Dr. Werner Fink 2014-08-18 14:41:57 +00:00 committed by Git OBS Bridge
parent 9e5b449799
commit f86ed277ff
4 changed files with 20 additions and 0 deletions

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Aug 18 14:40:55 UTC 2014 - werner@suse.de
- Disable the usage of the systemd groups wheel and adm (bnc#892300)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 8 12:47:48 UTC 2014 - rmilasan@suse.com Fri Aug 8 12:47:48 UTC 2014 - rmilasan@suse.com

View File

@ -40,6 +40,7 @@
%bcond_with blkrrpart %bcond_with blkrrpart
%bcond_with udevsettle %bcond_with udevsettle
%endif %endif
%bcond_with systemgrps
Name: systemd-mini Name: systemd-mini
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
@ -1904,8 +1905,10 @@ if read ID < /etc/machine-id > /dev/null 2>&1 ; then
chgrp systemd-journal %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : chgrp systemd-journal %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || :
chmod g+s %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : chmod g+s %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || :
fi fi
%if %{with systemgrps}
getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
%endif
# Try to read default runlevel from the old inittab if it exists # Try to read default runlevel from the old inittab if it exists
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
@ -2065,8 +2068,10 @@ exit 0
%if %{with permission} %if %{with permission}
%set_permissions %{_localstatedir}/log/journal/ %set_permissions %{_localstatedir}/log/journal/
%endif %endif
%if %{with systemgrps}
getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
%endif
if [ "$1" -eq 1 ]; then if [ "$1" -eq 1 ]; then
# tell journal to start logging on disk if directory didn't exist before # tell journal to start logging on disk if directory didn't exist before
systemctl --no-block restart systemd-journal-flush.service >/dev/null 2>&1 || : systemctl --no-block restart systemd-journal-flush.service >/dev/null 2>&1 || :

View File

@ -1,3 +1,8 @@
-------------------------------------------------------------------
Mon Aug 18 14:40:55 UTC 2014 - werner@suse.de
- Disable the usage of the systemd groups wheel and adm (bnc#892300)
------------------------------------------------------------------- -------------------------------------------------------------------
Fri Aug 8 12:47:48 UTC 2014 - rmilasan@suse.com Fri Aug 8 12:47:48 UTC 2014 - rmilasan@suse.com

View File

@ -38,6 +38,7 @@
%bcond_with blkrrpart %bcond_with blkrrpart
%bcond_with udevsettle %bcond_with udevsettle
%endif %endif
%bcond_with systemgrps
Name: systemd Name: systemd
Url: http://www.freedesktop.org/wiki/Software/systemd Url: http://www.freedesktop.org/wiki/Software/systemd
@ -1899,8 +1900,10 @@ if read ID < /etc/machine-id > /dev/null 2>&1 ; then
chgrp systemd-journal %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : chgrp systemd-journal %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || :
chmod g+s %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || : chmod g+s %{_localstatedir}/log/journal/$ID > /dev/null 2>&1 || :
fi fi
%if %{with systemgrps}
getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
%endif
# Try to read default runlevel from the old inittab if it exists # Try to read default runlevel from the old inittab if it exists
if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then if [ ! -e /etc/systemd/system/default.target -a -e /etc/inittab ]; then
@ -2060,8 +2063,10 @@ exit 0
%if %{with permission} %if %{with permission}
%set_permissions %{_localstatedir}/log/journal/ %set_permissions %{_localstatedir}/log/journal/
%endif %endif
%if %{with systemgrps}
getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group wheel && setfacl -Rnm g:wheel:rx,d:g:wheel:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || : getent group adm && setfacl -Rnm g:adm:rx,d:g:adm:rx %{_localstatedir}/log/journal/ > /dev/null 2>&1 || :
%endif
if [ "$1" -eq 1 ]; then if [ "$1" -eq 1 ]; then
# tell journal to start logging on disk if directory didn't exist before # tell journal to start logging on disk if directory didn't exist before
systemctl --no-block restart systemd-journal-flush.service >/dev/null 2>&1 || : systemctl --no-block restart systemd-journal-flush.service >/dev/null 2>&1 || :