in 19.04, default user cannot access system journal

Bug #1824342 reported by John Lenton on 2019-04-11
6
This bug affects 1 person
Affects Status Importance Assigned to Milestone
systemd (Ubuntu)
High
Unassigned
Disco
High
Unassigned

Bug Description

in a fresh install of 19.04 from http://cdimage.ubuntu.com/daily-live/20190410/disco-desktop-amd64.iso, journalctl -u snapd, or -u gdm, or -u udisks, results in 'no entries'. journalctl --system -u snapd etc, warns about permissions.

$ sudo getfacl /var/log/journal/
getfacl: Removing leading '/' from absolute path names
# file: var/log/journal/
# owner: root
# group: systemd-journal
# flags: -s-
user::rwx
group::r-x
other::r-x
default:user::rwx
default:group::r-x
default:group:adm:r-x
default:mask::r-x
default:other::r-x

this is fixed via

sudo setfacl -R -nm g:adm:rx,d:g:adm:rx /var/log/journal

Changed in systemd (Ubuntu):
importance: Undecided → High
tags: added: rls-dd-incoming
Dimitri John Ledkov (xnox) wrote :

build config, tmpfiles config have not changed. Probably a regression in v240 vs v239 of the systemd-tmpfiles utility implementation.

Dimitri John Ledkov (xnox) wrote :

fixed in v241.... shame I did not upgrade systemd to v241 in disco.

Dimitri John Ledkov (xnox) wrote :

Ok, this is fixed in v240-stable branch by https://github.com/systemd/systemd-stable/commit/5b3437338286fde71f66952726840ba7dbdd86b4

But v240-stable branch has many other useful fixes.... let me try to land them all.

Changed in systemd (Ubuntu):
status: New → In Progress
tags: added: disco
removed: rls-dd-incoming
Launchpad Janitor (janitor) wrote :
Download full text (4.3 KiB)

This bug was fixed in the package systemd - 240-6ubuntu5

---------------
systemd (240-6ubuntu5) disco; urgency=medium

  * systemd-stable: cherrypick many bugfixes from the v240-stable branch.
    Includes many documentation fixes, memory safety (use after free, read
    overruns, etc), networkd wireguard fixes, POSIX ACL fix which is preventing adm
    group from reading journals (LP: #1824342), journal dropping caches
    improvement, fixes regressions in udevadm / machinectl command line parsing.
    Files:
    - debian/patches/Add-missing-dash-to-all-option-in-the-timedatectl-man-pag.patch
    - debian/patches/Add-note-about-transactions-being-genereated-independentl.patch
    - debian/patches/Change-job-mode-of-manager-triggered-restarts-to-JOB_REPL.patch
    - debian/patches/Fix-omission-in-docs.patch
    - debian/patches/Log-the-job-being-merged.patch
    - debian/patches/NEWS-document-deprecation-of-PermissionsStartOnly-in-v240.patch
    - debian/patches/NEWS-retroactively-describe-.include-deprecation.patch
    - debian/patches/Update-systemd-system.conf.xml.patch
    - debian/patches/basic-prioq-add-prioq_peek_item.patch
    - debian/patches/core-Fix-EOPNOTSUPP-emergency-action-error-string.patch
    - debian/patches/core-Fix-return-argument-check-for-parse_emergency_action.patch
    - debian/patches/core-mount-do-not-add-Before-local-fs.target-or-remote-fs.patch
    - debian/patches/core-mount-move-static-function-earlier-in-file.patch
    - debian/patches/curl-util-fix-use-after-free.patch
    - debian/patches/ethtool-Make-sure-advertise-is-actually-set-when-autonego.patch
    - debian/patches/journal-avoid-buffer-overread-when-locale-name-is-too-lon.patch
    - debian/patches/journal-limit-the-number-of-entries-in-the-cache-based-on.patch
    - debian/patches/journald-periodically-drop-cache-for-all-dead-PIDs.patch
    - debian/patches/machinectl-fix-argument-index-in-error-log.patch
    - debian/patches/man-Fix-a-typo-in-systemd.exec.xml.patch
    - debian/patches/man-fix-reference.patch
    - debian/patches/man-fix-volume-num-of-journalctl.patch
    - debian/patches/man-update-DefaultDependency-in-systemd.mount-5.patch
    - debian/patches/netlink-set-maximum-size-of-WGDEVICE_A_IFNAME.patch
    - debian/patches/network-make-Link-and-NetDev-always-have-the-valid-poiter.patch
    - debian/patches/network-unset-Network-manager-when-loading-.network-file-.patch
    - debian/patches/network-wireguard-rename-and-split-set_wireguard_interfac.patch
    - debian/patches/networkd-wait-for-kernel-to-reply-ipv6-peer-address.patch
    - debian/patches/nspawn-ignore-SIGPIPE-for-nspawn-itself.patch
    - debian/patches/pager-improve-english-a-bit.patch
    - debian/patches/pid1-fix-cleanup-of-stale-implicit-deps-based-on-proc-sel.patch
    - debian/patches/procfs-util-expose-functionality-to-query-total-memory.patch
    - debian/patches/pull-fix-invalid-error-check.patch
    - debian/patches/shared-Revert-commit-49fe5c099-in-parts-for-function-pars.patch
    - debian/patches/shared-dissect-image-make-sure-that-we-don-t-truncate-dev.patch
    - debian/patches/test-execute-unset-HOME-before-testing.patch
    - debian/patches/udev-do-logging-be...

Read more...

Changed in systemd (Ubuntu Disco):
status: In Progress → Fix Released
To post a comment you must log in.
This report contains Public information  Edit
Everyone can see this information.

Other bug subscribers