Bug#800947: ACL for /var/log/journal not set for group adm

Josh Triplett josh at joshtriplett.org
Wed Oct 7 16:49:38 BST 2015


On Wed, Oct 07, 2015 at 12:26:19PM -0300, Felipe Sateler wrote:
> On 7 October 2015 at 12:17, Josh Triplett <josh at joshtriplett.org> wrote:
> > On Wed, 7 Oct 2015 13:55:30 +0200 Michael Biebl <biebl at debian.org> wrote:
> >> Am 05.10.2015 um 17:35 schrieb Felipe Sateler:
> >> > I think a reasonable alternative is to ship using Storage=volatile by
> >> > default, and ship the directory in the package (or create it in
> >> > postinst).
> >>
> >> After thinking more about this, I think this is the only sane solution:
> >> - Ship /var/log/journal in the systemd package
> >> - Apply the ACL to /var/log/journal (not the subdirectory) in postinst
> >> - Set the default from auto to volatile
> >> - If a user had already created a /var/log/journal directory, check for
> >> that in preinst and create a journald.conf.d snippet setting
> >> Storage=persistent
> >> - Update the instructions in README.Debian how to enable persistent
> >> journal. Recommend to use a drop-in config in
> >> /etc/systemd/journald.conf.d/ containing
> >>
> >> [Journal]
> >> Storage=persistent
> >>
> >>
> >> I don't see a way how we can make Storage=auto work properly.
> >>
> >> A nice side-effect of no-longer using Storage=auto would be, that we
> >> could make systemd-container ship /var/log/journal/remote without problems.
> >>
> >>
> >> Thoughts?
> >
> > This seems like the right answer.  Would you also consider providing a
> > package ("systemd-journal-persistent") that 1) ships an
> > /etc/systemd/journald.conf.d/systemd-journal-persistent.conf with that
> > snippet, and 2) Provides system-log-daemon and linux-kernel-log-daemon,
> > just as syslog daemon packages do?  That would make it much easier to
> > configure systems to use the journal as their primary log/syslog without
> > duplication.
> 
> I don't think system-log-daemon is an interface that promises
> persistent logging. Otherwise the packages having Depends:
> system-log-daemon (there are some) should have bugs filed against
> them, as they would not be able to run in volatile systems.

systemd certainly doesn't tie the provision of syslog to persistent
logging, nor should it.  And it should be possible to configure a system
to use the journal as syslog without persistence (useful for
diskless/stateless systems, for instance).  However, Debian currently
ships with rsyslog by default, and in the past we've had the reasonable
concern of not wanting to log every syslog message to disk twice, once
in the journal and once in /var/log.  So, if we want to provide a
package that makes it easy to enable the persistent journal, that
package should provide system-log-daemon.

- Josh Triplett




More information about the Pkg-systemd-maintainers mailing list