Bug 89202 - systemd-tmpfiles adds ACLs multiple times
Summary: systemd-tmpfiles adds ACLs multiple times
Status: CLOSED FIXED
Alias: None
Product: systemd
Classification: Unclassified
Component: general (show other bugs)
Version: unspecified
Hardware: Other All
: medium normal
Assignee: systemd-bugs
QA Contact: systemd-bugs
URL: https://bugs.debian.org/778656
Whiteboard:
Keywords:
: 89443 89535 (view as bug list)
Depends on:
Blocks:
 
Reported: 2015-02-18 13:21 UTC by Martin Pitt
Modified: 2015-03-11 16:55 UTC (History)
2 users (show)

See Also:
i915 platform:
i915 features:

Attachments

Description Martin Pitt 2015-02-18 13:21:27 UTC 
Version 219 gained support for ACLs in tmpfiles.d. But this isn't idempotent, it appends identical ACLs with each run. This isn't that important for /run/, but problematic for persistant directories like /var/log/journal.

If you run 

  sudo ./systemd-tmpfiles --create `pwd`/tmpfiles.d/systemd.conf

in the built tree (which is probably the most convenient reproducer for developers) 3 times, you get

$ getfacl /run/log/journal/5aa2ce6f17f156f9099864b6546dc1b0/
# file: run/log/journal/5aa2ce6f17f156f9099864b6546dc1b0/
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
group:adm:r-x
group:adm:r-x
group:adm:r-x
mask::r-x
other::---
default:user::rwx
default:group::r-x
default:group:adm:r-x
default:group:adm:r-x
default:group:adm:r-x
default:mask::r-x
default:other::---

I. e. the "adm" ACLs are repeated three times (notice that I left out the "wheel" ones as that group doesn't exist in Debian).

These duplicate entries not only pile up on persistant directories like /var over time, they also break the setfacl command line tool, which doesn't like them:

$ sudo setfacl -R -nm g:adm:rx,d:g:adm:rx /run/log/journal/5aa2ce6f17f156f9099864b6546dc1b0
setfacl: /run/log/journal/5aa2ce6f17f156f9099864b6546dc1b0: Malformed access ACL `user::rwx,group::r-x,group:adm:r-x,group:adm:r-x,group:adm:r-x,mask::r-x,other::---': Duplicate entries at entry 4
setfacl: /run/log/journal/5aa2ce6f17f156f9099864b6546dc1b0/system.journal: Malformed access ACL `user::rwx,group::r--,group:adm:r-x,group:adm:r-x,group:adm:r-x,mask::r-x,other::---': Duplicate entries at entry 4
Comment 1 Zbigniew Jedrzejewski-Szmek 2015-02-24 05:19:02 UTC 
Should be fixed with http://cgit.freedesktop.org/systemd/systemd/commit/?id=1c73f3bc29. Please verify.
Comment 2 Martin Pitt 2015-02-24 07:28:33 UTC 
Many thanks, works perfectly!
Comment 3 Martin Pitt 2015-02-24 07:39:53 UTC 
For the record, the setfacl call in the bug doesn't fix the duplicate ACLs for the files in /var/log/journal/<machineid>/. (Not a biggie, though).
Comment 4 Zbigniew Jedrzejewski-Szmek 2015-03-05 12:49:12 UTC 
*** Bug 89443 has been marked as a duplicate of this bug. ***
Comment 5 Zbigniew Jedrzejewski-Szmek 2015-03-11 16:55:10 UTC 
*** Bug 89535 has been marked as a duplicate of this bug. ***

Use of freedesktop.org services, including Bugzilla, is subject to our Code of Conduct. How we collect and use information is described in our Privacy Policy.