Bug#778656: Malformed access ACL

Michael Biebl biebl at debian.org
Wed Feb 18 11:35:55 GMT 2015 

Control: tag -1 - unreproducible moreinfo

Am 18.02.2015 um 07:27 schrieb Martin Pitt:
> Control: tag -1 unreproducible moreinfo
> 
> Hey Michael,
> 
> I tried to reproduce this in various ways. I created a persistant
> journal under 215-12, rebooted, upgraded to 219-1, dpkg-reconfigured,
> apt-get install --reinstall'ed, etc., but I can't get this to happen.


Here are the steps to reproduce:

Assume you have created /var/log/journal in the past, then
systemd.postinst will have applied the ACL (or you followed the
instructions in README.Debian):

# remove existing /var/log/journal
$ rm -rf /var/log/journal
$ install -d -g systemd-journal /var/log/journal
$ setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal

# simulate a reboot
$ systemctl restart systemd-journald.service

$ getfacl /var/log/journal/567a68a5c2672114bcf5192d00000008/system.journal
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: var/log/journal/567a68a5c2672114bcf5192d00000008/system.journal
# owner: root
# group: root
user::rw-
group::r-x			#effective:r--
group:adm:r-x			#effective:r--
mask::r--
other::---

# Apply the ACLs shipped by systemd (which would happen on next reboot)
$ systemd-tmpfiles --create /usr/lib/tmpfiles.d/systemd.conf

$ getfacl /var/log/journal/567a68a5c2672114bcf5192d00000008/system.journal
getfacl: Entferne führende '/' von absoluten Pfadnamen
# file: var/log/journal/567a68a5c2672114bcf5192d00000008/system.journal
# owner: root
# group: root
user::rw-
group::r-x
group:adm:r-x
group:adm:r-x
mask::r-x
other::---

# Note the duplicate adm group

# Upgrade systemd i.e. re-run systemd.postinst
$ dpkg-reconfigure systemd
setfacl: /var/log/journal/567a68a5c2672114bcf5192d00000008: Malformed
access ACL
`user::rwx,group::r-x,group:adm:r-x,group:adm:r-x,mask::r-x,other::r-x':
Duplicate entries at entry 4
setfacl:
/var/log/journal/567a68a5c2672114bcf5192d00000008/system.journal:
Malformed access ACL
`user::rw-,group::r-x,group:adm:r-x,group:adm:r-x,mask::r-x,other::---':
Duplicate entries at entry 4
setfacl:
/var/log/journal/567a68a5c2672114bcf5192d00000008/user-1000.journal:
Malformed access ACL
`user::rw-,user:michael:r--,group::r-x,group:adm:r-x,group:adm:r-x,mask::r-x,other::---':
Duplicate entries at entry 5


et voila!

The problem apparently comes from systemd.conf and our existing
postinst/README.Debian using different ACLs, leading to the duplicate
group:adm entry when both are applied.



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20150218/ae882268/attachment-0002.sig>

More information about the Pkg-systemd-maintainers mailing list