Bug 1411199 - systemd-tmpfiles will not update existing journal files
Summary: systemd-tmpfiles will not update existing journal files
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: systemd
Version: 7.3
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: rc
: ---
Assignee: Jan Synacek
QA Contact: Frantisek Sumsal
URL:
Whiteboard:
: 1446991 (view as bug list)
Depends On:
Blocks: 74systemd
TreeView+ depends on / blocked
 
Reported: 2017-01-09 04:54 UTC by Alois Mahdal
Modified: 2017-08-01 09:14 UTC (History)
7 users (show)

Fixed In Version: systemd-219-40.el7
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2017-08-01 09:14:52 UTC


Attachments (Terms of Use)
patch (2.04 KB, patch)
2017-03-07 13:36 UTC, Jan Synacek
no flags Details | Diff


Links
System ID Priority Status Summary Last Updated
Red Hat Product Errata RHBA-2017:2297 normal SHIPPED_LIVE systemd bug fix and enhancement update 2017-08-01 12:40:16 UTC

Description Alois Mahdal 2017-01-09 04:54:32 UTC
Description of problem
======================

systemd-tmpfiles will not set up persistent journal storage properly.
If storage already contains files, their ACL/ownership will not be
changed.


Version-Release number of selected component
============================================

systemd-219-30.el7


How reproducible
================

Always


Steps to Reproduce
==================

 1. rm -rf /var/log/journal
 2. systemctl restart systemd-journald.service
    This already generates /var/log/journal/<ID>/system.journal
 3. systemd-tmpfiles --create --prefix /var/log/journal
 4. observe system.journal


Actual results
==============

Group is root.


Expected results
================

Group should be systemd-journal, i.e. member of this group should be
able to read this file.


Additional info
===============

This does not appear in case of volatile storage; in that case /run/log
seems to be updated correctly.  Also it does not happen on Fedora 24,
so this could have already been fixed (intentionally or not).

Following is diff of /usr/lib/tmpfiles.d/systemd.conf from RHEL7 and
Fedora 24 (229-16.fc24):

    --- systemd-rhel7.conf	2017-01-09 05:25:23.640695553 +0100
    +++ systemd.conf	2017-01-09 05:25:00.682352824 +0100
    @@ -30,9 +30,13 @@

     z /var/log/journal 2755 root systemd-journal - -
     z /var/log/journal/%m 2755 root systemd-journal - -
    +z /var/log/journal/%m/system.journal 0640 root systemd-journal - -

    +a+ /var/log/journal    - - - - d:group:adm:r-x,d:group:wheel:r-x
    +a+ /var/log/journal    - - - - group:adm:r-x,group:wheel:r-x
     a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
    -A+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
    +a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
    +a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--

     d /var/lib/systemd 0755 root root -
     d /var/lib/systemd/coredump 0755 root root 3d

Comment 2 Alois Mahdal 2017-02-21 18:31:08 UTC
Note that alternative way to test this is to remove workaround from:

    /CoreOS/systemd/Sanity/journalctl-permissions

and re-run it against new build.

Comment 3 Jan Synacek 2017-03-07 13:36:09 UTC
Created attachment 1260800 [details]
patch

Since the patched file is not in the repo, I cannot submit a PR for this.

Comment 4 Jan Synacek 2017-05-09 10:12:36 UTC
Meanwhile, the file has gotten into the repo, I can file a proper PR now.

https://github.com/lnykryn/systemd-rhel/pull/120

Comment 5 Jan Synacek 2017-05-09 10:13:21 UTC
(In reply to Jan Synacek from comment #4)
> Meanwhile, the file has gotten into the repo, I can file a proper PR now.

I mean, I can now properly patch the .m4 file that generates the tmpfiles snippet...

Comment 6 Jan Synacek 2017-05-15 12:00:09 UTC
*** Bug 1446991 has been marked as a duplicate of this bug. ***

Comment 10 errata-xmlrpc 2017-08-01 09:14:52 UTC
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory, and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHBA-2017:2297


Note You need to log in before you can comment on or make changes to this bug.