Description of problem
systemd-tmpfiles will not set up persistent journal storage properly.
If storage already contains files, their ACL/ownership will not be
Version-Release number of selected component
Steps to Reproduce
1. rm -rf /var/log/journal
2. systemctl restart systemd-journald.service
This already generates /var/log/journal/<ID>/system.journal
3. systemd-tmpfiles --create --prefix /var/log/journal
4. observe system.journal
Group is root.
Group should be systemd-journal, i.e. member of this group should be
able to read this file.
This does not appear in case of volatile storage; in that case /run/log
seems to be updated correctly. Also it does not happen on Fedora 24,
so this could have already been fixed (intentionally or not).
Following is diff of /usr/lib/tmpfiles.d/systemd.conf from RHEL7 and
Fedora 24 (229-16.fc24):
--- systemd-rhel7.conf 2017-01-09 05:25:23.640695553 +0100
+++ systemd.conf 2017-01-09 05:25:00.682352824 +0100
@@ -30,9 +30,13 @@
z /var/log/journal 2755 root systemd-journal - -
z /var/log/journal/%m 2755 root systemd-journal - -
+z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
+a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x
+a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
-A+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
d /var/lib/systemd 0755 root root -
d /var/lib/systemd/coredump 0755 root root 3d
Note that alternative way to test this is to remove workaround from:
and re-run it against new build.
Created attachment 1260800 [details]
Since the patched file is not in the repo, I cannot submit a PR for this.
Meanwhile, the file has gotten into the repo, I can file a proper PR now.
(In reply to Jan Synacek from comment #4)
> Meanwhile, the file has gotten into the repo, I can file a proper PR now.
I mean, I can now properly patch the .m4 file that generates the tmpfiles snippet...
*** Bug 1446991 has been marked as a duplicate of this bug. ***
fix merged to upstream staging branch ->
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.
For information on the advisory, and where to find the updated
files, follow the link below.
If the solution does not work for you, open a new bug report.