Merge "fix systemd tmpfiles ACL warnings in daemon log"

2018-06-27 19:56:45 +00:00 · 2018-06-27 19:56:45 +00:00 · ec1cfc84a7
commit ec1cfc84a7
parent 2e5319c05b ae3017bd63
7 changed files with 73 additions and 8 deletions
--- a/extended/systemd/centos/meta_patches/0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+++ b/extended/systemd/centos/meta_patches/0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
@ -1,8 +1,7 @@
 From e188f1148982166624ae72f8fac70775a2bc8d73 Mon Sep 17 00:00:00 2001
 From: Scott Little <scott.little@windriver.com>
 Date: Mon, 2 Oct 2017 17:53:00 -0400
-Subject: [PATCH 09/10] WRS:
- 0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+Subject: 0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch

 ---
 SPECS/systemd.spec | 1 +
@ -16,7 +15,7 @@ index 33f3128..a8e1846 100644
 Patch0503: 0503-Configure-journald-to-forward-to-syslog.patch
 Patch0504: 0504-Configure-journald-rate-limit.patch
 Patch0505: 0505-remove-id-sas-path-symlink.patch
-+Patch0506: 0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
 
 %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
 
--- a/extended/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch
+++ b/extended/systemd/centos/meta_patches/0011-Add-patch-for-moving-vartmp-to-tmpfs.patch
@ -14,7 +14,7 @@ index a8e1846..e36e410 100644
@@ -545,6 +545,7 @@ Patch0503: 0503-Configure-journald-to-forward-to-syslog.patch
 Patch0504: 0504-Configure-journald-rate-limit.patch
 Patch0505: 0505-remove-id-sas-path-symlink.patch
- Patch0506: 0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+ Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
 +Patch0507: 0507-move-vartmp-to-tmpfs.patch
 
 %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
--- a/extended/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch
+++ b/extended/systemd/centos/meta_patches/0012-Add-patch-for-restricting-tmpfs-size.patch
@ -1,7 +1,7 @@
 From 508f3f3f6b114fe081cc2c0594912fd6451d1045 Mon Sep 17 00:00:00 2001
 From: Kam Nasim <kam.nasim@windriver.com>
 Date: Thu, 12 Oct 2017 18:22:33 -0400
-Subject: [PATCH] meta patch for restricting tmpfs size
+Subject: meta patch for restricting tmpfs size

 ---
 SPECS/systemd.spec | 1 +
@ -13,7 +13,7 @@ index 9e5ac92..66df00b 100644
 +++ b/SPECS/systemd.spec
@@ -462,6 +462,7 @@ Patch0504: 0504-Configure-journald-rate-limit.patch
 Patch0505: 0505-remove-id-sas-path-symlink.patch
- Patch0506: 0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+ Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
 Patch0507: 0507-move-vartmp-to-tmpfs.patch
 +Patch0508: 0508-set-a-1GB-size-restriction-on-tpmfs.patch
 
--- a/extended/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch
+++ b/extended/systemd/centos/meta_patches/0013-fix-systemd-tmpfiles-ACL-warnings.patch
@ -0,0 +1,24 @@
+From 9c5837d4d7a60653e418157e3a9552ddcc36d29e Mon Sep 17 00:00:00 2001
+From: Andy Ning <andy.ning@windriver.com>
+Date: Wed, 28 Mar 2018 14:20:39 -0400
+Subject: fix systemd tmpfiles ACL warnings
+
+---
+ SPECS/systemd.spec | 1 +
+ 1 file changed, 1 insertion(+)
+
+diff --git a/SPECS/systemd.spec b/SPECS/systemd.spec
+index 55e44a5..f1dea1e 100644
+--- a/SPECS/systemd.spec
+++ b/SPECS/systemd.spec
+@@ -547,6 +547,7 @@ Patch0505: 0505-remove-id-sas-path-symlink.patch
+ Patch0506: 0506-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+ Patch0507: 0507-move-vartmp-to-tmpfs.patch
+ Patch0508: 0508-set-a-1GB-size-restriction-on-tpmfs.patch
+Patch0509: 0509-fix-systemd-tmpfiles-ACL-warnings.patch
+ 
+ %global num_patches %{lua: c=0; for i,p in ipairs(patches) do c=c+1; end; print(c);}
+ 
+-- 
+1.8.3.1
+
--- a/extended/systemd/centos/meta_patches/PATCH_ORDER
+++ b/extended/systemd/centos/meta_patches/PATCH_ORDER
@ -5,6 +5,7 @@
 0007-Add-patch-for-journald-config.patch
 0008-Add-patch-for-journald-config-rate-limit.patch
 0009-Add-patch-to-remove-ID_SAS_PATH-rule.patch
-0010-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+0010-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
 0011-Add-patch-for-moving-vartmp-to-tmpfs.patch
 0012-Add-patch-for-restricting-tmpfs-size.patch
+0013-fix-systemd-tmpfiles-ACL-warnings.patch
--- a/extended/systemd/centos/patches/0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
+++ b/extended/systemd/centos/patches/0506-CGTS-7466-fix-ACL-warnings-from-systemd-tmpfiles-set.patch
@ -1,7 +1,7 @@
 From 65c3c74fd119db0309d68430ed89652666c884d5 Mon Sep 17 00:00:00 2001
 From: systemd team <systemd-maint@redhat.com>
 Date: Tue, 10 Oct 2017 17:06:10 -0400
-Subject: [PATCH] CGTS-7466 fix ACL warnings from systemd tmpfiles set
+Subject: fix ACL warnings from systemd tmpfiles set

 ---
 tmpfiles.d/systemd.conf.m4 | 8 ++++----
--- a/extended/systemd/centos/patches/0509-fix-systemd-tmpfiles-ACL-warnings.patch
+++ b/extended/systemd/centos/patches/0509-fix-systemd-tmpfiles-ACL-warnings.patch
@ -0,0 +1,41 @@
+From be01680d0b1df9d88e173cd2ee3eb60295bcdd47 Mon Sep 17 00:00:00 2001
+From: Andy Ning <andy.ning@windriver.com>
+Date: Wed, 28 Mar 2018 14:06:57 -0400
+Subject: fix systemd tmpfiles ACL warnings
+
+systemd tmpfiles configuration file append ACLs to journal log
+directories/files to give access permissions to no-exist group "adm",
+causing systemd-tmpfiles-setup service to generate ACL parsing warnings.
+
+The patch fixed these warnings by replacing group "adm" with "wrs_protected".
+This also gives wrs_protected group members (including wrsroot) access to
+journal logs.
+
+Note: this issue has been fixed before PIKE rebase. After the rebase the
+original fix is no longer enough.
+---
+ tmpfiles.d/systemd.conf.m4 | 6 +++---
+ 1 file changed, 3 insertions(+), 3 deletions(-)
+
+diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4
+index d984912..cdf0bf1 100644
+--- a/tmpfiles.d/systemd.conf.m4
+++ b/tmpfiles.d/systemd.conf.m4
+@@ -35,11 +35,11 @@ z /var/log/journal 2755 root systemd-journal - -
+ z /var/log/journal/%m 2755 root systemd-journal - -
+ z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
+ m4_ifdef(`HAVE_ACL',``
+-a+ /var/log/journal    - - - - d:group:adm:r-x,d:group:wheel:r-x
+-a+ /var/log/journal    - - - - group:adm:r-x,group:wheel:r-x
+a+ /var/log/journal    - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
+a+ /var/log/journal    - - - - group:wrs_protected:r-x,group:wheel:r-x
+ a+ /var/log/journal/%m - - - - d:group:wrs_protected:r-x,d:group:wheel:r-x
+ a+ /var/log/journal/%m - - - - group:wrs_protected:r-x,group:wheel:r-x
+-a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
+a+ /var/log/journal/%m/system.journal - - - - group:wrs_protected:r--,group:wheel:r--
+ '')m4_dnl
+ 
+ d /var/lib/systemd 0755 root root -
+-- 
+1.8.3.1
+