tmpfiles: don't set the x bit for volatile system journal when ACL support is enabled (#3079)

When ACL support is enabled, systemd-tmpfiles-setup service sets the following ACL entries to the volatile system journal: $ getfacl /run/log/journal/*/system.journal getfacl: Removing leading '/' from absolute path names # file: run/log/journal/xxx/system.journal # owner: root # group: systemd-journal user::rwx group::r-- group🛞r-x group:adm:r-x mask::r-x other::--- This patch makes sure that the exec bit is not set anymore for the volatile system journals.
2025-01-10 01:17:44 +03:00 · 2016-05-04 01:29:11 +02:00 · 2016-05-04 01:29:11 +02:00 · d428dd6ac9
commit d428dd6ac9
parent 98973d0eff
1 changed files with 6 additions and 3 deletions
--- a/tmpfiles.d/systemd.conf.m4
+++ b/tmpfiles.d/systemd.conf.m4
@ -30,14 +30,17 @@ m4_ifdef(`HAVE_ACL',`m4_dnl
 m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl
 m4_ifdef(`ENABLE_WHEEL_GROUP',``
 a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
-A+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r--
 '',``
 a+ /run/log/journal/%m - - - - d:group:adm:r-x
-A+ /run/log/journal/%m - - - - group:adm:r-x
+a+ /run/log/journal/%m - - - - group:adm:r-x
+a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--
 '')',`m4_dnl
 m4_ifdef(`ENABLE_WHEEL_GROUP',``
 a+ /run/log/journal/%m - - - - d:group:wheel:r-x
-A+ /run/log/journal/%m - - - - group:wheel:r-x
+a+ /run/log/journal/%m - - - - group:wheel:r-x
+a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r--
 '')')')m4_dnl

 z /var/log/journal 2755 root systemd-journal - -