Archive-Team
/
zfs
2
0
Fork 0
Code Issues Pull Requests Packages Projects Releases 103 Wiki Activity

Ubuntu 18.04: Enable ACLs on /var/log 

journald ideally wants ACL support on /var/log.

Reported-by: https://www.reddit.com/user/Jahara
Richard Laager 2018-05-10 15:23:15 -05:00
parent 58a3fb6657
commit 6b13e14788
1 changed files with 2 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
Ubuntu-18.04-Root-on-ZFS.md

@ -138,7 +138,7 @@ With ZFS, it is not normally necessary to use a mount command (either `mount` or
# zfs create -o mountpoint=/root rpool/home/root # zfs create -o mountpoint=/root rpool/home/root
# zfs create -o canmount=off -o setuid=off -o exec=off rpool/var # zfs create -o canmount=off -o setuid=off -o exec=off rpool/var
# zfs create -o com.sun:auto-snapshot=false rpool/var/cache # zfs create -o com.sun:auto-snapshot=false rpool/var/cache
# zfs create rpool/var/log # zfs create -o acltype=posixacl -o xattr=sa rpool/var/log
# zfs create rpool/var/spool # zfs create rpool/var/spool
# zfs create -o com.sun:auto-snapshot=false -o exec=on rpool/var/tmp # zfs create -o com.sun:auto-snapshot=false -o exec=on rpool/var/tmp
@ -155,7 +155,7 @@ With ZFS, it is not normally necessary to use a mount command (either `mount` or
# zfs create -o com.sun:auto-snapshot=false \ # zfs create -o com.sun:auto-snapshot=false \
-o mountpoint=/var/lib/nfs rpool/var/nfs -o mountpoint=/var/lib/nfs rpool/var/nfs
The primary goal of this dataset layout is to separate the OS from user data. This allows the root filesystem to be rolled back without rolling back user data such as logs (in `/var/log`). This will be especially important if/when a `beadm` or similar utility is integrated. Since we are creating multiple datasets anyway, it is trivial to add some restrictions (for extra security) at the same time. The `com.sun.auto-snapshot` setting is used by some ZFS snapshot utilities to exclude transient data. The primary goal of this dataset layout is to separate the OS from user data. This allows the root filesystem to be rolled back without rolling back user data such as logs (in `/var/log`). This will be especially important if/when a `beadm` or similar utility is integrated. Since we are creating multiple datasets anyway, it is trivial to add some restrictions (for extra security) at the same time. The `com.sun.auto-snapshot` setting is used by some ZFS snapshot utilities to exclude transient data. [We enable POSIX ACLs on /var/log for journald.](https://askubuntu.com/questions/970886/journalctl-says-failed-to-search-journal-acl-operation-not-supported)
3.4 For LUKS installs only: 3.4 For LUKS installs only: