Commit 71232687 authored by Jon Severinsson's avatar Jon Severinsson
Browse files

Cherry-pick upstream fix for journal file permissions.

parent 09c680d9
systemd (208-7) UNRELEASED; urgency=medium
[ Michael Biebl ]
* Mask remaining services provided by the initscripts package and document
in more detail why certain services have been masked. (Closes: #659264)
[ Jon Severinsson ]
* Cherry-pick upstream fix for journal file permissions.
-- Michael Biebl <biebl@debian.org> Thu, 17 Jul 2014 00:48:14 +0200
systemd (208-6) unstable; urgency=medium
......
......@@ -519,3 +519,4 @@ Check-for-kmod-binary.patch
Adjust-systemd-user-pam-config-file-for-Debian.patch
Add-run-initctl-support-to-SysV-compat-tools.patch
core-transaction-fix-cycle-break-attempts-outside-tr.patch
tmpfiles-don-t-allow-read-access-to-journal-files-to.patch
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 11 Jun 2014 10:23:16 +0200
Subject: tmpfiles: don't allow read access to journal files to users not in
systemd-journal
(cherry picked from commit 176f2acf8dee45fee832fd2ab07243f63783a238)
---
tmpfiles.d/systemd.conf | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index c470045..79911d9 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -22,7 +22,10 @@ d /run/systemd/users 0755 root root -
d /run/systemd/machines 0755 root root -
d /run/systemd/shutdown 0755 root root -
-m /var/log/journal 2755 root systemd-journal - -
-Z /var/log/journal/%m 2755 root systemd-journal - -
-m /run/log/journal 2755 root systemd-journal - -
-Z /run/log/journal/%m 2755 root systemd-journal - -
+z /run/log/journal 2755 root systemd-journal - -
+z /run/log/journal/%m 2755 root systemd-journal - -
+z /run/log/journal/%m/*.journal 0640 root systemd-journal - -
+
+z /var/log/journal 2755 root systemd-journal - -
+z /var/log/journal/%m 2755 root systemd-journal - -
+z /var/log/journal/%m/*.journal 0640 root systemd-journal - -
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment