mirror of
https://github.com/systemd/systemd.git
synced 2024-12-04 15:53:41 +08:00
8e729d511e
`systemd-journal-catalog-update.service` writes to `/var`. However, it's not explicitly ordered wrt `systemd-tmpfiles-setup.service`, which means that it may run before or after. This is an issue for Fedora CoreOS, which uses Ignition. We want to be able to prepare `/var` on first boot from the initrd, where the SELinux policy is not loaded yet. This means that the hierarchy under `/var` is not correctly labeled. We add a `Z /var - - -` tmpfiles entry so that it gets relabeled once `/var` gets mounted post-switchroot. So any service that tries to access `/var` before `systemd-tmpfiles` relabels it is likely to hit `EACCES`. Fix this by simply ordering `systemd-journal-catalog-update.service` after `systemd-tmpfiles-setup.service`. This is also clearer since the tmpfiles entries are the canonical source of how `/var` should be populated. For more context on this, see: https://github.com/coreos/ignition/issues/635#issuecomment-446620297
24 lines
746 B
SYSTEMD
24 lines
746 B
SYSTEMD
# SPDX-License-Identifier: LGPL-2.1+
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Rebuild Journal Catalog
|
|
Documentation=man:systemd-journald.service(8) man:journald.conf(5)
|
|
DefaultDependencies=no
|
|
Conflicts=shutdown.target
|
|
After=local-fs.target systemd-tmpfiles-setup.service
|
|
Before=sysinit.target shutdown.target systemd-update-done.service
|
|
ConditionNeedsUpdate=/var
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=@rootbindir@/journalctl --update-catalog
|
|
TimeoutSec=90s
|