Re: [systemd-devel] systemd 211 journal getting created with different permissions
On Tue, Mar 11, 2014 at 10:44:17PM -0700, Greg KH wrote: On Tue, Mar 11, 2014 at 09:41:50PM -0700, Greg KH wrote: On Tue, Mar 11, 2014 at 08:38:58PM -0700, Greg KH wrote: On Wed, Mar 12, 2014 at 04:21:55AM +0200, Mantas Mikulėnas wrote: On Wed, Mar 12, 2014 at 3:46 AM, Greg KH gre...@linuxfoundation.org wrote: Hi all, With systemd 211, a new journal file is getting created with permissions of root:root instead of root:systemd-journal like previously (210 and prior). I looked at the git log and can't see anything obvious that would have caused this. Is this intentional? Or something on my end with my system's configuration? Normally the journal files just inherit the group of /var/log/journal, which has the setgid bit (and the correct group) set by /usr/lib/tmpfiles.d/systemd.conf. I thought so, and this worked on 210, and the permissions of /var/log/journal/ is correct: drwxr-sr-x 2 root systemd-journal 4096 Mar 12 01:36 0da484f8dee497fee9585ba9531fb7f1 If you ran `make install`, however, it would chown /var/log/journal to 0:0 until the next time systemd-tmpfiles ran. This gets created by the ebuild (this is on CoreOs), and the 210 ebuild worked, so what is different here? Apologies, I can now reproduce this on systemd 210, so this isn't a 211 issue from what I can tell just yet, sorry for the noise. In looking at this further, the /usr/lib/tmpfiles.d/systemd.conf will not change the permissions on the journald file, only the directory: m /var/log/journal 2755 root systemd-journal - - m /var/log/journal/%m 2755 root systemd-journal - - m /run/log/journal 2755 root systemd-journal - - m /run/log/journal/%m 2755 root systemd-journal - - So what is supposed to set the permissions on the journal file(s) that live in /var/log/journal/%m/ ? Let me do a build with 207 and see how that handles this issue... Ah, found it. Commit 4608af4333d0f7f5f8e3bc632801b04ef07d246d is the issue. We moved from handling the mode internally, in 207, to using the tmpfiles.d infrastructure in 208. On systems that previously were working on 207, if you upgrade, the permissions are set properly from 207. But, for 208, this changed :( So, what's the odds that file globbing works with tmpfile.d, time to rebuild... greg k-h ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd 211 journal getting created with different permissions
On Tue, Mar 11, 2014 at 11:08:59PM -0700, Greg KH wrote: On Tue, Mar 11, 2014 at 10:44:17PM -0700, Greg KH wrote: On Tue, Mar 11, 2014 at 09:41:50PM -0700, Greg KH wrote: On Tue, Mar 11, 2014 at 08:38:58PM -0700, Greg KH wrote: On Wed, Mar 12, 2014 at 04:21:55AM +0200, Mantas Mikulėnas wrote: On Wed, Mar 12, 2014 at 3:46 AM, Greg KH gre...@linuxfoundation.org wrote: Hi all, With systemd 211, a new journal file is getting created with permissions of root:root instead of root:systemd-journal like previously (210 and prior). I looked at the git log and can't see anything obvious that would have caused this. Is this intentional? Or something on my end with my system's configuration? Normally the journal files just inherit the group of /var/log/journal, which has the setgid bit (and the correct group) set by /usr/lib/tmpfiles.d/systemd.conf. I thought so, and this worked on 210, and the permissions of /var/log/journal/ is correct: drwxr-sr-x 2 root systemd-journal 4096 Mar 12 01:36 0da484f8dee497fee9585ba9531fb7f1 If you ran `make install`, however, it would chown /var/log/journal to 0:0 until the next time systemd-tmpfiles ran. This gets created by the ebuild (this is on CoreOs), and the 210 ebuild worked, so what is different here? Apologies, I can now reproduce this on systemd 210, so this isn't a 211 issue from what I can tell just yet, sorry for the noise. In looking at this further, the /usr/lib/tmpfiles.d/systemd.conf will not change the permissions on the journald file, only the directory: m /var/log/journal 2755 root systemd-journal - - m /var/log/journal/%m 2755 root systemd-journal - - m /run/log/journal 2755 root systemd-journal - - m /run/log/journal/%m 2755 root systemd-journal - - So what is supposed to set the permissions on the journal file(s) that live in /var/log/journal/%m/ ? Let me do a build with 207 and see how that handles this issue... Ah, found it. Commit 4608af4333d0f7f5f8e3bc632801b04ef07d246d is the issue. We moved from handling the mode internally, in 207, to using the tmpfiles.d infrastructure in 208. On systems that previously were working on 207, if you upgrade, the permissions are set properly from 207. But, for 208, this changed :( So, what's the odds that file globbing works with tmpfile.d, time to rebuild... It works well enough, the following patch fixes the issue for me: diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf index 7c6d6b9099b9..1aeb5e40f1ee 100644 --- a/tmpfiles.d/systemd.conf +++ b/tmpfiles.d/systemd.conf @@ -24,5 +24,7 @@ d /run/systemd/shutdown 0755 root root - m /var/log/journal 2755 root systemd-journal - - m /var/log/journal/%m 2755 root systemd-journal - - +m /var/log/journal/%m/system.journal 2755 root systemd-journal - - m /run/log/journal 2755 root systemd-journal - - m /run/log/journal/%m 2755 root systemd-journal - - +m /run/log/journal/%m/system.journal 2755 root systemd-journal - - ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd 211 journal getting created with different permissions
On Wed, Mar 12, 2014 at 3:46 AM, Greg KH gre...@linuxfoundation.org wrote: Hi all, With systemd 211, a new journal file is getting created with permissions of root:root instead of root:systemd-journal like previously (210 and prior). I looked at the git log and can't see anything obvious that would have caused this. Is this intentional? Or something on my end with my system's configuration? Normally the journal files just inherit the group of /var/log/journal, which has the setgid bit (and the correct group) set by /usr/lib/tmpfiles.d/systemd.conf. If you ran `make install`, however, it would chown /var/log/journal to 0:0 until the next time systemd-tmpfiles ran. -- Mantas Mikulėnas graw...@gmail.com ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd 211 journal getting created with different permissions
On Wed, Mar 12, 2014 at 04:21:55AM +0200, Mantas Mikulėnas wrote: On Wed, Mar 12, 2014 at 3:46 AM, Greg KH gre...@linuxfoundation.org wrote: Hi all, With systemd 211, a new journal file is getting created with permissions of root:root instead of root:systemd-journal like previously (210 and prior). I looked at the git log and can't see anything obvious that would have caused this. Is this intentional? Or something on my end with my system's configuration? Normally the journal files just inherit the group of /var/log/journal, which has the setgid bit (and the correct group) set by /usr/lib/tmpfiles.d/systemd.conf. I thought so, and this worked on 210, and the permissions of /var/log/journal/ is correct: drwxr-sr-x 2 root systemd-journal 4096 Mar 12 01:36 0da484f8dee497fee9585ba9531fb7f1 If you ran `make install`, however, it would chown /var/log/journal to 0:0 until the next time systemd-tmpfiles ran. This gets created by the ebuild (this is on CoreOs), and the 210 ebuild worked, so what is different here? confused, greg k-h ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd 211 journal getting created with different permissions
On Tue, Mar 11, 2014 at 08:38:58PM -0700, Greg KH wrote: On Wed, Mar 12, 2014 at 04:21:55AM +0200, Mantas Mikulėnas wrote: On Wed, Mar 12, 2014 at 3:46 AM, Greg KH gre...@linuxfoundation.org wrote: Hi all, With systemd 211, a new journal file is getting created with permissions of root:root instead of root:systemd-journal like previously (210 and prior). I looked at the git log and can't see anything obvious that would have caused this. Is this intentional? Or something on my end with my system's configuration? Normally the journal files just inherit the group of /var/log/journal, which has the setgid bit (and the correct group) set by /usr/lib/tmpfiles.d/systemd.conf. I thought so, and this worked on 210, and the permissions of /var/log/journal/ is correct: drwxr-sr-x 2 root systemd-journal 4096 Mar 12 01:36 0da484f8dee497fee9585ba9531fb7f1 If you ran `make install`, however, it would chown /var/log/journal to 0:0 until the next time systemd-tmpfiles ran. This gets created by the ebuild (this is on CoreOs), and the 210 ebuild worked, so what is different here? Apologies, I can now reproduce this on systemd 210, so this isn't a 211 issue from what I can tell just yet, sorry for the noise. greg k-h ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
Re: [systemd-devel] systemd 211 journal getting created with different permissions
On Tue, Mar 11, 2014 at 09:41:50PM -0700, Greg KH wrote: On Tue, Mar 11, 2014 at 08:38:58PM -0700, Greg KH wrote: On Wed, Mar 12, 2014 at 04:21:55AM +0200, Mantas Mikulėnas wrote: On Wed, Mar 12, 2014 at 3:46 AM, Greg KH gre...@linuxfoundation.org wrote: Hi all, With systemd 211, a new journal file is getting created with permissions of root:root instead of root:systemd-journal like previously (210 and prior). I looked at the git log and can't see anything obvious that would have caused this. Is this intentional? Or something on my end with my system's configuration? Normally the journal files just inherit the group of /var/log/journal, which has the setgid bit (and the correct group) set by /usr/lib/tmpfiles.d/systemd.conf. I thought so, and this worked on 210, and the permissions of /var/log/journal/ is correct: drwxr-sr-x 2 root systemd-journal 4096 Mar 12 01:36 0da484f8dee497fee9585ba9531fb7f1 If you ran `make install`, however, it would chown /var/log/journal to 0:0 until the next time systemd-tmpfiles ran. This gets created by the ebuild (this is on CoreOs), and the 210 ebuild worked, so what is different here? Apologies, I can now reproduce this on systemd 210, so this isn't a 211 issue from what I can tell just yet, sorry for the noise. In looking at this further, the /usr/lib/tmpfiles.d/systemd.conf will not change the permissions on the journald file, only the directory: m /var/log/journal 2755 root systemd-journal - - m /var/log/journal/%m 2755 root systemd-journal - - m /run/log/journal 2755 root systemd-journal - - m /run/log/journal/%m 2755 root systemd-journal - - So what is supposed to set the permissions on the journal file(s) that live in /var/log/journal/%m/ ? Let me do a build with 207 and see how that handles this issue... thanks, greg k-h ___ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel