From c4c50e0c79a50f1d9d5fdc153158aad6ff8be715 Mon Sep 17 00:00:00 2001
From: Michael Stapelberg <stapelberg@debian.org>
Date: Wed, 27 Nov 2013 21:22:09 +0100
Subject: [PATCH] allow group adm read access on /var/log/journal

Closes: #717386
---
 debian/changelog        | 1 +
 debian/control          | 3 ++-
 debian/systemd.postinst | 6 ++++++
 3 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/debian/changelog b/debian/changelog
index c18eddf3c..8dd4859c5 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -9,6 +9,7 @@ systemd (204-6) UNRELEASED; urgency=low
   * systemctl: mangle names when avoiding dbus (Closes: #723855)
   * Make 99-systemd.rules check for /run/systemd/systemd instead of the
     ill-named cgroups directory.
+  * allow group adm read access on /var/log/journal (Closes: #717386)
 
  -- Tollef Fog Heen <tfheen@debian.org>  Mon, 28 Oct 2013 14:31:16 +0100
 
diff --git a/debian/control b/debian/control
index 7458659ec..20e6760b1 100644
--- a/debian/control
+++ b/debian/control
@@ -51,7 +51,8 @@ Depends: ${shlibs:Depends},
          libsystemd-login0 (= ${binary:Version}),
          util-linux (>= 2.19.1-2),
          initscripts (>= 2.88dsf-17),
-         udev
+         udev,
+         acl
 Breaks: lvm2 (<< 2.02.84-1),
         lsb-base (<< 4.1+Debian4)
 Conflicts: klogd
diff --git a/debian/systemd.postinst b/debian/systemd.postinst
index c4e2d62bc..eebe4dd3c 100644
--- a/debian/systemd.postinst
+++ b/debian/systemd.postinst
@@ -83,4 +83,10 @@ systemd-machine-id-setup
 # initial update of the Message Catalogs database
 _update_catalog
 
+# Grant read access to /var/log/journal for members of the adm group via a
+# filesystem ACL. This makes them able to read the journal.
+# Failure is ignored since there might be file systems mounted without ACL
+# support.
+setfacl -nm g:adm:rx,d:g:adm:rx /var/log/journal || true
+
 #DEBHELPER#
-- 
2.39.5