Bug#791897: systemd: incorrect x bit for group on .journal log files after setting Storage=persistent

Vincent Lefevre vincent at vinc17.net
Thu Jul 9 11:43:49 BST 2015 

Package: systemd
Version: 222-1
Severity: normal

The .journal files under /var/log/journal/*/ have an incorrect x bit
for the group:

-rw-r-x---+ 1 root root            50331648 2015-07-09 12:25:09 system.journal
-rw-r-x---+ 1 root systemd-journal 16777216 2015-07-09 11:27:15 user-1000.journal

According to Christian Seiler's message

  https://lists.debian.org/debian-user/2015/07/msg00359.html

the cause is the following lines in /usr/lib/tmpfiles.d/systemd.conf:

a+ /var/log/journal/%m - - - - d:group:adm:r-x
A+ /var/log/journal/%m - - - - group:adm:r-x

Christian said:

"Ok, that's it: a+/A+ is new in systemd in unstable (don't remember when
exactly it was introduced, but 215 from Jessie doesn't have it), and
that is used to set ACLs.

So what happend is the following:

 - journald created these files after you initially set
   Storage=persistent, but without ACLs (and thus no ACL mask)

 - the tmpfiles.d snippet was executed after that (probably at the next
   boot)

 - A+ is recursive and adds ACL entries (in this case for the adm
   group)

 - but since the files didn't have an ACL mask yet, it was
   automatically created, leaving the mask with an x bit
   (because the adm-ACL for group was added with x)

[...]

That said, I think it would be justified to open a bug report about the
current behavior (even if after removing the bit once it doesn't occur
anymore), and the solution would be to have tmpfiles.d provide an
option to set ACLs without recalculating a mask (equivalent to what
setfacl -n does), and change the tmpfiles.d snippet to make use of
that."

Note: since Jessie is not affected, I suppose that this will affect
Jessie users in the next upgrade if nothing is done to fix the problem.

systemd should ensure that:
  * The x bit is no longer added in the future.
  * If the x bit was set due to this bug, it should be removed
    automatically.

-- Package-specific info:

-- System Information:
Debian Release: stretch/sid
  APT prefers stable-updates
  APT policy: (500, 'stable-updates'), (500, 'unstable'), (500, 'testing'), (500, 'stable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/8 CPU cores)
Locale: LANG=POSIX, LC_CTYPE=en_US.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash
Init: systemd (via /run/systemd/system)

Versions of packages systemd depends on:
ii  adduser         3.113+nmu3
ii  libacl1         2.2.52-2
ii  libapparmor1    2.9.2-3
ii  libaudit1       1:2.4.2-1
ii  libblkid1       2.26.2-6
ii  libc6           2.19-18
ii  libcap2         1:2.24-9
ii  libcap2-bin     1:2.24-9
ii  libcryptsetup4  2:1.6.6-5
ii  libgcrypt20     1.6.3-2
ii  libkmod2        20-1
ii  liblzma5        5.1.1alpha+20120614-2.1
ii  libmount1       2.26.2-6
ii  libpam0g        1.1.8-3.1
ii  libseccomp2     2.2.1-2
ii  libselinux1     2.3-2+b1
ii  libsystemd0     222-1
ii  mount           2.26.2-6
ii  sysv-rc         2.88dsf-59.2
ii  udev            222-1
ii  util-linux      2.26.2-6

Versions of packages systemd recommends:
ii  dbus            1.8.18-1
ii  libpam-systemd  222-1

Versions of packages systemd suggests:
pn  systemd-ui  <none>

-- Configuration Files:
/etc/systemd/journald.conf changed:
[Journal]
Storage=persistent


-- no debconf information

More information about the Pkg-systemd-maintainers mailing list