There is no Bofore= or After= dependencies between systemd-journald.service and systemd-tmpfiles-setup.service. So if both "/run/log/journal" and "/var/log/journal" does not exist then those can be make as root:root and also its ids directory and journal files. To make sure, do chown systemd-journal group to journal directories and files. --- src/journal/journald-server.c | 59 ++++++++++++++++++++++++++++++++++++------- 1 file changed, 50 insertions(+), 9 deletions(-)
diff --git a/src/journal/journald-server.c b/src/journal/journald-server.c index 01da38b..9934105 100644 --- a/src/journal/journald-server.c +++ b/src/journal/journald-server.c @@ -191,6 +191,34 @@ static uint64_t available_space(Server *s, bool verbose) { return s->cached_available_space; } +static int chown_group_systemd_journal(const char *path) { + int r; + gid_t gid; + _cleanup_free_ char *journal_group = NULL; + + r = in_group("systemd-journal"); + if (r < 0) + return r; + + r = access(path, F_OK); + if (r < 0) + return -errno; + + r = asprintf(&journal_group, "systemd-journal"); + if (r < 0) + return -ENOMEM; + + r = get_group_creds((const char **)&journal_group, &gid); + if (r < 0) + return r; + + r = chown(path, getuid(), gid); + if (r < 0) + return -errno; + + return 0; +} + void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { int r; #ifdef HAVE_ACL @@ -205,6 +233,10 @@ void server_fix_perms(Server *s, JournalFile *f, uid_t uid) { if (r < 0) log_warning("Failed to fix access mode on %s, ignoring: %s", f->path, strerror(-r)); + r = chown_group_systemd_journal(f->path); + if (r < 0) + log_warning("Failed to chown group on %s, ignoring: %s", f->path, strerror(-r)); + #ifdef HAVE_ACL if (uid <= SYSTEM_UID_MAX) return; @@ -918,7 +950,6 @@ finish: dispatch_message_real(s, iovec, n, m, ucred, tv, label, label_len, unit_id, priority, object_pid); } - static int system_journal_open(Server *s) { int r; char *fn; @@ -943,11 +974,14 @@ static int system_journal_open(Server *s) { * If in persistent mode: create /var/log/journal and * the machine path */ - if (s->storage == STORAGE_PERSISTENT) + if (s->storage == STORAGE_PERSISTENT) { (void) mkdir("/var/log/journal/", 0755); + (void) chown_group_systemd_journal("/var/log/journal/"); + } fn = strappenda("/var/log/journal/", ids); (void) mkdir(fn, 0755); + (void) chown_group_systemd_journal(fn); fn = strappenda(fn, "/system.journal"); r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, s->seal, &s->system_metrics, s->mmap, NULL, &s->system_journal); @@ -965,7 +999,20 @@ static int system_journal_open(Server *s) { if (!s->runtime_journal && (s->storage != STORAGE_NONE)) { - fn = strjoin("/run/log/journal/", ids, "/system.journal", NULL); + fn = strappenda("/run/log/journal/", ids); + if (!fn) + return -ENOMEM; + + r = access(fn, F_OK); + if (r < 0 && errno == ENOENT) { + (void) mkdir("/run/log", 0755); + (void) mkdir("/run/log/journal", 0755); + (void) chown_group_systemd_journal("/run/log/journal/"); + (void) mkdir(fn, 0755); + (void) chown_group_systemd_journal(fn); + } + + fn = strappenda(fn, "/system.journal"); if (!fn) return -ENOMEM; @@ -976,7 +1023,6 @@ static int system_journal_open(Server *s) { * it into the system journal */ r = journal_file_open(fn, O_RDWR, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal); - free(fn); if (r < 0) { if (r != -ENOENT) @@ -990,12 +1036,7 @@ static int system_journal_open(Server *s) { /* OK, we really need the runtime journal, so create * it if necessary. */ - (void) mkdir("/run/log", 0755); - (void) mkdir("/run/log/journal", 0755); - (void) mkdir_parents(fn, 0750); - r = journal_file_open_reliably(fn, O_RDWR|O_CREAT, 0640, s->compress, false, &s->runtime_metrics, s->mmap, NULL, &s->runtime_journal); - free(fn); if (r < 0) { log_error("Failed to open runtime journal: %s", strerror(-r)); -- 1.9.3 _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel