diff --git a/debian/changelog b/debian/changelog index 967b04fe2..c08f4c4de 100644 --- a/debian/changelog +++ b/debian/changelog @@ -1,8 +1,12 @@ systemd (208-7) UNRELEASED; urgency=medium + [ Michael Biebl ] * Mask remaining services provided by the initscripts package and document in more detail why certain services have been masked. (Closes: #659264) + [ Jon Severinsson ] + * Cherry-pick upstream fix for journal file permissions. + -- Michael Biebl Thu, 17 Jul 2014 00:48:14 +0200 systemd (208-6) unstable; urgency=medium diff --git a/debian/patches/series b/debian/patches/series index 760597e56..cd62edf10 100644 --- a/debian/patches/series +++ b/debian/patches/series @@ -519,3 +519,4 @@ Check-for-kmod-binary.patch Adjust-systemd-user-pam-config-file-for-Debian.patch Add-run-initctl-support-to-SysV-compat-tools.patch core-transaction-fix-cycle-break-attempts-outside-tr.patch +tmpfiles-don-t-allow-read-access-to-journal-files-to.patch diff --git a/debian/patches/tmpfiles-don-t-allow-read-access-to-journal-files-to.patch b/debian/patches/tmpfiles-don-t-allow-read-access-to-journal-files-to.patch new file mode 100644 index 000000000..bfae67835 --- /dev/null +++ b/debian/patches/tmpfiles-don-t-allow-read-access-to-journal-files-to.patch @@ -0,0 +1,29 @@ +From: Lennart Poettering +Date: Wed, 11 Jun 2014 10:23:16 +0200 +Subject: tmpfiles: don't allow read access to journal files to users not in + systemd-journal + +(cherry picked from commit 176f2acf8dee45fee832fd2ab07243f63783a238) +--- + tmpfiles.d/systemd.conf | 11 +++++++---- + 1 file changed, 7 insertions(+), 4 deletions(-) + +diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf +index c470045..79911d9 100644 +--- a/tmpfiles.d/systemd.conf ++++ b/tmpfiles.d/systemd.conf +@@ -22,7 +22,10 @@ d /run/systemd/users 0755 root root - + d /run/systemd/machines 0755 root root - + d /run/systemd/shutdown 0755 root root - + +-m /var/log/journal 2755 root systemd-journal - - +-Z /var/log/journal/%m 2755 root systemd-journal - - +-m /run/log/journal 2755 root systemd-journal - - +-Z /run/log/journal/%m 2755 root systemd-journal - - ++z /run/log/journal 2755 root systemd-journal - - ++z /run/log/journal/%m 2755 root systemd-journal - - ++z /run/log/journal/%m/*.journal 0640 root systemd-journal - - ++ ++z /var/log/journal 2755 root systemd-journal - - ++z /var/log/journal/%m 2755 root systemd-journal - - ++z /var/log/journal/%m/*.journal 0640 root systemd-journal - -