Compare commits
8 Commits
7d164b90fa
...
9a730ce421
Author | SHA1 | Date |
---|---|---|
Yu Watanabe | 9a730ce421 | |
Yu Watanabe | 9671efff78 | |
Yu Watanabe | 4f0bc2582e | |
Yu Watanabe | 3292120adf | |
Yu Watanabe | f6cc5e1c8d | |
Yu Watanabe | 2be553ecf7 | |
Lennart Poettering | a859d0d378 | |
Lennart Poettering | db15657dfb |
13
NEWS
13
NEWS
|
@ -2,6 +2,15 @@ systemd System and Service Manager
|
||||||
|
|
||||||
CHANGES WITH 257 in spe:
|
CHANGES WITH 257 in spe:
|
||||||
|
|
||||||
|
Incompatible changes:
|
||||||
|
|
||||||
|
* The --purge switch of systemd-tmpfiles (which was added in v256) has
|
||||||
|
been reworked: it will now only apply to tmpfiles.d/ lines marked
|
||||||
|
with the new "$" flag. This is an incompatible change, and means any
|
||||||
|
tmpfiles.d/ files which shall be used together with --purge need to
|
||||||
|
be updated accordingly. This change has been made to make it harder
|
||||||
|
to accidentally delete too many files when using --purge incorrectly.
|
||||||
|
|
||||||
Announcements of Future Feature Removals and Incompatible Changes:
|
Announcements of Future Feature Removals and Incompatible Changes:
|
||||||
|
|
||||||
* Support for automatic flushing of the nscd user/group database caches
|
* Support for automatic flushing of the nscd user/group database caches
|
||||||
|
@ -85,7 +94,7 @@ CHANGES WITH 257 in spe:
|
||||||
/usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
|
/usr/lib/clock-epoch, and /var/lib/systemd/timesync/clock. See
|
||||||
systemd(1) for an detailed updated description.
|
systemd(1) for an detailed updated description.
|
||||||
|
|
||||||
* Ctrl-Alt-Delete is reenabled during late shutdown, so that the user
|
* Ctrl-Alt-Delete is re-enabled during late shutdown, so that the user
|
||||||
can still initiate a reboot if the system freezes.
|
can still initiate a reboot if the system freezes.
|
||||||
|
|
||||||
* Unit option PrivateUsers=identity can be used to request a user
|
* Unit option PrivateUsers=identity can be used to request a user
|
||||||
|
@ -202,7 +211,7 @@ CHANGES WITH 257 in spe:
|
||||||
versions.
|
versions.
|
||||||
|
|
||||||
* systemd-sysupdate gained a new --transfer-source= option to set the
|
* systemd-sysupdate gained a new --transfer-source= option to set the
|
||||||
directory to which transfer sources cofigured with
|
directory to which transfer sources configured with
|
||||||
PathRelativeTo=explicit will be interpreted.
|
PathRelativeTo=explicit will be interpreted.
|
||||||
|
|
||||||
Miscellaneous:
|
Miscellaneous:
|
||||||
|
|
|
@ -115,7 +115,7 @@
|
||||||
result can be pre-calculated without too much effort. The <literal>.pcrsig</literal> section is not
|
result can be pre-calculated without too much effort. The <literal>.pcrsig</literal> section is not
|
||||||
included in this PCR measurement, since it is supposed to contain signatures for the output of the
|
included in this PCR measurement, since it is supposed to contain signatures for the output of the
|
||||||
measurement operation, and thus cannot also be input to it. If an UKI contains multiple profiles, only
|
measurement operation, and thus cannot also be input to it. If an UKI contains multiple profiles, only
|
||||||
the PE sections of the selected profile (and those of the base profile, except if overriden) are
|
the PE sections of the selected profile (and those of the base profile, except if overridden) are
|
||||||
measured.</para>
|
measured.</para>
|
||||||
|
|
||||||
<para>If non-zero, the selected numeric profile is measured into PCR 12.</para>
|
<para>If non-zero, the selected numeric profile is measured into PCR 12.</para>
|
||||||
|
|
|
@ -152,10 +152,11 @@
|
||||||
<varlistentry>
|
<varlistentry>
|
||||||
<term><option>--purge</option></term>
|
<term><option>--purge</option></term>
|
||||||
|
|
||||||
<listitem><para>If this option is passed, all files and directories marked for
|
<listitem><para>If this option is passed, all files and directories declared for
|
||||||
<emphasis>creation</emphasis> by the <filename>tmpfiles.d/</filename> files specified on the command
|
<emphasis>creation</emphasis> and marked with the <literal>$</literal> character by the
|
||||||
line will be <emphasis>deleted</emphasis>. Specifically, this acts on all files and directories
|
<filename>tmpfiles.d/</filename> files specified on the command line will be
|
||||||
marked with <varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
|
<emphasis>deleted</emphasis>. Specifically, this acts on all files and directories marked with
|
||||||
|
<varname>f</varname>, <varname>F</varname>, <varname>d</varname>, <varname>D</varname>,
|
||||||
<varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
|
<varname>v</varname>, <varname>q</varname>, <varname>Q</varname>, <varname>p</varname>,
|
||||||
<varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
|
<varname>L</varname>, <varname>c</varname>, <varname>b</varname>, <varname>C</varname>,
|
||||||
<varname>w</varname>, <varname>e</varname>. If this switch is used at least one
|
<varname>w</varname>, <varname>e</varname>. If this switch is used at least one
|
||||||
|
|
|
@ -539,6 +539,10 @@ w- /proc/sys/vm/swappiness - - - - 10</programlisting></para>
|
||||||
service, the line is silently skipped. If <literal>^</literal> and <literal>~</literal> are combined
|
service, the line is silently skipped. If <literal>^</literal> and <literal>~</literal> are combined
|
||||||
Base64 decoding is applied to the credential contents.</para>
|
Base64 decoding is applied to the credential contents.</para>
|
||||||
|
|
||||||
|
<para>If the dollar sign (<literal>$</literal>) is used, the file becomes subject to removal when
|
||||||
|
<command>systemd-tmpfiles</command> is invoked with the <option>--purge</option> switch. Lines without
|
||||||
|
this character are unaffected by that switch.</para>
|
||||||
|
|
||||||
<para>Note that for all line types that result in creation of any kind of file node
|
<para>Note that for all line types that result in creation of any kind of file node
|
||||||
(i.e. <varname>f</varname>,
|
(i.e. <varname>f</varname>,
|
||||||
<varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>,
|
<varname>d</varname>/<varname>D</varname>/<varname>v</varname>/<varname>q</varname>/<varname>Q</varname>,
|
||||||
|
|
|
@ -1293,9 +1293,9 @@ static int link_get_network(Link *link, Network **ret) {
|
||||||
}
|
}
|
||||||
|
|
||||||
log_link_full(link, warn ? LOG_WARNING : LOG_DEBUG,
|
log_link_full(link, warn ? LOG_WARNING : LOG_DEBUG,
|
||||||
"found matching network '%s'%s.",
|
"Found matching .network file%s: %s",
|
||||||
network->filename,
|
warn ? ", based on potentially unpredictable interface name" : "",
|
||||||
warn ? ", based on potentially unpredictable interface name" : "");
|
network->filename);
|
||||||
|
|
||||||
if (network->unmanaged)
|
if (network->unmanaged)
|
||||||
return -ENOENT;
|
return -ENOENT;
|
||||||
|
@ -1304,7 +1304,7 @@ static int link_get_network(Link *link, Network **ret) {
|
||||||
return 0;
|
return 0;
|
||||||
}
|
}
|
||||||
|
|
||||||
return -ENOENT;
|
return log_link_debug_errno(link, SYNTHETIC_ERRNO(ENOENT), "No matching .network found.");
|
||||||
}
|
}
|
||||||
|
|
||||||
int link_reconfigure_impl(Link *link, bool force) {
|
int link_reconfigure_impl(Link *link, bool force) {
|
||||||
|
|
|
@ -5602,7 +5602,7 @@ static int run_container(
|
||||||
}
|
}
|
||||||
|
|
||||||
/* Note: we do not use SD_EVENT_SIGNAL_PROCMASK or sd_event_set_signal_exit(), since we want the
|
/* Note: we do not use SD_EVENT_SIGNAL_PROCMASK or sd_event_set_signal_exit(), since we want the
|
||||||
* signals to be block continously, even if we destroy the event loop and allocate a new one on
|
* signals to be block continuously, even if we destroy the event loop and allocate a new one on
|
||||||
* container reboot. */
|
* container reboot. */
|
||||||
|
|
||||||
if (arg_kill_signal > 0) {
|
if (arg_kill_signal > 0) {
|
||||||
|
|
|
@ -170,6 +170,8 @@ typedef struct Item {
|
||||||
|
|
||||||
bool try_replace:1;
|
bool try_replace:1;
|
||||||
|
|
||||||
|
bool purge:1;
|
||||||
|
|
||||||
OperationMask done;
|
OperationMask done;
|
||||||
} Item;
|
} Item;
|
||||||
|
|
||||||
|
@ -3046,6 +3048,9 @@ static int purge_item(Context *c, Item *i) {
|
||||||
if (!needs_purge(i->type))
|
if (!needs_purge(i->type))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
if (!i->purge)
|
||||||
|
return 0;
|
||||||
|
|
||||||
log_debug("Running purge action for entry %c %s", (char) i->type, i->path);
|
log_debug("Running purge action for entry %c %s", (char) i->type, i->path);
|
||||||
|
|
||||||
if (needs_glob(i->type))
|
if (needs_glob(i->type))
|
||||||
|
@ -3602,7 +3607,7 @@ static int parse_line(
|
||||||
ItemArray *existing;
|
ItemArray *existing;
|
||||||
OrderedHashmap *h;
|
OrderedHashmap *h;
|
||||||
bool append_or_force = false, boot = false, allow_failure = false, try_replace = false,
|
bool append_or_force = false, boot = false, allow_failure = false, try_replace = false,
|
||||||
unbase64 = false, from_cred = false, missing_user_or_group = false;
|
unbase64 = false, from_cred = false, missing_user_or_group = false, purge = false;
|
||||||
int r;
|
int r;
|
||||||
|
|
||||||
assert(fname);
|
assert(fname);
|
||||||
|
@ -3668,6 +3673,8 @@ static int parse_line(
|
||||||
unbase64 = true;
|
unbase64 = true;
|
||||||
else if (action[pos] == '^' && !from_cred)
|
else if (action[pos] == '^' && !from_cred)
|
||||||
from_cred = true;
|
from_cred = true;
|
||||||
|
else if (action[pos] == '$' && !purge)
|
||||||
|
purge = true;
|
||||||
else {
|
else {
|
||||||
*invalid_config = true;
|
*invalid_config = true;
|
||||||
return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
|
return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
|
||||||
|
@ -3684,6 +3691,7 @@ static int parse_line(
|
||||||
i.append_or_force = append_or_force;
|
i.append_or_force = append_or_force;
|
||||||
i.allow_failure = allow_failure;
|
i.allow_failure = allow_failure;
|
||||||
i.try_replace = try_replace;
|
i.try_replace = try_replace;
|
||||||
|
i.purge = purge;
|
||||||
|
|
||||||
r = specifier_printf(path, PATH_MAX-1, specifier_table, arg_root, NULL, &i.path);
|
r = specifier_printf(path, PATH_MAX-1, specifier_table, arg_root, NULL, &i.path);
|
||||||
if (ERRNO_IS_NOINFO(r))
|
if (ERRNO_IS_NOINFO(r))
|
||||||
|
@ -3838,6 +3846,12 @@ static int parse_line(
|
||||||
"Unknown command type '%c'.", (char) i.type);
|
"Unknown command type '%c'.", (char) i.type);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
if (i.purge && !needs_purge(i.type)) {
|
||||||
|
*invalid_config = true;
|
||||||
|
return log_syntax(NULL, LOG_ERR, fname, line, SYNTHETIC_ERRNO(EBADMSG),
|
||||||
|
"Purge flag '$' combined with line type '%c' which does not support purging.", (char) i.type);
|
||||||
|
}
|
||||||
|
|
||||||
if (!should_include_path(i.path))
|
if (!should_include_path(i.path))
|
||||||
return 0;
|
return 0;
|
||||||
|
|
||||||
|
|
|
@ -9,26 +9,39 @@ set -o pipefail
|
||||||
export SYSTEMD_LOG_LEVEL=debug
|
export SYSTEMD_LOG_LEVEL=debug
|
||||||
|
|
||||||
c='
|
c='
|
||||||
d /tmp/somedir
|
d$ /tmp/somedir
|
||||||
f /tmp/somedir/somefile - - - - baz
|
f$ /tmp/somedir/somefile - - - - baz
|
||||||
|
f /tmp/someotherfile - - - - qux
|
||||||
'
|
'
|
||||||
|
|
||||||
systemd-tmpfiles --create - <<<"$c"
|
systemd-tmpfiles --create - <<<"$c"
|
||||||
test -f /tmp/somedir/somefile
|
test -f /tmp/somedir/somefile
|
||||||
grep -q baz /tmp/somedir/somefile
|
grep -q baz /tmp/somedir/somefile
|
||||||
|
grep -q qux /tmp/someotherfile
|
||||||
|
|
||||||
systemd-tmpfiles --purge --dry-run - <<<"$c"
|
systemd-tmpfiles --purge --dry-run - <<<"$c"
|
||||||
test -f /tmp/somedir/somefile
|
test -f /tmp/somedir/somefile
|
||||||
grep -q baz /tmp/somedir/somefile
|
grep -q baz /tmp/somedir/somefile
|
||||||
|
grep -q qux /tmp/someotherfile
|
||||||
|
|
||||||
systemd-tmpfiles --purge - <<<"$c"
|
systemd-tmpfiles --purge - <<<"$c"
|
||||||
test ! -f /tmp/somedir/somefile
|
test ! -f /tmp/somedir/somefile
|
||||||
test ! -d /tmp/somedir/
|
test ! -d /tmp/somedir/
|
||||||
|
grep -q qux /tmp/someotherfile
|
||||||
|
|
||||||
systemd-tmpfiles --create --purge --dry-run - <<<"$c"
|
systemd-tmpfiles --create --purge --dry-run - <<<"$c"
|
||||||
test ! -f /tmp/somedir/somefile
|
test ! -f /tmp/somedir/somefile
|
||||||
test ! -d /tmp/somedir/
|
test ! -d /tmp/somedir/
|
||||||
|
grep -q qux /tmp/someotherfile
|
||||||
|
|
||||||
systemd-tmpfiles --create --purge - <<<"$c"
|
systemd-tmpfiles --create --purge - <<<"$c"
|
||||||
test -f /tmp/somedir/somefile
|
test -f /tmp/somedir/somefile
|
||||||
grep -q baz /tmp/somedir/somefile
|
grep -q baz /tmp/somedir/somefile
|
||||||
|
grep -q qux /tmp/someotherfile
|
||||||
|
|
||||||
|
systemd-tmpfiles --purge - <<<"$c"
|
||||||
|
test ! -f /tmp/somedir/somefile
|
||||||
|
test ! -d /tmp/somedir/
|
||||||
|
grep -q qux /tmp/someotherfile
|
||||||
|
|
||||||
|
rm /tmp/someotherfile
|
||||||
|
|
|
@ -8,5 +8,5 @@
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
{% if LINK_SHELL_EXTRA_DROPIN %}
|
{% if LINK_SHELL_EXTRA_DROPIN %}
|
||||||
L {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
|
@ -8,7 +8,7 @@
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
{% if LINK_SSH_PROXY_DROPIN %}
|
{% if LINK_SSH_PROXY_DROPIN %}
|
||||||
L {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf
|
||||||
{% endif %}
|
{% endif %}
|
||||||
{% if CREATE_SSHDPRIVSEPDIR %}
|
{% if CREATE_SSHDPRIVSEPDIR %}
|
||||||
d {{SSHDPRIVSEPDIR}} 0755
|
d {{SSHDPRIVSEPDIR}} 0755
|
||||||
|
|
|
@ -13,7 +13,7 @@
|
||||||
d /run/lock 0755 root root -
|
d /run/lock 0755 root root -
|
||||||
L /var/lock - - - - ../run/lock
|
L /var/lock - - - - ../run/lock
|
||||||
{% if CREATE_LOG_DIRS %}
|
{% if CREATE_LOG_DIRS %}
|
||||||
L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
# /run/lock/subsys is used for serializing SysV service execution, and
|
# /run/lock/subsys is used for serializing SysV service execution, and
|
||||||
|
|
|
@ -7,7 +7,7 @@
|
||||||
|
|
||||||
# See tmpfiles.d(5) for details
|
# See tmpfiles.d(5) for details
|
||||||
|
|
||||||
d /run/systemd/netif 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif 0755 systemd-network systemd-network -
|
||||||
d /run/systemd/netif/links 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -
|
||||||
d /run/systemd/netif/leases 0755 systemd-network systemd-network -
|
d$ /run/systemd/netif/leases 0755 systemd-network systemd-network -
|
||||||
d /var/lib/systemd/network 0755 systemd-network systemd-network -
|
d$ /var/lib/systemd/network 0755 systemd-network systemd-network -
|
||||||
|
|
|
@ -19,5 +19,5 @@ Q /var/lib/machines 0700 - - -
|
||||||
# systemd-nspawn --ephemeral places snapshots) we are more strict, to
|
# systemd-nspawn --ephemeral places snapshots) we are more strict, to
|
||||||
# avoid removing unrelated temporary files.
|
# avoid removing unrelated temporary files.
|
||||||
|
|
||||||
R! /var/lib/machines/.#*
|
R!$ /var/lib/machines/.#*
|
||||||
R! /.#machine.*
|
R!$ /.#machine.*
|
||||||
|
|
|
@ -14,10 +14,10 @@ x /var/tmp/systemd-private-%b-*
|
||||||
X /var/tmp/systemd-private-%b-*/tmp
|
X /var/tmp/systemd-private-%b-*/tmp
|
||||||
|
|
||||||
# Remove top-level private temporary directories on each boot
|
# Remove top-level private temporary directories on each boot
|
||||||
R! /tmp/systemd-private-*
|
R!$ /tmp/systemd-private-*
|
||||||
R! /var/tmp/systemd-private-*
|
R!$ /var/tmp/systemd-private-*
|
||||||
|
|
||||||
# Handle lost systemd-coredump temp files. They could be lost on old filesystems,
|
# Handle lost systemd-coredump temp files. They could be lost on old filesystems,
|
||||||
# for example, after hard reboot.
|
# for example, after hard reboot.
|
||||||
x /var/lib/systemd/coredump/.#core*.%b*
|
x /var/lib/systemd/coredump/.#core*.%b*
|
||||||
r! /var/lib/systemd/coredump/.#*
|
r!$ /var/lib/systemd/coredump/.#*
|
||||||
|
|
|
@ -13,11 +13,11 @@ f+! /run/utmp 0664 root utmp -
|
||||||
{% endif %}
|
{% endif %}
|
||||||
|
|
||||||
d /run/systemd/ask-password 0755 root root -
|
d /run/systemd/ask-password 0755 root root -
|
||||||
d /run/systemd/seats 0755 root root -
|
d$ /run/systemd/seats 0755 root root -
|
||||||
d /run/systemd/sessions 0755 root root -
|
d$ /run/systemd/sessions 0755 root root -
|
||||||
d /run/systemd/users 0755 root root -
|
d$ /run/systemd/users 0755 root root -
|
||||||
d /run/systemd/machines 0755 root root -
|
d /run/systemd/machines 0755 root root -
|
||||||
d /run/systemd/shutdown 0755 root root -
|
d$ /run/systemd/shutdown 0755 root root -
|
||||||
|
|
||||||
d /run/log 0755 root root -
|
d /run/log 0755 root root -
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue