From: Lennart Poettering <lennart@poettering.net>
Date: Thu, 9 Jul 2015 21:43:55 +0000 (-0300)
Subject: tmpfiles: don't recursively descend into journal directories in /var
X-Git-Tag: v223~49^2
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=8b258a645ae63dff3ab8dde6520d2e770e2a40f1;p=thirdparty%2Fsystemd.git

tmpfiles: don't recursively descend into journal directories in /var

Do so only in /run. We shouldn't alter ACLs for existing files in /var,
but only for new files. If the admin made changes to the ACLs they
shouls stay in place.

We should still do recursive ACL changes for files in /run, since those
are not persistent, and will hence lack ACLs on every boot.

Also, /var/log/journal might be quit large, /run/log/journal is usually
not, hence we should avoid the recursive descending on /var, but not on
/run.

Fixes #534
---

diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
index b447b01f586..d9d51af9292 100644
--- a/tmpfiles.d/systemd.conf.m4
+++ b/tmpfiles.d/systemd.conf.m4
@@ -35,7 +35,7 @@ z /var/log/journal 2755 root systemd-journal - -
 z /var/log/journal/%m 2755 root systemd-journal - -
 m4_ifdef(`HAVE_ACL',``
 a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x
-A+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
+a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x
 '')m4_dnl
 
 d /var/lib/systemd 0755 root root -