[Bug 1748147] Re: [SRU] debhelper support override from /etc/tmpfiles.d for systemd
Dimitri John Ledkov
launchpad at surgut.co.uk
Mon Oct 8 15:01:59 UTC 2018
** Description changed:
[Impact]
- /var/log's Permission is going back to 755
- after upgrading systemd
- if there are rsyslog's configuration on /var/lib/tmpfiles.d/
+ /var/log's Permission is going back to 755 after upgrading systemd
+ if rsyslog is installed (default)
- Affected X, A, B, C
+ [Resolution]
+ Ensure that dh_installinit does not "helpfully" generate partial systemd-tmpfiles snippets in systemd package postinst.
- This is because rsyslog's pkg has 00rsyslog.conf and copied it on /var/lib/tmpfiles.d/ when it is installing.
- after upgrading systemd, systemd only refresh it's own tmpfiles so disappear conf for 00rsyslog.conf ( it doesn't remove file itself )
- so, systemd-tmpfiles --create /var/lib/tmpfiles.d/00rsyslog.conf back permission to 775
+ Ensure that a generic systemd-tmpfiles call is done in systemd postinst,
+ which takes into account /all/ configurations, not just some.
[Test Case]
- 1. deploy 16.04 vm
- 2. check ll /var (775)
+ 1. Launch xenila container
+ 2. ls -latr /var
3. apt install --reinstall systemd
- 4. check ll /var (755)
+ 4. ls -latr /var
- [Regression Potential]
- This fix changes debhelper's override process by using absolute path to filename. so if the other pkgs using debhelper e.g systemd are there, It should be re-build with new debhelper after patching in theory, now only systemd is affected. but building is not affected. also, pkg like rsyslog which is using systemd's tmpfile system need to be changed to use /etc/tmpfiles.d/[SAME_FILENAME_IN_VAR_LIB_TMPFILES.D_FOR_OVERRIDING] instead of 00rsyslog.conf.
-
- [Others]
-
- For this issue, need to fix below pkgs
-
- debhelper
- systemd ( rebuilding with new debhelper is needed )
- rsyslog ( 00rsyslog.conf to var.conf and location should be /etc/tmpfiles.d, to support override supported by debhelper )
-
- [Original description]
-
- Upgrading or reinstalling the systemd package when using rsyslogd
- results in bad permissions (0755 instead of 0775) being set on
- /var/log/. As a consequence of this, rsyslogd can no longer create new
- files within this directory, resulting in lost log messages.
-
- The default configuration of rsyslogd provided by Ubuntu runs the daemon
- as syslog:syslog and sets ownership of /var/log to syslog:adm with mode
- 0775.
-
- Systemd's default tmpfiles configuration sets /var/log to 0755 in
- /usr/lib/tmpfiles.d/var.conf, however this is overridden in
- /usr/lib/tmpfiles.d/00rsyslog.conf which is provided by package rsyslog.
-
- It looks as though an upgrade of the systemd package fails to take
- /usr/lib/tmpfiles.d/00rsyslog.conf into account, as demonstrated below.
- This results in /var/log receiving mode 0755 instead of the expected
- 0775:
-
- nick @ log2.be1.ams1:~ $ lsb_release -a
- No LSB modules are available.
- Distributor ID: Ubuntu
- Description: Ubuntu 16.04.3 LTS
- Release: 16.04
- Codename: xenial
-
- nick @ log2.be1.ams1:~ $ apt policy systemd
- systemd:
- Installed: 229-4ubuntu21.1
- Candidate: 229-4ubuntu21.1
- Version table:
- *** 229-4ubuntu21.1 500
- 500 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 Packages
- 500 http://security.ubuntu.com/ubuntu xenial-security/main amd64 Packages
- 100 /var/lib/dpkg/status
- 229-4ubuntu4 500
- 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
-
- nick @ log2.be1.ams1:~ $ apt policy rsyslog
- rsyslog:
- Installed: 8.16.0-1ubuntu3
- Candidate: 8.16.0-1ubuntu3
- Version table:
- *** 8.16.0-1ubuntu3 500
- 500 http://archive.ubuntu.com/ubuntu xenial/main amd64 Packages
- 100 /var/lib/dpkg/status
-
- nick @ log2.be1.ams1:~ $ grep -F /var/log /usr/lib/tmpfiles.d/var.conf
- d /var/log 0755 - - -
- f /var/log/wtmp 0664 root utmp -
- f /var/log/btmp 0600 root utmp -
-
- nick @ log2.be1.ams1:~ $ cat /usr/lib/tmpfiles.d/00rsyslog.conf
- # Override systemd's default tmpfiles.d/var.conf to make /var/log writable by
- # the syslog group, so that rsyslog can run as user.
- # See tmpfiles.d(5) for details.
-
- # Type Path Mode UID GID Age Argument
- d /var/log 0775 root syslog -
-
- nick @ log2.be1.ams1:~ $ ls -ld /var/log
- drwxrwxr-x 8 root syslog 4096 Feb 7 13:45 /var/log
-
- nick @ log2.be1.ams1:~ $ sudo apt install --reinstall systemd
- Reading package lists... Done
- Building dependency tree
- Reading state information... Done
- 0 upgraded, 0 newly installed, 1 reinstalled, 0 to remove and 7 not upgraded.
- Need to get 3,634 kB of archives.
- After this operation, 0 B of additional disk space will be used.
- Get:1 http://archive.ubuntu.com/ubuntu xenial-updates/main amd64 systemd amd64 229-4ubuntu21.1 [3,634 kB]
- Fetched 3,634 kB in 0s (24.3 MB/s)
- (Reading database ... 86614 files and directories currently installed.)
- Preparing to unpack .../systemd_229-4ubuntu21.1_amd64.deb ...
- Unpacking systemd (229-4ubuntu21.1) over (229-4ubuntu21.1) ...
- Processing triggers for dbus (1.10.6-1ubuntu3.3) ...
- Processing triggers for ureadahead (0.100.0-19) ...
- Processing triggers for man-db (2.7.5-1) ...
- Setting up systemd (229-4ubuntu21.1) ...
- addgroup: The group `systemd-journal' already exists as a system group. Exiting.
-
- nick @ log2.be1.ams1:~ $ ls -ld /var/log
- drwxr-xr-x 8 root syslog 4096 Feb 7 13:45 /var/log
+ The ownership, group and permissions for /var/log should remain the
+ same.
** Description changed:
[Impact]
/var/log's Permission is going back to 755 after upgrading systemd
if rsyslog is installed (default)
[Resolution]
Ensure that dh_installinit does not "helpfully" generate partial systemd-tmpfiles snippets in systemd package postinst.
Ensure that a generic systemd-tmpfiles call is done in systemd postinst,
which takes into account /all/ configurations, not just some.
+ [Regression Potential]
+
+ * This fix was already tested in bionic and works well there.
+
+ * Bad autogenerated calls to systemd-tmpfiles are removed from systemd
+ postinst, and replaced by a call that takes all configs into account,
+ thus this is a very safe thing to do - and simply repeats what is done
+ on boot, thus is as safe as it gets.
+
[Test Case]
1. Launch xenila container
2. ls -latr /var
3. apt install --reinstall systemd
4. ls -latr /var
The ownership, group and permissions for /var/log should remain the
same.
** Changed in: systemd (Ubuntu Xenial)
Status: Confirmed => In Progress
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to rsyslog in Ubuntu.
https://bugs.launchpad.net/bugs/1748147
Title:
[SRU] debhelper support override from /etc/tmpfiles.d for systemd
Status in debhelper:
Fix Released
Status in debhelper package in Ubuntu:
Fix Released
Status in rsyslog package in Ubuntu:
Invalid
Status in systemd package in Ubuntu:
Fix Released
Status in debhelper source package in Xenial:
Won't Fix
Status in rsyslog source package in Xenial:
Invalid
Status in systemd source package in Xenial:
In Progress
Status in debhelper source package in Artful:
Won't Fix
Status in rsyslog source package in Artful:
Invalid
Status in systemd source package in Artful:
Won't Fix
Status in debhelper source package in Bionic:
Won't Fix
Status in rsyslog source package in Bionic:
Invalid
Status in systemd source package in Bionic:
Fix Released
Bug description:
[Impact]
/var/log's Permission is going back to 755 after upgrading systemd
if rsyslog is installed (default)
[Resolution]
Ensure that dh_installinit does not "helpfully" generate partial systemd-tmpfiles snippets in systemd package postinst.
Ensure that a generic systemd-tmpfiles call is done in systemd
postinst, which takes into account /all/ configurations, not just
some.
[Regression Potential]
* This fix was already tested in bionic and works well there.
* Bad autogenerated calls to systemd-tmpfiles are removed from
systemd postinst, and replaced by a call that takes all configs into
account, thus this is a very safe thing to do - and simply repeats
what is done on boot, thus is as safe as it gets.
[Test Case]
1. Launch xenila container
2. ls -latr /var
3. apt install --reinstall systemd
4. ls -latr /var
The ownership, group and permissions for /var/log should remain the
same.
To manage notifications about this bug go to:
https://bugs.launchpad.net/debhelper/+bug/1748147/+subscriptions
More information about the foundations-bugs
mailing list