| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
systemd-timesync
This partially reverts d4e9e574ea0b5d23598a317e68399584d229568b,
0187368cadea183e18c6d575a9d6b7f491a402af, and
4240cb02fda90ba11dfc0114201e42691132c6a9.
The services systemd-networkd, systemd-resolved, and systemd-timesyncd
enable DynamicUsers= and have bus interfaces. Unfortunately, these
has many problems now. Let us create the relevant users, at least,
tentatively.
Fixes #9503.
|
| |
|
|
|
|
| |
This partially reverts 2af767729489f6baa98a2641b2007acab44ed353.
As the directories are certainly readable and not-writable by
non-privileged users.
|
| |
|
|
| |
Fixes #9369.
|
| | |
|
| |
|
|
|
|
|
|
|
| |
This directory is used by the DynamicUer= stuff when used in combination
with StateDirectory=/LogDirectory=/CacheDirectory=. Let's make sure the
dir exists early on with the right perms. This is not strictly necessary
as we'll also create the dir on demand if it is missing, but in the
interest of grabbing the name early on, and making things more explicit
let's also list this in a tmpfiles.d/ snippet.
|
| |
|
|
|
|
|
|
|
|
| |
If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.
This patch explicitly sets the primary group to avoid this problem.
Fixes #5264.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
is enabled (#3079)
When ACL support is enabled, systemd-tmpfiles-setup service sets the following
ACL entries to the volatile system journal:
$ getfacl /run/log/journal/*/system.journal
getfacl: Removing leading '/' from absolute path names
# file: run/log/journal/xxx/system.journal
# owner: root
# group: systemd-journal
user::rwx
group::r--
group:wheel:r-x
group:adm:r-x
mask::r-x
other::---
This patch makes sure that the exec bit is not set anymore for the volatile
system journals.
|
| | |
|
| |
|
|
| |
https://github.com/systemd/systemd/issues/2492
|
| |
|
|
| |
https://github.com/systemd/systemd/issues/1397
|
| |
|
|
|
|
|
|
| |
This way, directories created later for containers or for
journald-remote, will be readable by adm & wheel groups by default,
similarly to /var/log/journal/%m itself.
https://github.com/systemd/systemd/issues/1971
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Do so only in /run. We shouldn't alter ACLs for existing files in /var,
but only for new files. If the admin made changes to the ACLs they
shouls stay in place.
We should still do recursive ACL changes for files in /run, since those
are not persistent, and will hence lack ACLs on every boot.
Also, /var/log/journal might be quit large, /run/log/journal is usually
not, hence we should avoid the recursive descending on /var, but not on
/run.
Fixes #534
|
| | |
|
|
|
Choose which system users defined in sysusers.d/systemd.conf and files
or directories in tmpfiles.d/systemd.conf, should be provided depending
on comile-time configuration.
|
