From: Mike Yuan <me@yhndnzj.com>
Date: Mon, 23 Feb 2026 06:21:04 +0000 (+0100)
Subject: units/systemd-journalctl@.service: run with DynamicUser=yes
X-Git-Tag: v260-rc1~39^2~7
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=2afe8e28f89ca515d0edfbc0095a5c26f1e21cee;p=thirdparty%2Fsystemd.git

units/systemd-journalctl@.service: run with DynamicUser=yes

Follow-up for a109189fabe6a4c307528459f891c2d545361622

This follows the existing practice for
systemd-journal-{upload,gatewayd}.service,
as I think allocating a full-blown user
specifically for this purpose is an overkill.
And with DynamicUser=yes we can also take
advantage of implied sandboxing.
---

diff --git a/meson.build b/meson.build
index 11431811312..b50466dcfd0 100644
--- a/meson.build
+++ b/meson.build
@@ -895,7 +895,6 @@ foreach option : ['adm-gid',
                   'video-gid',
                   'wheel-gid',
                   'systemd-journal-gid',
-                  'systemd-journal-uid',
                   'systemd-network-uid',
                   'systemd-resolve-uid',
                   'systemd-timesync-uid']
diff --git a/meson_options.txt b/meson_options.txt
index 16d7f696111..c1af7ce2374 100644
--- a/meson_options.txt
+++ b/meson_options.txt
@@ -328,8 +328,6 @@ option('wheel-gid', type : 'integer', value : 0,
        description : 'soft-static allocation for the "wheel" group')
 option('systemd-journal-gid', type : 'integer', value : 0,
        description : 'soft-static allocation for the systemd-journal group')
-option('systemd-journal-uid', type : 'integer', value : 0,
-       description : 'soft-static allocation for the systemd-journal user')
 option('systemd-network-uid', type : 'integer', value : 0,
        description : 'soft-static allocation for the systemd-network user')
 option('systemd-resolve-uid', type : 'integer', value : 0,
diff --git a/sysusers.d/systemd-journal.conf.in b/sysusers.d/systemd-journal.conf.in
index bb1277f2bb9..61768b234ea 100644
--- a/sysusers.d/systemd-journal.conf.in
+++ b/sysusers.d/systemd-journal.conf.in
@@ -5,5 +5,4 @@
 #  the Free Software Foundation; either version 2.1 of the License, or
 #  (at your option) any later version.
 
-g  systemd-journal {{SYSTEMD_JOURNAL_GID}} -
-u! systemd-journal {{SYSTEMD_JOURNAL_UID}} "systemd Journal"
+g systemd-journal {{SYSTEMD_JOURNAL_GID}} -
diff --git a/units/systemd-journalctl@.service b/units/systemd-journalctl@.service
index 2a1701efca5..a816284cecf 100644
--- a/units/systemd-journalctl@.service
+++ b/units/systemd-journalctl@.service
@@ -17,4 +17,6 @@ RequiresMountsFor=/var/log/journal
 
 [Service]
 ExecStart=journalctl
-User=systemd-journal
+DynamicUser=yes
+User=systemd-journal-access
+SupplementaryGroups=systemd-journal