Gentoo Websites Logo
Go to: Gentoo Home Documentation Forums Lists Bugs Planet Store Wiki Get Gentoo!
Bug 678758 - sys-apps/systemd: /var/log/journal/remote lacks proper permissions
Summary: sys-apps/systemd: /var/log/journal/remote lacks proper permissions
Status: RESOLVED FIXED
Alias: None
Product: Gentoo Linux
Classification: Unclassified
Component: Current packages (show other bugs)
Hardware: All Linux
: Normal normal (vote)
Assignee: Gentoo systemd Team
URL:
Whiteboard:
Keywords:
Depends on:
Blocks:
 
Reported: 2019-02-25 16:26 UTC by Timo Rothenpieler
Modified: 2019-07-31 10:41 UTC (History)
2 users (show)

See Also:
Package list:
Runtime testing required: ---

Attachments
Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Timo Rothenpieler 2019-02-25 16:26:24 UTC 
systemd-journal-remote is running as systemd-journal-remote user, so that user needs write permissions to /var/log/journal/remote.

In general I'd apply the same set of ACLs as /var/log/journal has but change the owner to systemd-journal-remote.
Comment 1 Mike Gilbert gentoo-dev 2019-02-25 19:15:42 UTC 
That path has the following permissions on my system. I'm not sure why it would be different on your system.

% stat /var/log/journal/remote
  File: /var/log/journal/remote
  Size: 48              Blocks: 0          IO Block: 4096   directory
Device: 25h/37d Inode: 93231630    Links: 1
Access: (2755/drwxr-sr-x)  Uid: (  137/systemd-journal-remote)   Gid: (  968/systemd-journal-remote)
Access: 2019-02-25 14:14:03.177966922 -0500
Modify: 2019-02-18 18:47:17.158242961 -0500
Change: 2019-02-18 18:47:17.158242961 -0500
 Birth: -
Comment 2 Timo Rothenpieler 2019-02-25 19:20:36 UTC 
On both of the systems I ran into that issue (and on another one I just checked to be sure) it is

drwxr-xr-x 2 root root 3 Jan 21 16:07 /var/log/journal/remote

Which causes systemd-journal-remote to fail writing any journals.
The ebuild does not seem to do anything with that dir besides calling keepdir on it either.
Comment 3 Mike Gilbert gentoo-dev 2019-02-25 20:56:59 UTC 
> The ebuild does not seem to do anything with that dir besides calling keepdir on it either.

Hmm, we should probably get rid of that keepdir.
Comment 4 Mike Gilbert gentoo-dev 2019-02-25 21:28:10 UTC 
It looks like systemd-journal-remote.service sets the correct permissions on startup if the directory does not already exist.
Comment 5 Larry the Git Cow gentoo-dev 2019-07-10 19:18:29 UTC 
The bug has been closed via the following commit(s):

https://gitweb.gentoo.org/repo/gentoo.git/commit/?id=2d3ac449e2125b58ca0d946ad21b8173054b446e

commit 2d3ac449e2125b58ca0d946ad21b8173054b446e
Author:     Mike Gilbert <floppym@gentoo.org>
AuthorDate: 2019-07-10 19:06:03 +0000
Commit:     Mike Gilbert <floppym@gentoo.org>
CommitDate: 2019-07-10 19:18:20 +0000

    sys-apps/systemd: update keepdir list
    
    Closes: https://bugs.gentoo.org/678758
    Package-Manager: Portage-2.3.68, Repoman-2.3.16_p2
    Signed-off-by: Mike Gilbert <floppym@gentoo.org>

 sys-apps/systemd/systemd-242-r6.ebuild | 9 +++++++--
 sys-apps/systemd/systemd-9999.ebuild   | 9 +++++++--
 2 files changed, 14 insertions(+), 4 deletions(-)
Comment 6 Anna Tikhomirova 2019-07-31 10:33:12 UTC 
This seems to be improperly fixed, see Bug #691116.

BTW, I have no systemd-journal-remote. Does it require any specific USE flag?

# equery f systemd | grep systemd-journal-remote

# emerge -pqv systemd

[ebuild   R   ] sys-apps/systemd-242-r6  USE="acl elfutils gcrypt idn kmod libidn2 lz4 lzma pam pcre seccomp (split-usr) sysv-utils -apparmor -audit -build -cryptsetup -curl -dns-over-tls -gnuefi -http -importd -nat -policykit -qrcode -resolvconf (-selinux) -test -vanilla -xkb" ABI_X86="(64) -32 (-x32)"
Comment 7 Alexander Tsoy 2019-07-31 10:41:56 UTC 
(In reply to Andrey Tikhomirov from comment #6)
> BTW, I have no systemd-journal-remote. Does it require any specific USE flag?
Yes, http USE flag.