I'm an idiot. Of course strace doesn't trace forks by default.
I did a full strace -f (including custom build of strace to stop
truncating arguments) and found more info.
The culprit seems to be /bin/systemd-tmpfiles
During install of the package this is called like so:
/bin/systemd-tmpfiles --create /usr/lib/tmpfiles.d/debian.conf
/usr/lib/tmpfiles.d/home.conf /usr/lib/tmpfiles.d/journal-nocow.conf
/usr/lib/tmpfiles.d/legacy.conf /usr/lib/tmpfiles.d/systemd-nologin.conf
/usr/lib/tmpfiles.d/systemd.conf /usr/lib/tmpfiles.d/tmp.conf
/usr/lib/tmpfiles.d/var.conf /usr/lib/tmpfiles.d/x11.conf
On a clean default xenial lxd image, in which /var/log is 775, running
the above, even without upgrading to 229_4ubuntu17, will change perms on
/var/log to 755.
Digging further, I see a conflict in tmpfiles.d config for /var/log in
the *current* xenial image.
$ cat /usr/lib/tmpfiles.d/00rsyslog.conf
# Override systemd's default tmpfiles.d/var.conf to make /var/log writable by
# the syslog group, so that rsyslog can run as user.
# See tmpfiles.d(5) for details.
The config it's overriding is in /usr/lib/tmpfiles.d/var.conf:
...
d /var/log 0755 - - -
...
It seems that, by providing an explicit list of tmpfiles.d to the /bin
/systemd-tmpfiles, the install process is excluding the careful placed
override in /usr/lib/tmpfiles.d/00rsyslog.conf
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1687015
Title:
229_4ubuntu17 removes group write permissions from /var/log
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/systemd/+bug/1687015/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
