diff --git a/systemd-mini.changes b/systemd-mini.changes index d691713..17fa12f 100644 --- a/systemd-mini.changes +++ b/systemd-mini.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Aug 18 14:40:55 UTC 2014 - werner@suse.de + +- Disable the usage of the systemd groups wheel and adm (bnc#892300) + ------------------------------------------------------------------- Fri Aug 8 12:47:48 UTC 2014 - rmilasan@suse.com diff --git a/systemd-mini.spec b/systemd-mini.spec index 98a2cf3..ff8aa76 100644 --- a/systemd-mini.spec +++ b/systemd-mini.spec @@ -40,6 +40,7 @@ %bcond_with blkrrpart %bcond_with udevsettle %endif +%bcond_with systemgrps Name: systemd-mini Url: http://www.freedesktop.org/wiki/Software/systemd @@ -1904,8 +1905,10 @@ if read ID < /etc/machine-id > /dev/null 2>&1 ; then chgrp systemd-journal %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : chmod g+s %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : fi +%if %{with systemgrps} getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : +%endif # Try to read default runlevel from the old inittab if it exists if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then @@ -2065,8 +2068,10 @@ exit 0 %if %{with permission} %set_permissions %{_localstatedir}/log/journal/ %endif +%if %{with systemgrps} getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : +%endif if [ "$1" -eq 1 ]; then # tell journal to start logging on disk if directory didn't exist before systemctl --no-block restart systemd-journal-flush.service >/dev/null 2>&1 || : diff --git a/systemd.changes b/systemd.changes index d691713..17fa12f 100644 --- a/systemd.changes +++ b/systemd.changes @@ -1,3 +1,8 @@ +------------------------------------------------------------------- +Mon Aug 18 14:40:55 UTC 2014 - werner@suse.de + +- Disable the usage of the systemd groups wheel and adm (bnc#892300) + ------------------------------------------------------------------- Fri Aug 8 12:47:48 UTC 2014 - rmilasan@suse.com diff --git a/systemd.spec b/systemd.spec index 13707cf..857f4a1 100644 --- a/systemd.spec +++ b/systemd.spec @@ -38,6 +38,7 @@ %bcond_with blkrrpart %bcond_with udevsettle %endif +%bcond_with systemgrps Name: systemd Url: http://www.freedesktop.org/wiki/Software/systemd @@ -1899,8 +1900,10 @@ if read ID < /etc/machine-id > /dev/null 2>&1 ; then chgrp systemd-journal %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : chmod g+s %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : fi +%if %{with systemgrps} getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : +%endif # Try to read default runlevel from the old inittab if it exists if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then @@ -2060,8 +2063,10 @@ exit 0 %if %{with permission} %set_permissions %{_localstatedir}/log/journal/ %endif +%if %{with systemgrps} getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : +%endif if [ "$1" -eq 1 ]; then # tell journal to start logging on disk if directory didn't exist before systemctl --no-block restart systemd-journal-flush.service >/dev/null 2>&1 || :