Bug#778656: Malformed access ACL

Martin Pitt mpitt at debian.org
Wed Feb 18 06:27:39 GMT 2015 

Control: tag -1 unreproducible moreinfo

Hey Michael,

I tried to reproduce this in various ways. I created a persistant
journal under 215-12, rebooted, upgraded to 219-1, dpkg-reconfigured,
apt-get install --reinstall'ed, etc., but I can't get this to happen.

Michael Biebl [2015-02-18  0:40 +0100]:
> # dpkg-reconfigure systemd
> setfacl: /var/log/journal/567a68a5c2672114bcf5192d00000008: Malformed
> access ACL

I'm quite sure this comes from our postinst:

| if [ -d /var/log/journal ]; then
|     # Grant read access to /var/log/journal for members of the adm group
|     # via a filesystem ACL. This makes them able to read the journal.
|     # Failure is ignored since there might be file systems mounted without
|     # ACL support.
|     setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal || true
| fi

Can you confirm this? I. e. do you still get this error if you
reconfigure/reinstall again? Does dropping this postinst snippet fix
it?

We can drop it now, as tmpfiles.d/systemd.conf now automatically adds
an adm ACL to /var/log/journal and /run/log/journal/. I just updated
README.Debian in git accordingly.

But I'd like you to confirm that this indeed fixes the clutter, or
whether that's coming from systemd-tmpfiles itself.

> getfacl: Removing leading '/' from absolute path names
> # file: var/log/journal/567a68a5c2672114bcf5192d00000008/system.journal
> # owner: root
> # group: systemd-journal
> user::rw-
> group::r-x
> group:adm:r-x
> group:adm:r-x

^ That's the bit that I can't reproduce. If I call setfacl, or let
tmpfiles.d do its thing, I never get this duplicate ACL. Do you still
remember how you managed to get this?

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20150218/b9f8e426/attachment-0001.sig>

More information about the Pkg-systemd-maintainers mailing list