mirror of
https://github.com/systemd/systemd-stable.git
synced 2024-12-22 13:33:56 +03:00
units: update catalog after systemd-tmpfiles runs
`systemd-journal-catalog-update.service` writes to `/var`. However, it's not explicitly ordered wrt `systemd-tmpfiles-setup.service`, which means that it may run before or after. This is an issue for Fedora CoreOS, which uses Ignition. We want to be able to prepare `/var` on first boot from the initrd, where the SELinux policy is not loaded yet. This means that the hierarchy under `/var` is not correctly labeled. We add a `Z /var - - -` tmpfiles entry so that it gets relabeled once `/var` gets mounted post-switchroot. So any service that tries to access `/var` before `systemd-tmpfiles` relabels it is likely to hit `EACCES`. Fix this by simply ordering `systemd-journal-catalog-update.service` after `systemd-tmpfiles-setup.service`. This is also clearer since the tmpfiles entries are the canonical source of how `/var` should be populated. For more context on this, see: https://github.com/coreos/ignition/issues/635#issuecomment-446620297
This commit is contained in:
parent
7b7426506a
commit
8e729d511e
@ -12,7 +12,7 @@ Description=Rebuild Journal Catalog
|
||||
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
|
||||
DefaultDependencies=no
|
||||
Conflicts=shutdown.target
|
||||
After=local-fs.target
|
||||
After=local-fs.target systemd-tmpfiles-setup.service
|
||||
Before=sysinit.target shutdown.target systemd-update-done.service
|
||||
ConditionNeedsUpdate=/var
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user