From 176f2acf8dee45fee832fd2ab07243f63783a238 Mon Sep 17 00:00:00 2001
From: Lennart Poettering <lennart@poettering.net>
Date: Wed, 11 Jun 2014 10:23:16 +0200
Subject: [PATCH] tmpfiles: don't allow read access to journal files to users
 not in systemd-journal

Also, don't apply access mode recursively to /var/log/journal/*/, since
that might be quite large, and should be correct anyway.
---
 tmpfiles.d/systemd.conf | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index b07d0504a..fbc47823d 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -20,7 +20,8 @@ d /run/systemd/netif 0755 systemd-network systemd-network -
 d /run/systemd/netif/links 0755 systemd-network systemd-network -
 d /run/systemd/netif/leases 0755 systemd-network systemd-network -
 
-z /var/log/journal 2755 root systemd-journal - -
-Z /var/log/journal/%m ~2755 root systemd-journal - -
 z /run/log/journal 2755 root systemd-journal - -
-Z /run/log/journal/%m ~2755 root systemd-journal - -
+Z /run/log/journal/%m ~2750 root systemd-journal - -
+
+z /var/log/journal 2755 root systemd-journal - -
+z /var/log/journal/%m 2755 root systemd-journal - -
-- 
2.30.2