All of lore.kernel.org
 help / color / mirror / Atom feed
* [PATCH] systemd: fix /var/log/journal ownership
@ 2015-03-10  3:25 Jonathan Liu
  2015-03-12  7:14 ` ChenQi
  0 siblings, 1 reply; 5+ messages in thread
From: Jonathan Liu @ 2015-03-10  3:25 UTC (permalink / raw)
  To: openembedded-core

The ownership needs to be explicitly set otherwise it inherits the user
and group id of the build user.

Signed-off-by: Jonathan Liu <net147@gmail.com>
---
 meta/recipes-core/systemd/systemd_219.bb | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
index 24486f1..6a4f4e8 100644
--- a/meta/recipes-core/systemd/systemd_219.bb
+++ b/meta/recipes-core/systemd/systemd_219.bb
@@ -147,6 +147,8 @@ do_install() {
 		sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd
 	fi
 
+	chown root:root ${D}/${localstatedir}/log/journal
+
         # Delete journal README, as log can be symlinked inside volatile.
         rm -f ${D}/${localstatedir}/log/README
 
-- 
2.3.1



^ permalink raw reply related	[flat|nested] 5+ messages in thread
* Re: [PATCH] systemd: fix /var/log/journal ownership
  2015-03-10  3:25 [PATCH] systemd: fix /var/log/journal ownership Jonathan Liu
@ 2015-03-12  7:14 ` ChenQi
  2015-03-12  7:21   ` Khem Raj
  0 siblings, 1 reply; 5+ messages in thread
From: ChenQi @ 2015-03-12  7:14 UTC (permalink / raw)
  To: Jonathan Liu, openembedded-core

On 03/10/2015 11:25 AM, Jonathan Liu wrote:
> The ownership needs to be explicitly set otherwise it inherits the user
> and group id of the build user.
>
> Signed-off-by: Jonathan Liu <net147@gmail.com>
> ---
>   meta/recipes-core/systemd/systemd_219.bb | 2 ++
>   1 file changed, 2 insertions(+)
>
> diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
> index 24486f1..6a4f4e8 100644
> --- a/meta/recipes-core/systemd/systemd_219.bb
> +++ b/meta/recipes-core/systemd/systemd_219.bb
> @@ -147,6 +147,8 @@ do_install() {
>   		sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd
>   	fi
>   
> +	chown root:root ${D}/${localstatedir}/log/journal
> +
>           # Delete journal README, as log can be symlinked inside volatile.
>           rm -f ${D}/${localstatedir}/log/README
>   

I think it should be root:systemd-journal.
What do you think?

And this patch would also fix the following bug.
https://bugzilla.yoctoproject.org/show_bug.cgi?id=7293

Regards,
Chen Qi



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] systemd: fix /var/log/journal ownership
  2015-03-12  7:14 ` ChenQi
@ 2015-03-12  7:21   ` Khem Raj
  2015-03-12  7:35     ` ChenQi
  2015-03-12  9:02     ` Jonathan Liu
  0 siblings, 2 replies; 5+ messages in thread
From: Khem Raj @ 2015-03-12  7:21 UTC (permalink / raw)
  To: ChenQi; +Cc: openembedded-core


> On Mar 12, 2015, at 12:14 AM, ChenQi <Qi.Chen@windriver.com> wrote:
> 
> On 03/10/2015 11:25 AM, Jonathan Liu wrote:
>> The ownership needs to be explicitly set otherwise it inherits the user
>> and group id of the build user.
>> 
>> Signed-off-by: Jonathan Liu <net147@gmail.com>
>> ---
>>  meta/recipes-core/systemd/systemd_219.bb | 2 ++
>>  1 file changed, 2 insertions(+)
>> 
>> diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
>> index 24486f1..6a4f4e8 100644
>> --- a/meta/recipes-core/systemd/systemd_219.bb
>> +++ b/meta/recipes-core/systemd/systemd_219.bb
>> @@ -147,6 +147,8 @@ do_install() {
>>  		sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd
>>  	fi
>>  +	chown root:root ${D}/${localstatedir}/log/journal
>> +
>>          # Delete journal README, as log can be symlinked inside volatile.
>>          rm -f ${D}/${localstatedir}/log/README
>>  
> 
> I think it should be root:systemd-journal.
> What do you think?
> 
> And this patch would also fix the following bug.
> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7293

/var/log is symlinked (its not a copy-bind) into /var/volatile/log and /var/volatile  is mounted as tmpfs on runtime as of now
so how is this patch helping out with anything ? 

> 
> Regards,
> Chen Qi
> 
> -- 
> _______________________________________________
> Openembedded-core mailing list
> Openembedded-core@lists.openembedded.org
> http://lists.openembedded.org/mailman/listinfo/openembedded-core



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] systemd: fix /var/log/journal ownership
  2015-03-12  7:21   ` Khem Raj
@ 2015-03-12  7:35     ` ChenQi
  2015-03-12  9:02     ` Jonathan Liu
  1 sibling, 0 replies; 5+ messages in thread
From: ChenQi @ 2015-03-12  7:35 UTC (permalink / raw)
  To: Khem Raj; +Cc: openembedded-core

On 03/12/2015 03:21 PM, Khem Raj wrote:
>> On Mar 12, 2015, at 12:14 AM, ChenQi <Qi.Chen@windriver.com> wrote:
>>
>> On 03/10/2015 11:25 AM, Jonathan Liu wrote:
>>> The ownership needs to be explicitly set otherwise it inherits the user
>>> and group id of the build user.
>>>
>>> Signed-off-by: Jonathan Liu <net147@gmail.com>
>>> ---
>>>   meta/recipes-core/systemd/systemd_219.bb | 2 ++
>>>   1 file changed, 2 insertions(+)
>>>
>>> diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
>>> index 24486f1..6a4f4e8 100644
>>> --- a/meta/recipes-core/systemd/systemd_219.bb
>>> +++ b/meta/recipes-core/systemd/systemd_219.bb
>>> @@ -147,6 +147,8 @@ do_install() {
>>>   		sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd
>>>   	fi
>>>   +	chown root:root ${D}/${localstatedir}/log/journal
>>> +
>>>           # Delete journal README, as log can be symlinked inside volatile.
>>>           rm -f ${D}/${localstatedir}/log/README
>>>   
>> I think it should be root:systemd-journal.
>> What do you think?
>>
>> And this patch would also fix the following bug.
>> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7293
> /var/log is symlinked (its not a copy-bind) into /var/volatile/log and /var/volatile  is mounted as tmpfs on runtime as of now
> so how is this patch helping out with anything ?

Hmm... You are right. I think we should just delete the directory.

//Chen Qi

>> Regards,
>> Chen Qi
>>
>> -- 
>> _______________________________________________
>> Openembedded-core mailing list
>> Openembedded-core@lists.openembedded.org
>> http://lists.openembedded.org/mailman/listinfo/openembedded-core
>
>



^ permalink raw reply	[flat|nested] 5+ messages in thread
* Re: [PATCH] systemd: fix /var/log/journal ownership
  2015-03-12  7:21   ` Khem Raj
  2015-03-12  7:35     ` ChenQi
@ 2015-03-12  9:02     ` Jonathan Liu
  1 sibling, 0 replies; 5+ messages in thread
From: Jonathan Liu @ 2015-03-12  9:02 UTC (permalink / raw)
  To: Khem Raj, ChenQi; +Cc: openembedded-core

On 12/03/2015 6:21 PM, Khem Raj wrote:
>> On Mar 12, 2015, at 12:14 AM, ChenQi <Qi.Chen@windriver.com> wrote:
>>
>> On 03/10/2015 11:25 AM, Jonathan Liu wrote:
>>> The ownership needs to be explicitly set otherwise it inherits the user
>>> and group id of the build user.
>>>
>>> Signed-off-by: Jonathan Liu <net147@gmail.com>
>>> ---
>>>   meta/recipes-core/systemd/systemd_219.bb | 2 ++
>>>   1 file changed, 2 insertions(+)
>>>
>>> diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
>>> index 24486f1..6a4f4e8 100644
>>> --- a/meta/recipes-core/systemd/systemd_219.bb
>>> +++ b/meta/recipes-core/systemd/systemd_219.bb
>>> @@ -147,6 +147,8 @@ do_install() {
>>>   		sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd
>>>   	fi
>>>   +	chown root:root ${D}/${localstatedir}/log/journal
>>> +
>>>           # Delete journal README, as log can be symlinked inside volatile.
>>>           rm -f ${D}/${localstatedir}/log/README
>>>   
>> I think it should be root:systemd-journal.
>> What do you think?
>>
>> And this patch would also fix the following bug.
>> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7293
> /var/log is symlinked (its not a copy-bind) into /var/volatile/log and /var/volatile  is mounted as tmpfs on runtime as of now
> so how is this patch helping out with anything ?
It fixes uid/gid of build user leaking into the filesystem image even if 
the directory is hidden at runtime by tmpfs being mounted at /var/volatile.

I was considering removing /var/log/journal (actually 
/var/volatile/log/journal) from the rootfs but it would be a behavior 
change.
journald.conf by default tests for the presence of the /var/log/journal 
directory and if it exists it will write there (instead of 
/run/log/journal) assuming it is persistent.
An OpenEmbedded user could try making the journal persistent by removing 
the /var/volatile tmpfs entry from /etc/fstab (I remember seeing this 
mentioned somewhere on the web). This would make /var/volatile persistent...

I opted to keep /var/log/journal but fix the uid/gid to avoid surprises.
You're right though, it should be root:systemd-journal.

Regards,
Jonathan



^ permalink raw reply	[flat|nested] 5+ messages in thread
end of thread, other threads:[~2015-03-12  9:02 UTC | newest]

Thread overview: 5+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2015-03-10  3:25 [PATCH] systemd: fix /var/log/journal ownership Jonathan Liu
2015-03-12  7:14 ` ChenQi
2015-03-12  7:21   ` Khem Raj
2015-03-12  7:35     ` ChenQi
2015-03-12  9:02     ` Jonathan Liu

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.