Bug#800947: ACL for /var/log/journal not set for group adm
Josh Triplett
josh at joshtriplett.org
Wed Oct 7 16:17:42 BST 2015
On Wed, 7 Oct 2015 13:55:30 +0200 Michael Biebl <biebl at debian.org> wrote:
> Am 05.10.2015 um 17:35 schrieb Felipe Sateler:
> > I think a reasonable alternative is to ship using Storage=volatile by
> > default, and ship the directory in the package (or create it in
> > postinst).
>
> After thinking more about this, I think this is the only sane solution:
> - Ship /var/log/journal in the systemd package
> - Apply the ACL to /var/log/journal (not the subdirectory) in postinst
> - Set the default from auto to volatile
> - If a user had already created a /var/log/journal directory, check for
> that in preinst and create a journald.conf.d snippet setting
> Storage=persistent
> - Update the instructions in README.Debian how to enable persistent
> journal. Recommend to use a drop-in config in
> /etc/systemd/journald.conf.d/ containing
>
> [Journal]
> Storage=persistent
>
>
> I don't see a way how we can make Storage=auto work properly.
>
> A nice side-effect of no-longer using Storage=auto would be, that we
> could make systemd-container ship /var/log/journal/remote without problems.
>
>
> Thoughts?
This seems like the right answer. Would you also consider providing a
package ("systemd-journal-persistent") that 1) ships an
/etc/systemd/journald.conf.d/systemd-journal-persistent.conf with that
snippet, and 2) Provides system-log-daemon and linux-kernel-log-daemon,
just as syslog daemon packages do? That would make it much easier to
configure systems to use the journal as their primary log/syslog without
duplication.
- Josh Triplett
More information about the Pkg-systemd-maintainers
mailing list