Even with -acl, systemd enables acl support in /usr/lib/tmpfiles.d/systemd.conf and calls setfacl while installing. This should be conditional according to http://cgit.freedesktop.org/systemd/systemd/tree/tmpfiles.d/systemd.conf.m4 but didn't make it into the tarball for some reasons. This issue was reported in the forums at https://forums.gentoo.org/viewtopic-t-1011274-start-0-postdays-0-postorder-asc-highlight-.html USE="-acl" ebuild systemd-219-r1.ebuild install grep acl /var/tmp/portage/sys-apps/systemd-219-r1/temp/build.log /var/tmp/portage/sys-apps/systemd-219-r1/work/systemd-219/configure --prefix=/usr --build=x86_64-pc-linux-gnu --host=x86_64-pc-linux-gnu --mandir=/usr/share/man --infodir=setfacl/usr/share/info --datadir=/usr/share --sysconfdir=/etc --localstatedir=/var/lib --disable-dependency-tracking --disable-silent-rules --libdir=/usr/lib64 --docdir=/usr/share/doc/systemd-219-r1 cc_cv_CFLAGS__flto=no --enable-dependency-tracking --disable-maintainer-mode --localstatedir=/var --with-pamlibdir=/lib64/security --with-bashcompletiondir=/usr/share/bash-completion --enable-split-usr --with-rootprefix=/usr --with-rootlibdir=/usr/lib64 --with-sysvinit-path= --with-sysvrcnd-path= --enable-efi --enable-ima --disable-acl --disable-apparmor --disable-audit --enable-libcryptsetup --disable-libcurl --disable-gtk-doc --disable-elfutils --disable-gcrypt --enable-gudev --disable-microhttpd --disable-gnutls --disable-libidn --disable-importd --disable-bzip2 --disable-zlib --enable-introspection --disable-kdbus --enable-kmod --enable-lz4 --disable-xz --disable-libiptc --enable-pam --enable-polkit --without-python --disable-python-devel --disable-qrencode --enable-seccomp --disable-selinux --disable-terminal --disable-tests --disable-dbus --disable-xkbcommon --disable-chkconfig QUOTAON=/usr/sbin/quotaon QUOTACHECK=/usr/sbin/quotacheck --with-dbuspolicydir=/etc/dbus-1/system.d --with-dbussessionservicedir=/usr/share/dbus-1/services --with-dbussystemservicedir=/usr/share/dbus-1/system-services --with-ntp-servers=0.gentoo.pool.ntp.org 1.gentoo.pool.ntp.org 2.gentoo.pool.ntp.org 3.gentoo.pool.ntp.org setfacl -nm g:adm:rx,d:g:adm:rx /var/tmp/portage/sys-apps/systemd-219-r1/image//var/log/journal/ setfacl -nm g:wheel:rx,d:g:wheel:rx /var/tmp/portage/sys-apps/systemd-219-r1/image//var/log/journal/ cat /var/tmp/portage/sys-apps/systemd-219-r1/image/usr/lib/tmpfiles.d/systemd.conf [...] a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x A+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x [...]
Makefile.am was not adjusted to include systemd.conf.m4 until after the v219 release. http://cgit.freedesktop.org/systemd/systemd/commit/?id=ae5b2a86c2efdafd237a90b1e3766b78a8fd787b
+*systemd-219-r2 (11 Mar 2015) + + 11 Mar 2015; Mike Gilbert <floppym@gentoo.org> +systemd-219-r2.ebuild: + Grab missing systemd.conf.m4 from git to fix optional ACL support, bug 542644 + by poncho.