Bug#934284: journal sometimes with x-bit, sometimes without

Michael Biebl biebl at debian.org
Sat Feb 1 11:50:55 GMT 2020 

On Sat, 10 Aug 2019 12:37:04 +0200 Marc Haber
<mh+debian-bugs at zugschlus.de> wrote:
> Hi Michael,
> 
> thanks for your answer.
> 
> On Fri, Aug 09, 2019 at 04:16:06PM +0200, Michael Biebl wrote:
> > I have never seen this behaviour myself on the multitude of systems I
> > run (laptop, servers, VM, containers) so I don't really have any idea.
> 
> How closely are you watching the ACLs on the journal files?
> 

Forgot to answer here: I simply checked all systems I have acces to.
This was a one-time check and includes a couple of PIs, a few VMs,
containers, a laptop and a server. For some of them, /tmp is on the
root, ext4 file system. Most of them have tmpfs for /tmp (like in your
case).

I guess once the x-bit has been set, it sticks? Or did it vanish (and
reappear again) after some time, which would mean I'd need to
continuously monitor the file system?

Btw, does this only affect system.journal or also the files that are
rotated away? E.g. on one of my PIs this look like this

> root at raspberrypi:~# ls -l /run/log/journal/d3670ff77a0bb988a953e7f053a3f4e7/system*
> -rw-r-----+ 1 root systemd-journal 2834432 Jan 24 03:17 /run/log/journal/d3670ff77a0bb988a953e7f053a3f4e7/system at ee9cfeba24044e90a191a267c13840a2-0000000000000001-00059cbeac13de5a.journal
> -rw-r-----+ 1 root systemd-journal 2834432 Jan 27 06:17 /run/log/journal/d3670ff77a0bb988a953e7f053a3f4e7/system at ee9cfeba24044e90a191a267c13840a2-000000000000063b-00059cd95a64682e.journal
> -rw-r-----+ 1 root systemd-journal 2834432 Jan 30 07:22 /run/log/journal/d3670ff77a0bb988a953e7f053a3f4e7/system at ee9cfeba24044e90a191a267c13840a2-0000000000000e28-00059d1837ab38f0.journal
> -rw-r-----+ 1 root systemd-journal 2834432 Feb  1 05:39 /run/log/journal/d3670ff77a0bb988a953e7f053a3f4e7/system at ee9cfeba24044e90a191a267c13840a2-0000000000001675-00059d557cd266fa.journal
> -rw-r-----+ 1 root systemd-journal 2834432 Feb  1 12:43 /run/log/journal/d3670ff77a0bb988a953e7f053a3f4e7/system.journal


Can you correlate the change with a cron-entry, systemd timer?
Do you use something like tmpreaper?

Michael

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20200201/7d120f12/attachment-0001.sig>

More information about the Pkg-systemd-maintainers mailing list