to "helper admins" and such. It doesn't have to be used internally in the distribution to be useful. > adm is a group traditionally used to give access to logs to "helper admins" and such.
Yes, traditionally but on Solaris ..
Just try to have look on content of /var/log you will find that none of the files/directories are owned by adm group.
In other words this facl "fixes" imaginary issue.
Seems to work here: $ groups guest $ journalctl -b --system|wc 0 0 0 ... $ groups guest adm $ journalctl -b --system|wc 32181 402852 4150713 |