[OE-core] [PATCH] systemd: fix /var/log/journal ownership

Jonathan Liu net147 at gmail.com
Thu Mar 12 09:02:35 UTC 2015 

On 12/03/2015 6:21 PM, Khem Raj wrote:
>> On Mar 12, 2015, at 12:14 AM, ChenQi <Qi.Chen at windriver.com> wrote:
>>
>> On 03/10/2015 11:25 AM, Jonathan Liu wrote:
>>> The ownership needs to be explicitly set otherwise it inherits the user
>>> and group id of the build user.
>>>
>>> Signed-off-by: Jonathan Liu <net147 at gmail.com>
>>> ---
>>>   meta/recipes-core/systemd/systemd_219.bb | 2 ++
>>>   1 file changed, 2 insertions(+)
>>>
>>> diff --git a/meta/recipes-core/systemd/systemd_219.bb b/meta/recipes-core/systemd/systemd_219.bb
>>> index 24486f1..6a4f4e8 100644
>>> --- a/meta/recipes-core/systemd/systemd_219.bb
>>> +++ b/meta/recipes-core/systemd/systemd_219.bb
>>> @@ -147,6 +147,8 @@ do_install() {
>>>   		sed -i s%@UDEVD@%${rootlibexecdir}/systemd/systemd-udevd% ${D}${sysconfdir}/init.d/systemd-udevd
>>>   	fi
>>>   +	chown root:root ${D}/${localstatedir}/log/journal
>>> +
>>>           # Delete journal README, as log can be symlinked inside volatile.
>>>           rm -f ${D}/${localstatedir}/log/README
>>>   
>> I think it should be root:systemd-journal.
>> What do you think?
>>
>> And this patch would also fix the following bug.
>> https://bugzilla.yoctoproject.org/show_bug.cgi?id=7293
> /var/log is symlinked (its not a copy-bind) into /var/volatile/log and /var/volatile  is mounted as tmpfs on runtime as of now
> so how is this patch helping out with anything ?
It fixes uid/gid of build user leaking into the filesystem image even if 
the directory is hidden at runtime by tmpfs being mounted at /var/volatile.

I was considering removing /var/log/journal (actually 
/var/volatile/log/journal) from the rootfs but it would be a behavior 
change.
journald.conf by default tests for the presence of the /var/log/journal 
directory and if it exists it will write there (instead of 
/run/log/journal) assuming it is persistent.
An OpenEmbedded user could try making the journal persistent by removing 
the /var/volatile tmpfs entry from /etc/fstab (I remember seeing this 
mentioned somewhere on the web). This would make /var/volatile persistent...

I opted to keep /var/log/journal but fix the uid/gid to avoid surprises.
You're right though, it should be root:systemd-journal.

Regards,
Jonathan

More information about the Openembedded-core mailing list