Compare commits
18 Commits
3f58a2f099
...
0224fcc7ce
| Author | SHA1 | Date |
|---|---|---|
colin-foster-in-advantage
|
0224fcc7ce | |
|
Lennart Poettering
|
d209e197f8 | |
|
Antonio Alvarez Feijoo
|
9ed090230e | |
|
Luca Boccassi
|
9bf6ffe166 | |
|
Lennart Poettering
|
47c5ca237b | |
|
Lennart Poettering
|
7f8a4f12df | |
|
Lennart Poettering
|
e412fc5e04 | |
|
Lennart Poettering
|
cc6baba720 | |
|
Lennart Poettering
|
3ae48d071c | |
|
Antonio Alvarez Feijoo
|
2ccacdd57c | |
|
Yu Watanabe
|
d99198819c | |
|
Tobias Zimmermann
|
f70e5620b6 | |
|
Zbigniew Jędrzejewski-Szmek
|
3127c71bf4 | |
|
Zbigniew Jędrzejewski-Szmek
|
2c06e40ae9 | |
|
Zbigniew Jędrzejewski-Szmek
|
5ca9149464 | |
|
Colin Foster
|
b5171f0f48 | |
|
Colin Foster
|
b4e82f27c7 | |
|
Colin Foster
|
857a9a6d74 |
|
|
@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
|
|||
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
|
||||
KEYBOARD_KEY_c01b7=audio # My Music (F12)
|
||||
|
||||
# Logitech MX Keys for Mac
|
||||
evdev:input:b0003v046Dp4092*
|
||||
KEYBOARD_KEY_70035=102nd # '<' key
|
||||
KEYBOARD_KEY_70064=grave # '^' key
|
||||
|
||||
###########################################################
|
||||
# Maxdata
|
||||
###########################################################
|
||||
|
|
|
|||
|
|
@ -265,32 +265,11 @@
|
|||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Options</title>
|
||||
<title>Unlocking</title>
|
||||
|
||||
<para>The following options are understood:</para>
|
||||
<para>The following options are understood that may be used to unlock the device in preparation of the enrollment operations:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--password</option></term>
|
||||
|
||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--recovery-key</option></term>
|
||||
|
||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--unlock-key-file=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
|
|
@ -328,7 +307,45 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v256"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Simple Enrollment</title>
|
||||
|
||||
<para>The following options are understood that may be used to enroll simple user input based
|
||||
unlocking:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--password</option></term>
|
||||
|
||||
<listitem><para>Enroll a regular password/passphrase. This command is mostly equivalent to
|
||||
<command>cryptsetup luksAddKey</command>, however may be combined with
|
||||
<option>--wipe-slot=</option> in one call, see below.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><option>--recovery-key</option></term>
|
||||
|
||||
<listitem><para>Enroll a recovery key. Recovery keys are mostly identical to passphrases, but are
|
||||
computer-generated instead of being chosen by a human, and thus have a guaranteed high entropy. The
|
||||
key uses a character set that is easy to type in, and may be scanned off screen via a QR code.
|
||||
</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>PKCS#11 Enrollment</title>
|
||||
|
||||
<para>The following option is understood that may be used to enroll PKCS#11 tokens:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--pkcs11-token-uri=<replaceable>URI</replaceable></option></term>
|
||||
|
||||
|
|
@ -361,7 +378,15 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v248"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>FIDO2 Enrollment</title>
|
||||
|
||||
<para>The following options are understood that may be used to enroll PKCS#11 tokens:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--fido2-credential-algorithm=<replaceable>STRING</replaceable></option></term>
|
||||
<listitem><para>Specify COSE algorithm used in credential generation. The default value is
|
||||
|
|
@ -461,7 +486,15 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v249"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>TPM2 Enrollment</title>
|
||||
|
||||
<para>The following options are understood that may be used to enroll TPM2 devices:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--tpm2-device=<replaceable>PATH</replaceable></option></term>
|
||||
|
||||
|
|
@ -636,7 +669,15 @@
|
|||
|
||||
<xi:include href="version-info.xml" xpointer="v255"/></listitem>
|
||||
</varlistentry>
|
||||
</variablelist>
|
||||
</refsect1>
|
||||
|
||||
<refsect1>
|
||||
<title>Other Options</title>
|
||||
|
||||
<para>The following additional options are understood:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><option>--wipe-slot=<replaceable>SLOT<optional>,SLOT...</optional></replaceable></option></term>
|
||||
|
||||
|
|
|
|||
|
|
@ -2546,6 +2546,17 @@ NFTSet=prefix:netdev:filter:eth_ipv4_prefix</programlisting>
|
|||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><varname>BOOTP=</varname></term>
|
||||
<listitem>
|
||||
<para>Takes a boolean. The DHCPv4 client can be configured to communicate with BOOP servers that
|
||||
don't accept Option 53, DHCP Message Type. In this configuration, a BOOTP Request is sent without
|
||||
any options by default. A BOOTP reply that contains Option 1: Subnet Mask is expected.</para>
|
||||
|
||||
<xi:include href="version-info.xml" xpointer="v257"/>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<!-- How to use the DHCP lease -->
|
||||
|
||||
<varlistentry>
|
||||
|
|
|
|||
|
|
@ -38,19 +38,12 @@ __get_tpm2_devices() {
|
|||
done
|
||||
}
|
||||
|
||||
__get_block_devices() {
|
||||
local i
|
||||
for i in /dev/*; do
|
||||
[ -b "$i" ] && printf '%s\n' "$i"
|
||||
done
|
||||
}
|
||||
|
||||
_systemd_cryptenroll() {
|
||||
local comps
|
||||
local cur=${COMP_WORDS[COMP_CWORD]} prev=${COMP_WORDS[COMP_CWORD-1]} words cword
|
||||
local -A OPTS=(
|
||||
[STANDALONE]='-h --help --version
|
||||
--password --recovery-key'
|
||||
--password --recovery-key --list-devices'
|
||||
[ARG]='--unlock-key-file
|
||||
--unlock-fido2-device
|
||||
--unlock-tpm2-device
|
||||
|
|
@ -116,7 +109,7 @@ _systemd_cryptenroll() {
|
|||
return 0
|
||||
fi
|
||||
|
||||
comps=$(__get_block_devices)
|
||||
comps=$(systemd-cryptenroll --list-devices)
|
||||
COMPREPLY=( $(compgen -W '$comps' -- "$cur") )
|
||||
return 0
|
||||
}
|
||||
|
|
|
|||
|
|
@ -3426,14 +3426,12 @@ static int service_deserialize_item(Unit *u, const char *key, const char *value,
|
|||
return 0;
|
||||
}
|
||||
|
||||
r = service_add_fd_store(s, fd, fdn, do_poll);
|
||||
r = service_add_fd_store(s, TAKE_FD(fd), fdn, do_poll);
|
||||
if (r < 0) {
|
||||
log_unit_debug_errno(u, r,
|
||||
"Failed to store deserialized fd '%s', ignoring: %m", fdn);
|
||||
return 0;
|
||||
}
|
||||
|
||||
TAKE_FD(fd);
|
||||
} else if (streq(key, "extra-fd")) {
|
||||
_cleanup_free_ char *fdv = NULL, *fdn = NULL;
|
||||
_cleanup_close_ int fd = -EBADF;
|
||||
|
|
|
|||
|
|
@ -193,7 +193,7 @@ static int help(void) {
|
|||
"\n%3$sSimple Enrollment:%4$s\n"
|
||||
" --password Enroll a user-supplied password\n"
|
||||
" --recovery-key Enroll a recovery key\n"
|
||||
"\n%3$sPKCS11 Enrollment:%4$s\n"
|
||||
"\n%3$sPKCS#11 Enrollment:%4$s\n"
|
||||
" --pkcs11-token-uri=URI\n"
|
||||
" Specify PKCS#11 security token URI\n"
|
||||
"\n%3$sFIDO2 Enrollment:%4$s\n"
|
||||
|
|
|
|||
|
|
@ -14,19 +14,13 @@
|
|||
|
||||
#define DHCP_CLIENT_MIN_OPTIONS_SIZE 312
|
||||
|
||||
int dhcp_message_init(
|
||||
int bootp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
uint32_t xid,
|
||||
uint8_t type,
|
||||
uint16_t arp_type,
|
||||
uint8_t hlen,
|
||||
const uint8_t *chaddr,
|
||||
size_t optlen,
|
||||
size_t *optoffset) {
|
||||
|
||||
size_t offset = 0;
|
||||
int r;
|
||||
const uint8_t *chaddr) {
|
||||
|
||||
assert(IN_SET(op, BOOTREQUEST, BOOTREPLY));
|
||||
assert(chaddr || hlen == 0);
|
||||
|
|
@ -51,6 +45,27 @@ int dhcp_message_init(
|
|||
message->xid = htobe32(xid);
|
||||
message->magic = htobe32(DHCP_MAGIC_COOKIE);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int dhcp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
uint32_t xid,
|
||||
uint8_t type,
|
||||
uint16_t arp_type,
|
||||
uint8_t hlen,
|
||||
const uint8_t *chaddr,
|
||||
size_t optlen,
|
||||
size_t *optoffset) {
|
||||
|
||||
size_t offset = 0;
|
||||
int r;
|
||||
|
||||
r = bootp_message_init(message, op, xid, arp_type, hlen, chaddr);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
r = dhcp_option_append(message, optlen, &offset, 0,
|
||||
SD_DHCP_OPTION_MESSAGE_TYPE, 1, &type);
|
||||
if (r < 0)
|
||||
|
|
|
|||
|
|
@ -6,6 +6,14 @@
|
|||
|
||||
#include "dhcp-protocol.h"
|
||||
|
||||
int bootp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
uint32_t xid,
|
||||
uint16_t arp_type,
|
||||
uint8_t hlen,
|
||||
const uint8_t *chaddr);
|
||||
|
||||
int dhcp_message_init(
|
||||
DHCPMessage *message,
|
||||
uint8_t op,
|
||||
|
|
|
|||
|
|
@ -105,6 +105,7 @@ struct sd_dhcp_client {
|
|||
int socket_priority;
|
||||
bool socket_priority_set;
|
||||
bool ipv6_acquired;
|
||||
bool bootp;
|
||||
};
|
||||
|
||||
static const uint8_t default_req_opts[] = {
|
||||
|
|
@ -656,6 +657,15 @@ int sd_dhcp_client_set_fallback_lease_lifetime(sd_dhcp_client *client, uint64_t
|
|||
return 0;
|
||||
}
|
||||
|
||||
int sd_dhcp_client_set_bootp(sd_dhcp_client *client, int bootp) {
|
||||
assert_return(client, -EINVAL);
|
||||
assert_return(!sd_dhcp_client_is_running(client), -EBUSY);
|
||||
|
||||
client->bootp = bootp;
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static void client_set_state(sd_dhcp_client *client, DHCPState state) {
|
||||
assert(client);
|
||||
|
||||
|
|
@ -792,10 +802,14 @@ static int client_message_init(
|
|||
packet = malloc0(size);
|
||||
if (!packet)
|
||||
return -ENOMEM;
|
||||
|
||||
r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
|
||||
client->arp_type, client->hw_addr.length, client->hw_addr.bytes,
|
||||
optlen, &optoffset);
|
||||
if (client->bootp) {
|
||||
optoffset = 0;
|
||||
r = bootp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, client->arp_type,
|
||||
client->hw_addr.length, client->hw_addr.bytes);
|
||||
} else
|
||||
r = dhcp_message_init(&packet->dhcp, BOOTREQUEST, client->xid, type,
|
||||
client->arp_type, client->hw_addr.length, client->hw_addr.bytes,
|
||||
optlen, &optoffset);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
|
@ -825,14 +839,16 @@ static int client_message_init(
|
|||
if (client->request_broadcast || client->arp_type != ARPHRD_ETHER)
|
||||
packet->dhcp.flags = htobe16(0x8000);
|
||||
|
||||
/* Some DHCP servers will refuse to issue an DHCP lease if the Client
|
||||
Identifier option is not set */
|
||||
r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
|
||||
SD_DHCP_OPTION_CLIENT_IDENTIFIER,
|
||||
client->client_id.size,
|
||||
client->client_id.raw);
|
||||
if (r < 0)
|
||||
return r;
|
||||
if (!client->bootp) {
|
||||
/* Some DHCP servers will refuse to issue an DHCP lease if the Client
|
||||
Identifier option is not set */
|
||||
r = dhcp_option_append(&packet->dhcp, optlen, &optoffset, 0,
|
||||
SD_DHCP_OPTION_CLIENT_IDENTIFIER,
|
||||
client->client_id.size,
|
||||
client->client_id.raw);
|
||||
if (r < 0)
|
||||
return r;
|
||||
}
|
||||
|
||||
/* RFC2131 section 3.5:
|
||||
in its initial DHCPDISCOVER or DHCPREQUEST message, a
|
||||
|
|
@ -1061,6 +1077,22 @@ static int client_send_discover(sd_dhcp_client *client) {
|
|||
if (r < 0)
|
||||
return r;
|
||||
|
||||
/* RFC1542 section 3.5:
|
||||
if the client has no information to communicate to the server,
|
||||
the octet immediately following the magic cookie SHOULD be set
|
||||
to the "End" tag (255) and the remaining octets of the 'vend'
|
||||
field SHOULD be set to zero.
|
||||
*/
|
||||
/* Use this RFC, along with the fact that some BOOTP servers require
|
||||
a 64-byte vend field, to suggest that we always zero and send 64
|
||||
bytes in the options field.
|
||||
*/
|
||||
if (client->bootp)
|
||||
if (optoffset < 64 && optlen >= 64) {
|
||||
memset(&discover->dhcp.options[optoffset], 0, optlen - optoffset);
|
||||
optoffset = 64;
|
||||
}
|
||||
|
||||
/* We currently ignore:
|
||||
The client SHOULD wait a random time between one and ten seconds to
|
||||
desynchronize the use of DHCP at startup.
|
||||
|
|
@ -1509,16 +1541,18 @@ static int client_parse_message(
|
|||
}
|
||||
|
||||
r = dhcp_option_parse(message, len, dhcp_lease_parse_options, lease, &error_message);
|
||||
if (r < 0)
|
||||
if (r == -ENOMSG && client->bootp)
|
||||
r = DHCP_ACK; /* BOOTP messages don't have a DHCP message type option */
|
||||
else if (r < 0)
|
||||
return log_dhcp_client_errno(client, r, "Failed to parse DHCP options, ignoring: %m");
|
||||
|
||||
switch (client->state) {
|
||||
case DHCP_STATE_SELECTING:
|
||||
if (r == DHCP_ACK) {
|
||||
if (!client->rapid_commit)
|
||||
if (!client->rapid_commit && !client->bootp)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received unexpected ACK, ignoring.");
|
||||
if (!lease->rapid_commit)
|
||||
if (!lease->rapid_commit && !client->bootp)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received rapid ACK without Rapid Commit option, ignoring.");
|
||||
} else if (r == DHCP_OFFER) {
|
||||
|
|
@ -1561,11 +1595,17 @@ static int client_parse_message(
|
|||
lease->next_server = message->siaddr;
|
||||
lease->address = message->yiaddr;
|
||||
|
||||
if (client->bootp)
|
||||
lease->lifetime = USEC_INFINITY;
|
||||
|
||||
if (lease->server_address == 0 && !client->bootp)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received lease lacks server address, ignoring.");
|
||||
|
||||
if (lease->address == 0 ||
|
||||
lease->server_address == 0 ||
|
||||
lease->lifetime == 0)
|
||||
return log_dhcp_client_errno(client, SYNTHETIC_ERRNO(ENOMSG),
|
||||
"received lease lacks address, server address or lease lifetime, ignoring.");
|
||||
"received lease lacks address or lease lifetime, ignoring.");
|
||||
|
||||
r = dhcp_lease_set_default_subnet_mask(lease);
|
||||
if (r < 0)
|
||||
|
|
@ -1601,7 +1641,7 @@ static int client_handle_offer_or_rapid_ack(sd_dhcp_client *client, DHCPMessage
|
|||
|
||||
dhcp_lease_unref_and_replace(client->lease, lease);
|
||||
|
||||
if (client->lease->rapid_commit) {
|
||||
if (client->lease->rapid_commit || client->bootp) {
|
||||
log_dhcp_client(client, "ACK");
|
||||
return SD_DHCP_CLIENT_EVENT_IP_ACQUIRE;
|
||||
}
|
||||
|
|
@ -2007,8 +2047,8 @@ static int client_handle_message(sd_dhcp_client *client, DHCPMessage *message, s
|
|||
if (r < 0)
|
||||
return 0; /* invalid message, let's ignore it */
|
||||
|
||||
if (client->lease->rapid_commit)
|
||||
/* got a successful rapid commit */
|
||||
if (client->lease->rapid_commit || client->bootp)
|
||||
/* got a successful rapid commit or bootp reply */
|
||||
return client_enter_bound(client, r);
|
||||
|
||||
return client_enter_requesting(client);
|
||||
|
|
@ -2225,7 +2265,7 @@ int sd_dhcp_client_send_release(sd_dhcp_client *client) {
|
|||
size_t optoffset, optlen;
|
||||
int r;
|
||||
|
||||
if (!sd_dhcp_client_is_running(client) || !client->lease)
|
||||
if (!sd_dhcp_client_is_running(client) || !client->lease || client->bootp)
|
||||
return 0; /* do nothing */
|
||||
|
||||
r = client_message_init(client, &release, DHCP_RELEASE, &optlen, &optoffset);
|
||||
|
|
|
|||
|
|
@ -532,6 +532,145 @@ static void test_addr_acq(sd_event *e) {
|
|||
xid = 0;
|
||||
}
|
||||
|
||||
static uint8_t test_addr_bootp_reply[] = {
|
||||
0x45, 0x00, 0x01, 0x48, 0x00, 0x00, 0x40, 0x00,
|
||||
0xff, 0x11, 0x70, 0xa3, 0x0a, 0x00, 0x00, 0x02,
|
||||
0xff, 0xff, 0xff, 0xff, 0x00, 0x43, 0x00, 0x44,
|
||||
0x01, 0x2c, 0x2b, 0x91, 0x02, 0x01, 0x06, 0x00,
|
||||
0x69, 0xd3, 0x79, 0x11, 0x17, 0x00, 0x80, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x0a, 0x46, 0x00, 0x02,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x50, 0x2d, 0xf4, 0x1f, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00, 0x00,
|
||||
0x63, 0x82, 0x53, 0x63, 0x01, 0x04, 0xff, 0x00,
|
||||
0x00, 0x00, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff, 0xff,
|
||||
};
|
||||
|
||||
static int test_bootp_acquired(sd_dhcp_client *client, int event,
|
||||
void *userdata) {
|
||||
sd_event *e = userdata;
|
||||
sd_dhcp_lease *lease;
|
||||
struct in_addr addr;
|
||||
|
||||
assert_se(client);
|
||||
assert_se(IN_SET(event, SD_DHCP_CLIENT_EVENT_IP_ACQUIRE, SD_DHCP_CLIENT_EVENT_SELECTING));
|
||||
|
||||
assert_se(sd_dhcp_client_get_lease(client, &lease) >= 0);
|
||||
assert_se(lease);
|
||||
|
||||
assert_se(sd_dhcp_lease_get_address(lease, &addr) >= 0);
|
||||
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[44],
|
||||
sizeof(addr.s_addr)) == 0);
|
||||
|
||||
assert_se(sd_dhcp_lease_get_netmask(lease, &addr) >= 0);
|
||||
assert_se(memcmp(&addr.s_addr, &test_addr_bootp_reply[270],
|
||||
sizeof(addr.s_addr)) == 0);
|
||||
|
||||
if (verbose)
|
||||
log_info(" BOOTP address acquired");
|
||||
|
||||
sd_event_exit(e, 0);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int test_bootp_recv_request(size_t size, DHCPMessage *request) {
|
||||
uint16_t udp_check = 0;
|
||||
int res;
|
||||
|
||||
xid = request->xid;
|
||||
|
||||
if (verbose)
|
||||
log_info(" recv BOOTP Request 0x%08x", be32toh(xid));
|
||||
|
||||
callback_recv = NULL;
|
||||
|
||||
memcpy(&test_addr_bootp_reply[26], &udp_check, sizeof(udp_check));
|
||||
memcpy(&test_addr_bootp_reply[32], &xid, sizeof(xid));
|
||||
memcpy(&test_addr_bootp_reply[56], hw_addr.bytes, hw_addr.length);
|
||||
|
||||
res = write(test_fd[1], test_addr_bootp_reply,
|
||||
sizeof(test_addr_bootp_reply));
|
||||
assert_se(res == sizeof(test_addr_bootp_reply));
|
||||
|
||||
if (verbose)
|
||||
log_info(" sent BOOTP Reply");
|
||||
|
||||
return 0;
|
||||
};
|
||||
|
||||
static void test_acquire_bootp(sd_event *e) {
|
||||
sd_dhcp_client *client;
|
||||
int res, r;
|
||||
|
||||
if (verbose)
|
||||
log_info("* %s", __func__);
|
||||
|
||||
r = sd_dhcp_client_new(&client, false);
|
||||
assert_se(r >= 0);
|
||||
assert_se(client);
|
||||
|
||||
r = sd_dhcp_client_attach_event(client, e, 0);
|
||||
assert_se(r >= 0);
|
||||
|
||||
r = sd_dhcp_client_set_bootp(client, true);
|
||||
assert_se(r >= 0);
|
||||
|
||||
assert_se(sd_dhcp_client_set_ifindex(client, 42) >= 0);
|
||||
assert_se(sd_dhcp_client_set_mac(client, hw_addr.bytes, bcast_addr.bytes, hw_addr.length, ARPHRD_ETHER) >= 0);
|
||||
|
||||
assert_se(sd_dhcp_client_set_callback(client, test_bootp_acquired, e) >= 0);
|
||||
|
||||
callback_recv = test_bootp_recv_request;
|
||||
|
||||
assert_se(sd_event_add_time_relative(e, NULL, CLOCK_BOOTTIME,
|
||||
30 * USEC_PER_SEC, 0,
|
||||
NULL, INT_TO_PTR(-ETIMEDOUT)) >= 0);
|
||||
|
||||
res = sd_dhcp_client_start(client);
|
||||
assert_se(IN_SET(res, 0, -EINPROGRESS));
|
||||
|
||||
assert_se(sd_event_loop(e) >= 0);
|
||||
|
||||
assert_se(sd_dhcp_client_set_callback(client, NULL, NULL) >= 0);
|
||||
assert_se(sd_dhcp_client_stop(client) >= 0);
|
||||
sd_dhcp_client_unref(client);
|
||||
|
||||
test_fd[1] = safe_close(test_fd[1]);
|
||||
|
||||
callback_recv = NULL;
|
||||
xid = 0;
|
||||
}
|
||||
|
||||
int main(int argc, char *argv[]) {
|
||||
_cleanup_(sd_event_unrefp) sd_event *e;
|
||||
|
||||
|
|
@ -549,6 +688,10 @@ int main(int argc, char *argv[]) {
|
|||
test_discover_message(e);
|
||||
test_addr_acq(e);
|
||||
|
||||
sd_event_unref(e);
|
||||
assert_se(sd_event_new(&e) >= 0);
|
||||
test_acquire_bootp(e);
|
||||
|
||||
#if HAVE_VALGRIND_VALGRIND_H
|
||||
/* Make sure the async_close thread has finished.
|
||||
* valgrind would report some of the phread_* structures
|
||||
|
|
|
|||
|
|
@ -1477,6 +1477,10 @@ static int dhcp4_configure(Link *link) {
|
|||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to allocate DHCPv4 client: %m");
|
||||
|
||||
r = sd_dhcp_client_set_bootp(link->dhcp_client, link->network->dhcp_send_bootp);
|
||||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to set BOOTP flag: %m");
|
||||
|
||||
r = sd_dhcp_client_attach_event(link->dhcp_client, link->manager->event, 0);
|
||||
if (r < 0)
|
||||
return log_link_debug_errno(link, r, "DHCPv4 CLIENT: Failed to attach event to DHCPv4 client: %m");
|
||||
|
|
|
|||
|
|
@ -244,6 +244,7 @@ DHCPv4.QuickAck, config_parse_bool,
|
|||
DHCPv4.RequestOptions, config_parse_dhcp_request_options, AF_INET, 0
|
||||
DHCPv4.Anonymize, config_parse_bool, 0, offsetof(Network, dhcp_anonymize)
|
||||
DHCPv4.SendHostname, config_parse_dhcp_send_hostname, AF_INET, 0
|
||||
DHCPv4.BOOTP, config_parse_bool, 0, offsetof(Network, dhcp_send_bootp)
|
||||
DHCPv4.Hostname, config_parse_hostname, 0, offsetof(Network, dhcp_hostname)
|
||||
DHCPv4.Label, config_parse_dhcp_label, 0, offsetof(Network, dhcp_label)
|
||||
DHCPv4.RequestBroadcast, config_parse_tristate, 0, offsetof(Network, dhcp_broadcast)
|
||||
|
|
|
|||
|
|
@ -179,6 +179,7 @@ struct Network {
|
|||
OrderedHashmap *dhcp_client_send_vendor_options;
|
||||
char *dhcp_netlabel;
|
||||
NFTSetContext dhcp_nft_set_context;
|
||||
bool dhcp_send_bootp;
|
||||
|
||||
/* DHCPv6 Client support */
|
||||
bool dhcp6_use_address;
|
||||
|
|
|
|||
|
|
@ -392,7 +392,7 @@ int tpm2_make_pcr_json_array(uint32_t pcr_mask, sd_json_variant **ret);
|
|||
int tpm2_parse_pcr_json_array(sd_json_variant *v, uint32_t *ret);
|
||||
|
||||
int tpm2_make_luks2_json(int keyslot, uint32_t hash_pcr_mask, uint16_t pcr_bank, const struct iovec *pubkey, uint32_t pubkey_pcr_mask, uint16_t primary_alg, const struct iovec blobs[], size_t n_blobs, const struct iovec policy_hash[], size_t n_policy_hash, const struct iovec *salt, const struct iovec *srk, const struct iovec *pcrlock_nv, TPM2Flags flags, sd_json_variant **ret);
|
||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *pcrlock_nv, TPM2Flags *ret_flags);
|
||||
int tpm2_parse_luks2_json(sd_json_variant *v, int *ret_keyslot, uint32_t *ret_hash_pcr_mask, uint16_t *ret_pcr_bank, struct iovec *ret_pubkey, uint32_t *ret_pubkey_pcr_mask, uint16_t *ret_primary_alg, struct iovec **ret_blobs, size_t *ret_n_blobs, struct iovec **ret_policy_hash, size_t *ret_n_policy_hash, struct iovec *ret_salt, struct iovec *ret_srk, struct iovec *ret_pcrlock_nv, TPM2Flags *ret_flags);
|
||||
|
||||
/* Default to PCR 7 only */
|
||||
#define TPM2_PCR_INDEX_DEFAULT UINT32_C(7)
|
||||
|
|
|
|||
|
|
@ -147,6 +147,9 @@ int sd_dhcp_client_set_socket_priority(
|
|||
int sd_dhcp_client_set_fallback_lease_lifetime(
|
||||
sd_dhcp_client *client,
|
||||
uint64_t fallback_lease_lifetime);
|
||||
int sd_dhcp_client_set_bootp(
|
||||
sd_dhcp_client *client,
|
||||
int bootp);
|
||||
|
||||
int sd_dhcp_client_add_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
||||
int sd_dhcp_client_add_vendor_option(sd_dhcp_client *client, sd_dhcp_option *v);
|
||||
|
|
|
|||
|
|
@ -23,6 +23,7 @@
|
|||
#include "user-util.h"
|
||||
#include "userdb.h"
|
||||
#include "verbs.h"
|
||||
#include "virt.h"
|
||||
|
||||
static enum {
|
||||
OUTPUT_CLASSIC,
|
||||
|
|
@ -139,10 +140,16 @@ static int show_user(UserRecord *ur, Table *table) {
|
|||
return 0;
|
||||
}
|
||||
|
||||
static bool test_show_mapped(void) {
|
||||
/* Show mapped user range only in environments where user mapping is a thing. */
|
||||
return running_in_userns() > 0;
|
||||
}
|
||||
|
||||
static const struct {
|
||||
uid_t first, last;
|
||||
const char *name;
|
||||
UserDisposition disposition;
|
||||
bool (*test)(void);
|
||||
} uid_range_table[] = {
|
||||
{
|
||||
.first = 1,
|
||||
|
|
@ -175,11 +182,12 @@ static const struct {
|
|||
.last = MAP_UID_MAX,
|
||||
.name = "mapped",
|
||||
.disposition = USER_REGULAR,
|
||||
.test = test_show_mapped,
|
||||
},
|
||||
};
|
||||
|
||||
static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
||||
int r;
|
||||
int r, n_added = 0;
|
||||
|
||||
assert(table);
|
||||
|
||||
|
|
@ -192,6 +200,9 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
|||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||
continue;
|
||||
|
||||
if (i->test && !i->test())
|
||||
continue;
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin ", i->name, " users ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
|
|
@ -249,9 +260,11 @@ static int table_add_uid_boundaries(Table *table, const UIDRange *p) {
|
|||
TABLE_INT, 1); /* sort after any other entry with the same UID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
n_added += 2;
|
||||
}
|
||||
|
||||
return ELEMENTSOF(uid_range_table) * 2;
|
||||
return n_added;
|
||||
}
|
||||
|
||||
static int add_unavailable_uid(Table *table, uid_t start, uid_t end) {
|
||||
|
|
@ -565,16 +578,22 @@ static int show_group(GroupRecord *gr, Table *table) {
|
|||
}
|
||||
|
||||
static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
||||
int r;
|
||||
int r, n_added = 0;
|
||||
|
||||
assert(table);
|
||||
|
||||
FOREACH_ELEMENT(i, uid_range_table) {
|
||||
_cleanup_free_ char *name = NULL, *comment = NULL;
|
||||
|
||||
if (!FLAGS_SET(arg_disposition_mask, UINT64_C(1) << i->disposition))
|
||||
continue;
|
||||
|
||||
if (!uid_range_covers(p, i->first, i->last - i->first + 1))
|
||||
continue;
|
||||
|
||||
if (i->test && !i->test())
|
||||
continue;
|
||||
|
||||
name = strjoin(special_glyph(SPECIAL_GLYPH_ARROW_DOWN),
|
||||
" begin ", i->name, " groups ",
|
||||
special_glyph(SPECIAL_GLYPH_ARROW_DOWN));
|
||||
|
|
@ -626,9 +645,11 @@ static int table_add_gid_boundaries(Table *table, const UIDRange *p) {
|
|||
TABLE_INT, 1); /* sort after any other entry with the same GID */
|
||||
if (r < 0)
|
||||
return table_log_add_error(r);
|
||||
|
||||
n_added += 2;
|
||||
}
|
||||
|
||||
return ELEMENTSOF(uid_range_table) * 2;
|
||||
return n_added;
|
||||
}
|
||||
|
||||
static int add_unavailable_gid(Table *table, uid_t start, uid_t end) {
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
{% if LINK_SHELL_EXTRA_DROPIN %}
|
||||
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
{% if LINK_SSH_PROXY_DROPIN %}
|
||||
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Copy systemd-stub provided metadata such as PCR signature and public key file
|
||||
# from initrd into /run/, so that it will survive the initrd stage
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
{% if LINK_SSHD_USERDB_DROPIN %}
|
||||
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
d /etc/credstore 0700 root root
|
||||
d /etc/credstore.encrypted 0700 root root
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
L /etc/os-release - - - - ../usr/lib/os-release
|
||||
L+ /etc/mtab - - - - ../proc/self/mounts
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
Q /home 0755 - - -
|
||||
q /srv 0755 - - -
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Set the NOCOW attribute for directories of journal files. This flag
|
||||
# is inherited by their new files and sub-directories. Matters only
|
||||
|
|
|
|||
|
|
@ -5,10 +5,11 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# These files are considered legacy and are unnecessary on legacy-free
|
||||
# systems.
|
||||
# The functionality provided by these files and directories has been replaced
|
||||
# by newer interfaces. Their use is discouraged on legacy-free systems. This
|
||||
# configuration is provided to maintain backward compatibility.
|
||||
|
||||
d /run/lock 0755 root root -
|
||||
L /var/lock - - - - ../run/lock
|
||||
|
|
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
|
|||
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||
{% endif %}
|
||||
|
||||
{% if HAVE_SYSV_COMPAT %}
|
||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||
# hence without use on SysV-less systems.
|
||||
|
||||
d /run/lock/subsys 0755 root root -
|
||||
|
||||
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
|
||||
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
|
||||
# 'quotacheck.mode=force'
|
||||
|
||||
r! /forcefsck
|
||||
r! /fastboot
|
||||
r! /forcequotacheck
|
||||
{% endif %}
|
||||
|
|
|
|||
|
|
@ -35,7 +35,7 @@ in_files = [
|
|||
['20-systemd-stub.conf', 'ENABLE_EFI'],
|
||||
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
|
||||
['etc.conf'],
|
||||
['legacy.conf', 'HAVE_SYSV_COMPAT'],
|
||||
['legacy.conf'],
|
||||
['static-nodes-permissions.conf'],
|
||||
['systemd.conf'],
|
||||
['var.conf'],
|
||||
|
|
|
|||
|
|
@ -1,4 +1,4 @@
|
|||
# SPDX-License-Identifier: LGPL-2.1-or-later
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
Q /var/lib/portables 0700
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Provision additional login messages from credentials, if they are set. Note
|
||||
# that these lines are NOPs if the credentials are not set or if the files
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
||||
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
Q /var/lib/machines 0700 - - -
|
||||
|
||||
|
|
|
|||
|
|
@ -5,6 +5,6 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Exclude namespace mountpoints created with PrivateTmp=yes
|
||||
x /tmp/systemd-private-%b-*
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
d /run/user 0755 root root -
|
||||
{% if ENABLE_UTMP %}
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Clear tmp directories separately, to make them easier to override
|
||||
q /tmp 1777 root root 10d
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
q /var 0755 - - -
|
||||
|
||||
|
|
|
|||
|
|
@ -5,7 +5,7 @@
|
|||
# the Free Software Foundation; either version 2.1 of the License, or
|
||||
# (at your option) any later version.
|
||||
|
||||
# See tmpfiles.d(5) for details
|
||||
# See tmpfiles.d(5) for details.
|
||||
|
||||
# Make sure these are created by default so that nobody else can
|
||||
# or empty them at startup
|
||||
|
|
|
|||
Loading…
Reference in New Issue