Specify owner of /var/log/journal as root in the rpm listing

$ rpm -qlv systemd |grep -v 'root     root'
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /run/utmp
-rw-rw----    1 root     utmp         0 Jan 22 03:38 /var/log/btmp
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/lastlog
-rw-rw-r--    1 root     utmp         0 Jan 22 03:38 /var/log/wtmp
drwxr-sr-x    2 root     systemd-     0 Jan 22 03:38 /var/log/journal

During installation rpm would log an error that systemd-journal group
is unknown. We create all our users by calling sysusers in the %post
scriptlet, but that is too late. To avoid the warning we could either
add a %pre scriptlet, but that'd require adding a dependency on
shadow-utils for groupadd, since we can't use our own tools before we
are installed. Let's instead create the directory owned by root.root,
and change the group afterwards. The group ownership is for file
ownership, and in the worst case (we don't assign the group or set
mode +s), unprivileged users will not be able to read the logs.

We also use 'utmp' group, but that is provided by setup.rpm and is not
an issue.

https://bugzilla.redhat.com/show_bug.cgi?id=2018913#c24
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2022-02-16 18:10:16 +01:00
parent cac0b2a5a7
commit 1ba983e0be

View File

@ -715,7 +715,7 @@ python3 %{SOURCE2} %buildroot <<EOF
%ghost %dir /var/lib/systemd/linger
%ghost /var/lib/systemd/random-seed
%ghost %dir /var/lib/systemd/rfkill
%ghost %dir %attr(2755, root, systemd-journal) %verify(not mode) /var/log/journal
%ghost %dir %verify(not mode group) /var/log/journal
%ghost %dir /var/log/journal/remote
%ghost %attr(0700,root,root) %dir /var/log/private
EOF
@ -1009,6 +1009,7 @@ fi
%changelog
* Wed Feb 16 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-3
- Drop scriptlet for handling nobody user upgrades from Fedora <28
- Specify owner of /var/log/journal as root in the rpm listing (#2018913)
* Thu Feb 10 2022 Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> - 250.3-3
- Add pam_namespace to systemd-user pam config (rhbz#2053098)