proxmox-mirrors/systemd
1
0
Fork 0
mirror of https://git.proxmox.com/git/systemd synced 2026-01-20 09:13:30 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Cherry-pick upstream fix for journal file permissions.

Browse Source
This commit is contained in:
Jon Severinsson 2014-07-18 16:00:00 +02:00
parent 09c680d92f
commit 7123268760
3 changed files with 34 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
debian/changelog vendored
View File

@ -1,8 +1,12 @@
systemd (208-7) UNRELEASED; urgency=medium
[ Michael Biebl ]
* Mask remaining services provided by the initscripts package and document
in more detail why certain services have been masked. (Closes: #659264)
[ Jon Severinsson ]
* Cherry-pick upstream fix for journal file permissions.
-- Michael Biebl <biebl@debian.org> Thu, 17 Jul 2014 00:48:14 +0200
systemd (208-6) unstable; urgency=medium

1
debian/patches/series vendored
View File

@ -519,3 +519,4 @@ Check-for-kmod-binary.patch
Adjust-systemd-user-pam-config-file-for-Debian.patch
Add-run-initctl-support-to-SysV-compat-tools.patch
core-transaction-fix-cycle-break-attempts-outside-tr.patch
tmpfiles-don-t-allow-read-access-to-journal-files-to.patch

29
debian/patches/tmpfiles-don-t-allow-read-access-to-journal-files-to.patch vendored Normal file
View File

@ -0,0 +1,29 @@
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 11 Jun 2014 10:23:16 +0200
Subject: tmpfiles: don't allow read access to journal files to users not in
systemd-journal
(cherry picked from commit 176f2acf8dee45fee832fd2ab07243f63783a238)
---
tmpfiles.d/systemd.conf | 11 +++++++----
1 file changed, 7 insertions(+), 4 deletions(-)
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index c470045..79911d9 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -22,7 +22,10 @@ d /run/systemd/users 0755 root root -
d /run/systemd/machines 0755 root root -
d /run/systemd/shutdown 0755 root root -
-m /var/log/journal 2755 root systemd-journal - -
-Z /var/log/journal/%m 2755 root systemd-journal - -
-m /run/log/journal 2755 root systemd-journal - -
-Z /run/log/journal/%m 2755 root systemd-journal - -
+z /run/log/journal 2755 root systemd-journal - -
+z /run/log/journal/%m 2755 root systemd-journal - -
+z /run/log/journal/%m/*.journal 0640 root systemd-journal - -
+
+z /var/log/journal 2755 root systemd-journal - -
+z /var/log/journal/%m 2755 root systemd-journal - -
+z /var/log/journal/%m/*.journal 0640 root systemd-journal - -