diff --git a/extended/systemd/centos/meta_patches/0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch b/extended/systemd/centos/meta_patches/0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch index 7e2c3dff8..e87521fb1 100644 --- a/extended/systemd/centos/meta_patches/0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +++ b/extended/systemd/centos/meta_patches/0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch @@ -1,8 +1,7 @@ From e188f1148982166624ae72f8fac70775a2bc8d73 Mon Sep 17 00:00:00 2001 From: Scott Little Date: Mon, 2 Oct 2017 17:53:00 -0400 -Subject: [PATCH 09/10] WRS: - 0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +Subject: 0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch --- SPECS/systemd.spec | 1 + @@ -16,7 +15,7 @@ index 33f3128..a8e1846 100644 Patch0503: 0503-Configure-journald-to-forward-to-syslog.patch Patch0504: 0504-Configure-journald-rate-limit.patch Patch0505: 0505-remove-id-sas-path-symlink.patch -+Patch0506: 0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch ++Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} diff --git a/extended/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch b/extended/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch index 108b616b0..37abec7e6 100644 --- a/extended/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch +++ b/extended/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch @@ -14,7 +14,7 @@ index a8e1846..e36e410 100644 @@ -545,6 +545,7 @@ Patch0503: 0503-Configure-journald-to-forward-to-syslog.patch Patch0504: 0504-Configure-journald-rate-limit.patch Patch0505: 0505-remove-id-sas-path-symlink.patch - Patch0506: 0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch + Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +Patch0507: 0507-move-vartmp-to-tmpfs.patch %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} diff --git a/extended/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch b/extended/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch index 9b89c3b5c..375e7f11c 100644 --- a/extended/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch +++ b/extended/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch @@ -1,7 +1,7 @@ From 508f3f3f6b114fe081cc2c0594912fd6451d1045 Mon Sep 17 00:00:00 2001 From: Kam Nasim Date: Thu, 12 Oct 2017 18:22:33 -0400 -Subject: [PATCH] meta patch for restricting tmpfs size +Subject: meta patch for restricting tmpfs size --- SPECS/systemd.spec | 1 + @@ -13,7 +13,7 @@ index 9e5ac92..66df00b 100644 +++ b/SPECS/systemd.spec @@ -462,6 +462,7 @@ Patch0504: 0504-Configure-journald-rate-limit.patch Patch0505: 0505-remove-id-sas-path-symlink.patch - Patch0506: 0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch + Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch Patch0507: 0507-move-vartmp-to-tmpfs.patch +Patch0508: 0508-set-a-1GB-size-restriction-on-tpmfs.patch diff --git a/extended/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch b/extended/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch new file mode 100644 index 000000000..5bdcdc321 --- /dev/null +++ b/extended/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch @@ -0,0 +1,24 @@ +From 9c5837d4d7a60653e418157e3a9552ddcc36d29e Mon Sep 17 00:00:00 2001 +From: Andy Ning +Date: Wed, 28 Mar 2018 14:20:39 -0400 +Subject: fix systemd tmpfiles ACL warnings + +--- + SPECS/systemd.spec | 1 + + 1 file changed, 1 insertion(+) + +diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec +index 55e44a5..f1dea1e 100644 +--- a/SPECS/systemd.spec ++++ b/SPECS/systemd.spec +@@ -547,6 +547,7 @@ Patch0505: 0505-remove-id-sas-path-symlink.patch + Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch + Patch0507: 0507-move-vartmp-to-tmpfs.patch + Patch0508: 0508-set-a-1GB-size-restriction-on-tpmfs.patch ++Patch0509: 0509-fix-systemd-tmpfiles-ACL-warnings.patch + + %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);} + +-- +1.8.3.1 + diff --git a/extended/systemd/centos/meta_patches/PATCH_ORDER b/extended/systemd/centos/meta_patches/PATCH_ORDER index 092239b06..85b292fe3 100644 --- a/extended/systemd/centos/meta_patches/PATCH_ORDER +++ b/extended/systemd/centos/meta_patches/PATCH_ORDER @@ -5,6 +5,7 @@ 0007-Add-patch-for-journald-config.patch 0008-Add-patch-for-journald-config-rate-limit.patch 0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch -0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch 0011-Add-patch-for-moving-vartmp-to-tmpfs.patch 0012-Add-patch-for-restricting-tmpfs-size.patch +0013-fix-systemd-tmpfiles-ACL-warnings.patch diff --git a/extended/systemd/centos/patches/0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch b/extended/systemd/centos/patches/0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch index 2238eb2b4..17f33fd0e 100644 --- a/extended/systemd/centos/patches/0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch +++ b/extended/systemd/centos/patches/0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch @@ -1,7 +1,7 @@ From 65c3c74fd119db0309d68430ed89652666c884d5 Mon Sep 17 00:00:00 2001 From: systemd team Date: Tue, 10 Oct 2017 17:06:10 -0400 -Subject: [PATCH] CGTS-7466 fix ACL warnings from systemd tmpfiles set +Subject: fix ACL warnings from systemd tmpfiles set --- tmpfiles.d/systemd.conf.m4 | 8 ++++---- diff --git a/extended/systemd/centos/patches/0509-fix-systemd-tmpfiles-ACL-warnings.patch b/extended/systemd/centos/patches/0509-fix-systemd-tmpfiles-ACL-warnings.patch new file mode 100644 index 000000000..7e36c388e --- /dev/null +++ b/extended/systemd/centos/patches/0509-fix-systemd-tmpfiles-ACL-warnings.patch @@ -0,0 +1,41 @@ +From be01680d0b1df9d88e173cd2ee3eb60295bcdd47 Mon Sep 17 00:00:00 2001 +From: Andy Ning +Date: Wed, 28 Mar 2018 14:06:57 -0400 +Subject: fix systemd tmpfiles ACL warnings + +systemd tmpfiles configuration file append ACLs to journal log +directories/files to give access permissions to no-exist group "adm", +causing systemd-tmpfiles-setup service to generate ACL parsing warnings. + +The patch fixed these warnings by replacing group "adm" with "wrs_protected". +This also gives wrs_protected group members (including wrsroot) access to +journal logs. + +Note: this issue has been fixed before PIKE rebase. After the rebase the +original fix is no longer enough. +--- + tmpfiles.d/systemd.conf.m4 | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 +index d984912..cdf0bf1 100644 +--- a/tmpfiles.d/systemd.conf.m4 ++++ b/tmpfiles.d/systemd.conf.m4 +@@ -35,11 +35,11 @@ z /var/log/journal 2755 root systemd-journal - - + z /var/log/journal/%m 2755 root systemd-journal - - + z /var/log/journal/%m/system.journal 0640 root systemd-journal - - + m4_ifdef(`HAVE_ACL',`` +-a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x +-a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x ++a+ /var/log/journal - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x ++a+ /var/log/journal - - - - group:wrs_protected:r-x,group:wheel:r-x + a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x + a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x +-a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- ++a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r-- + '')m4_dnl + + d /var/lib/systemd 0755 root root - +-- +1.8.3.1 +