Compare commits

...

14 Commits

Author SHA1 Message Date
Mike Yuan 4cd204a7e5
Merge 18c36b1e24 into f70e5620b6 2024-11-21 22:47:07 +01:00
Tobias Zimmermann f70e5620b6 hwdb: Add quirk for Logitech MX Keys for Mac
The KEY_102ND and KEY_GRAVE keys are switched on the
Logitech MX Keys for Mac, so switch them back
2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek 3127c71bf4
Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278) 2024-11-21 21:13:50 +01:00
Yuri Chornoivan b153eebfb2 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-22 05:02:16 +09:00
Zbigniew Jędrzejewski-Szmek 2c06e40ae9 tmpfiles: add period at end of the sentence
The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.
2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek 5ca9149464 tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
That file contains a bunch of entries of which only some are related to SysV.
The rest are just "traditional APIs" that need to stay. In particular,
/var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl).
Similarly, the README about /var/log is something that should stay as long as
we have people migrating from older systems or using the copiuos documentation
that mentions /var/log/messages.txt on the Internet.

/var/lock/subsys is only used by sysvinit, and our code to support /forcefsck,
/fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so
conditionalize those here on HAVE_SYSV_COMPAT too.
2024-11-21 18:32:46 +01:00
Mike Yuan 18c36b1e24
basic/cgroup-util: port cg_pidref_get_path() to pidfd_get_cgroupid() 2024-11-19 23:03:19 +01:00
Mike Yuan 43f08f534d
basic/cgroup-util: introduce generic cg_path_from_cgroupid() helper 2024-11-19 23:03:19 +01:00
Mike Yuan bcfcd1e5be
nsresourced: don't specify REMOVE_PHYSICAL, remove redundant safety check
Even without REMOVE_PHYSICAL, rm_rf() permits cgroupfs, hence
just delegate the safety check to that.
2024-11-19 23:03:12 +01:00
Mike Yuan 31865c9948
basic/pidfd-util: introduce pidfd_get_cgroupid() 2024-11-19 23:01:27 +01:00
Mike Yuan 30b1644d31
basic/pidref: move generic pidfd_get_inode_id() to pidfd-util
Prompted by 221d6e54c6
2024-11-19 22:55:53 +01:00
Mike Yuan 7ea32bf4a4
basic/pidfd: try to translate pidfd -> pid through ioctl(PIDFD_GET_INFO) 2024-11-19 22:55:38 +01:00
Mike Yuan 01c3b02427
basic: introduce missing_pidfd.h 2024-11-19 22:55:02 +01:00
Mike Yuan c5160a9e38
basic/process-util: extract pidfd-related funcs into pidfd-util.[ch] 2024-11-19 22:54:58 +01:00
34 changed files with 305 additions and 157 deletions

View File

@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11) KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12) KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
########################################################### ###########################################################
# Maxdata # Maxdata
########################################################### ###########################################################

View File

@ -9,8 +9,8 @@ msgid ""
msgstr "" msgstr ""
"Report-Msgid-Bugs-To: \n" "Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n" "POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n" "PO-Revision-Date: 2024-11-21 19:38+0000\n"
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n" "Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/" "Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n" "systemd/main/uk/>\n"
"Language: uk\n" "Language: uk\n"
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
#: src/home/org.freedesktop.home1.policy:53 #: src/home/org.freedesktop.home1.policy:53
msgid "Update your home area" msgid "Update your home area"
msgstr "Оновіть свій домашній простір" msgstr "Оновлення домашньої області"
#: src/home/org.freedesktop.home1.policy:54 #: src/home/org.freedesktop.home1.policy:54
msgid "Authentication is required to update your home area." msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої області потрібна автентифікація." msgstr "Для оновлення домашньої області слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63 #: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area" msgid "Resize a home area"
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76 #: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features" msgid "Authentication is required to manage optional features"
msgstr "Для керування додатковими функціями потрібна автентифікація" msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
#: src/timedate/org.freedesktop.timedate1.policy:22 #: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time" msgid "Set system time"

View File

@ -28,6 +28,7 @@
#include "mkdir.h" #include "mkdir.h"
#include "parse-util.h" #include "parse-util.h"
#include "path-util.h" #include "path-util.h"
#include "pidfd-util.h"
#include "process-util.h" #include "process-util.h"
#include "set.h" #include "set.h"
#include "special.h" #include "special.h"
@ -72,6 +73,28 @@ int cg_cgroupid_open(int cgroupfs_fd, uint64_t id) {
return fd; return fd;
} }
int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret) {
_cleanup_close_ int cgfd = -EBADF;
int r;
cgfd = cg_cgroupid_open(cgroupfs_fd, id);
if (cgfd < 0)
return cgfd;
_cleanup_free_ char *path = NULL;
r = fd_get_path(cgfd, &path);
if (r < 0)
return r;
if (isempty(path_startswith(path, "/sys/fs/cgroup/")))
return -EINVAL;
if (ret)
*ret = TAKE_PTR(path);
return 0;
}
static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) { static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
_cleanup_free_ char *fs = NULL; _cleanup_free_ char *fs = NULL;
FILE *f; FILE *f;
@ -826,6 +849,16 @@ int cg_pidref_get_path(const char *controller, const PidRef *pidref, char **ret_
if (!pidref_is_set(pidref)) if (!pidref_is_set(pidref))
return -ESRCH; return -ESRCH;
if (pidref->fd >= 0) {
uint64_t cgroup_id;
r = pidfd_get_cgroupid(pidref->fd, &cgroup_id);
if (r >= 0)
return cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, ret_path);
if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
return r;
}
r = cg_pid_get_path(controller, pidref->pid, &path); r = cg_pid_get_path(controller, pidref->pid, &path);
if (r < 0) if (r < 0)
return r; return r;

View File

@ -183,6 +183,8 @@ typedef enum CGroupUnified {
int cg_path_open(const char *controller, const char *path); int cg_path_open(const char *controller, const char *path);
int cg_cgroupid_open(int fsfd, uint64_t id); int cg_cgroupid_open(int fsfd, uint64_t id);
int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret);
typedef enum CGroupFlags { typedef enum CGroupFlags {
CGROUP_SIGCONT = 1 << 0, CGROUP_SIGCONT = 1 << 0,
CGROUP_IGNORE_SELF = 1 << 1, CGROUP_IGNORE_SELF = 1 << 1,

View File

@ -72,6 +72,7 @@ basic_sources = files(
'parse-util.c', 'parse-util.c',
'path-util.c', 'path-util.c',
'percent-util.c', 'percent-util.c',
'pidfd-util.c',
'pidref.c', 'pidref.c',
'prioq.c', 'prioq.c',
'proc-cmdline.c', 'proc-cmdline.c',

43
src/basic/missing_pidfd.h Normal file
View File

@ -0,0 +1,43 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <linux/types.h>
#define PIDFS_IOCTL_MAGIC 0xFF
#ifndef PIDFD_GET_CGROUP_NAMESPACE
# define PIDFD_GET_CGROUP_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 1)
# define PIDFD_GET_IPC_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 2)
# define PIDFD_GET_MNT_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 3)
# define PIDFD_GET_NET_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 4)
# define PIDFD_GET_PID_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 5)
# define PIDFD_GET_PID_FOR_CHILDREN_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 6)
# define PIDFD_GET_TIME_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 7)
# define PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 8)
# define PIDFD_GET_USER_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 9)
# define PIDFD_GET_UTS_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 10)
#endif
#ifndef PIDFD_GET_INFO
struct pidfd_info {
__u64 mask;
__u64 cgroupid;
__u32 pid;
__u32 tgid;
__u32 ppid;
__u32 ruid;
__u32 rgid;
__u32 euid;
__u32 egid;
__u32 suid;
__u32 sgid;
__u32 fsuid;
__u32 fsgid;
__u32 spare0[1];
};
#define PIDFD_GET_INFO _IOWR(PIDFS_IOCTL_MAGIC, 11, struct pidfd_info)
#define PIDFD_INFO_PID (1UL << 0)
#define PIDFD_INFO_CREDS (1UL << 1)
#define PIDFD_INFO_CGROUPID (1UL << 2)
#endif

161
src/basic/pidfd-util.c Normal file
View File

@ -0,0 +1,161 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <sys/ioctl.h>
#include <unistd.h>
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "macro.h"
#include "memory-util.h"
#include "missing_magic.h"
#include "missing_pidfd.h"
#include "parse-util.h"
#include "path-util.h"
#include "pidfd-util.h"
#include "stat-util.h"
#include "string-util.h"
static bool pidfd_get_info_supported = true;
static bool ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(intmax_t r) {
return IN_SET(r, -ENOTTY, -EINVAL);
}
_DEFINE_ABS_WRAPPER(PIDFD_IOCTL_NOT_SUPPORTED);
static int pidfd_get_pid_fdinfo(int fd, pid_t *ret) {
char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
_cleanup_free_ char *fdinfo = NULL;
int r;
assert(fd >= 0);
xsprintf(path, "/proc/self/fdinfo/%i", fd);
r = read_full_virtual_file(path, &fdinfo, NULL);
if (r == -ENOENT)
return proc_fd_enoent_errno();
if (r < 0)
return r;
char *p = find_line_startswith(fdinfo, "Pid:");
if (!p)
return -ENOTTY; /* not a pidfd? */
p = skip_leading_chars(p, /* bad = */ NULL);
p[strcspn(p, WHITESPACE)] = 0;
if (streq(p, "0"))
return -EREMOTE; /* PID is in foreign PID namespace? */
if (streq(p, "-1"))
return -ESRCH; /* refers to reaped process? */
return parse_pid(p, ret);
}
static int pidfd_get_pid_ioctl(int fd, pid_t *ret) {
struct pidfd_info info = { .mask = PIDFD_INFO_PID };
assert(fd >= 0);
if (ioctl(fd, PIDFD_GET_INFO, &info) < 0)
return -errno;
assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));
if (ret)
*ret = info.pid;
return 0;
}
int pidfd_get_pid(int fd, pid_t *ret) {
int r;
/* Converts a pidfd into a pid. We try ioctl(PIDFD_GET_INFO) (kernel 6.13+) first,
* /proc/self/fdinfo/ as fallback. Well known errors:
*
* -EBADF fd invalid
* -ESRCH fd valid, but process is already reaped
*
* pidfd_get_pid_fdinfo() might additionally fail for other reasons:
*
* -ENOSYS /proc/ not mounted
* -ENOTTY fd valid, but not a pidfd
* -EREMOTE fd valid, but pid is in another namespace we cannot translate to the local one
*/
assert(fd >= 0);
if (pidfd_get_info_supported) {
r = pidfd_get_pid_ioctl(fd, ret);
if (!ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(r))
return r;
pidfd_get_info_supported = false;
}
return pidfd_get_pid_fdinfo(fd, ret);
}
int pidfd_verify_pid(int pidfd, pid_t pid) {
pid_t current_pid;
int r;
assert(pidfd >= 0);
assert(pid > 0);
r = pidfd_get_pid(pidfd, &current_pid);
if (r < 0)
return r;
return current_pid != pid ? -ESRCH : 0;
}
int pidfd_get_cgroupid(int fd, uint64_t *ret) {
struct pidfd_info info = { .mask = PIDFD_INFO_CGROUP };
assert(fd >= 0);
if (!pidfd_get_info_supported)
return -EOPNOTSUPP;
if (ioctl(fd, PIDFD_GET_INFO, &info) < 0) {
if (ERRNO_IS_PIDFD_IOCTL_NOT_SUPPORTED(errno)) {
pidfd_get_info_supported = false;
return -EOPNOTSUPP;
}
return -errno;
}
if (!FLAGS_SET(info.mask, PIDFD_INFO_CGROUP))
return -ENODATA;
if (ret)
*ret = info.cgroupid;
return 0;
}
int pidfd_get_inode_id(int fd, uint64_t *ret) {
static int cached_supported = -1;
int r;
assert(fd >= 0);
if (cached_supported < 0) {
cached_supported = fd_is_fs_type(fd, PID_FS_MAGIC);
if (cached_supported < 0)
return cached_supported;
}
if (cached_supported == 0)
return -EOPNOTSUPP;
struct stat st;
if (fstat(fd, &st) < 0)
return -errno;
if (ret)
*ret = (uint64_t) st.st_ino;
return 0;
}

15
src/basic/pidfd-util.h Normal file
View File

@ -0,0 +1,15 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <stdint.h>
#if HAVE_PIDFD_OPEN
#include <sys/pidfd.h>
#endif
#include <sys/types.h>
int pidfd_get_pid(int fd, pid_t *ret);
int pidfd_verify_pid(int pidfd, pid_t pid);
int pidfd_get_cgroupid(int fd, uint64_t *ret);
int pidfd_get_inode_id(int fd, uint64_t *ret);

View File

@ -1,36 +1,14 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */ /* SPDX-License-Identifier: LGPL-2.1-or-later */
#if HAVE_PIDFD_OPEN
#include <sys/pidfd.h>
#endif
#include "errno-util.h" #include "errno-util.h"
#include "fd-util.h" #include "fd-util.h"
#include "missing_magic.h"
#include "missing_syscall.h" #include "missing_syscall.h"
#include "missing_wait.h" #include "missing_wait.h"
#include "parse-util.h" #include "parse-util.h"
#include "pidfd-util.h"
#include "pidref.h" #include "pidref.h"
#include "process-util.h" #include "process-util.h"
#include "signal-util.h" #include "signal-util.h"
#include "stat-util.h"
static int pidfd_inode_ids_supported(void) {
static int cached = -1;
if (cached >= 0)
return cached;
_cleanup_close_ int fd = pidfd_open(getpid_cached(), 0);
if (fd < 0) {
if (ERRNO_IS_NOT_SUPPORTED(errno))
return (cached = false);
return -errno;
}
return (cached = fd_is_fs_type(fd, PID_FS_MAGIC));
}
int pidref_acquire_pidfd_id(PidRef *pidref) { int pidref_acquire_pidfd_id(PidRef *pidref) {
int r; int r;
@ -49,19 +27,14 @@ int pidref_acquire_pidfd_id(PidRef *pidref) {
if (pidref->fd_id > 0) if (pidref->fd_id > 0)
return 0; return 0;
r = pidfd_inode_ids_supported(); r = pidfd_get_inode_id(pidref->fd, &pidref->fd_id);
if (r < 0) if (r < 0) {
return r; if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
if (r == 0) log_debug_errno(r, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
return -EOPNOTSUPP;
struct stat st;
if (fstat(pidref->fd, &st) < 0)
return log_debug_errno(errno, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
pidref->pid); pidref->pid);
return r;
}
pidref->fd_id = (uint64_t) st.st_ino;
return 0; return 0;
} }

View File

@ -1874,59 +1874,6 @@ int get_oom_score_adjust(int *ret) {
return 0; return 0;
} }
int pidfd_get_pid(int fd, pid_t *ret) {
char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
_cleanup_free_ char *fdinfo = NULL;
int r;
/* Converts a pidfd into a pid. Well known errors:
*
* -EBADF fd invalid
* -ENOSYS /proc/ not mounted
* -ENOTTY fd valid, but not a pidfd
* -EREMOTE fd valid, but pid is in another namespace we cannot translate to the local one
* -ESRCH fd valid, but process is already reaped
*/
assert(fd >= 0);
xsprintf(path, "/proc/self/fdinfo/%i", fd);
r = read_full_virtual_file(path, &fdinfo, NULL);
if (r == -ENOENT)
return proc_fd_enoent_errno();
if (r < 0)
return r;
char *p = find_line_startswith(fdinfo, "Pid:");
if (!p)
return -ENOTTY; /* not a pidfd? */
p = skip_leading_chars(p, /* bad = */ NULL);
p[strcspn(p, WHITESPACE)] = 0;
if (streq(p, "0"))
return -EREMOTE; /* PID is in foreign PID namespace? */
if (streq(p, "-1"))
return -ESRCH; /* refers to reaped process? */
return parse_pid(p, ret);
}
int pidfd_verify_pid(int pidfd, pid_t pid) {
pid_t current_pid;
int r;
assert(pidfd >= 0);
assert(pid > 0);
r = pidfd_get_pid(pidfd, &current_pid);
if (r < 0)
return r;
return current_pid != pid ? -ESRCH : 0;
}
static int rlimit_to_nice(rlim_t limit) { static int rlimit_to_nice(rlim_t limit) {
if (limit <= 1) if (limit <= 1)
return PRIO_MAX-1; /* i.e. 19 */ return PRIO_MAX-1; /* i.e. 19 */

View File

@ -251,9 +251,6 @@ assert_cc(TASKS_MAX <= (unsigned long) PID_T_MAX);
/* Like TAKE_PTR() but for pid_t, resetting them to 0 */ /* Like TAKE_PTR() but for pid_t, resetting them to 0 */
#define TAKE_PID(pid) TAKE_GENERIC(pid, pid_t, 0) #define TAKE_PID(pid) TAKE_GENERIC(pid, pid_t, 0)
int pidfd_get_pid(int fd, pid_t *ret);
int pidfd_verify_pid(int pidfd, pid_t pid);
int setpriority_closest(int priority); int setpriority_closest(int priority);
_noreturn_ void freeze(void); _noreturn_ void freeze(void);

View File

@ -1,9 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */ /* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <sys/epoll.h> #include <sys/epoll.h>
#if HAVE_PIDFD_OPEN
#include <sys/pidfd.h>
#endif
#include <sys/timerfd.h> #include <sys/timerfd.h>
#include <sys/wait.h> #include <sys/wait.h>
@ -31,6 +28,7 @@
#include "origin-id.h" #include "origin-id.h"
#include "path-util.h" #include "path-util.h"
#include "prioq.h" #include "prioq.h"
#include "pidfd-util.h"
#include "process-util.h" #include "process-util.h"
#include "psi-util.h" #include "psi-util.h"
#include "set.h" #include "set.h"

View File

@ -22,6 +22,7 @@
#include "macro.h" #include "macro.h"
#include "parse-util.h" #include "parse-util.h"
#include "path-util.h" #include "path-util.h"
#include "pidfd-util.h"
#include "process-util.h" #include "process-util.h"
#include "socket-util.h" #include "socket-util.h"
#include "stdio-util.h" #include "stdio-util.h"

View File

@ -525,49 +525,20 @@ int userns_info_add_cgroup(UserNamespaceInfo *userns, uint64_t cgroup_id) {
} }
static int userns_destroy_cgroup(uint64_t cgroup_id) { static int userns_destroy_cgroup(uint64_t cgroup_id) {
_cleanup_close_ int cgroup_fd = -EBADF, parent_fd = -EBADF; _cleanup_free_ char *path = NULL;
int r; int r;
cgroup_fd = cg_cgroupid_open(/* cgroupfsfd= */ -EBADF, cgroup_id); r = cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, &path);
if (cgroup_fd == -ESTALE) { if (r == -ESTALE) {
log_debug_errno(cgroup_fd, "Control group %" PRIu64 " already gone, ignoring: %m", cgroup_id); log_debug_errno(r, "Control group %" PRIu64 " already gone, ignoring.", cgroup_id);
return 0; return 0;
} }
if (cgroup_fd < 0)
return log_debug_errno(errno, "Failed to open cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
_cleanup_free_ char *path = NULL;
r = fd_get_path(cgroup_fd, &path);
if (r < 0) if (r < 0)
return log_debug_errno(r, "Failed to get path of cgroup %" PRIu64 ", ignoring: %m", cgroup_id); return log_debug_errno(r, "Failed to get path of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
const char *e = path_startswith(path, "/sys/fs/cgroup/"); log_debug("Destroying cgroup %" PRIu64 " (%s)", cgroup_id, path);
if (!e)
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got cgroup path that doesn't start with /sys/fs/cgroup/, refusing: %s", path);
if (isempty(e))
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got root cgroup path, which can't be right, refusing.");
log_debug("Path of cgroup %" PRIu64 " is: %s", cgroup_id, path); r = rm_rf(path, REMOVE_ROOT|REMOVE_ONLY_DIRECTORIES|REMOVE_CHMOD);
_cleanup_free_ char *fname = NULL;
r = path_extract_filename(path, &fname);
if (r < 0)
return log_debug_errno(r, "Failed to extract name of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
parent_fd = openat(cgroup_fd, "..", O_CLOEXEC|O_DIRECTORY);
if (parent_fd < 0)
return log_debug_errno(errno, "Failed to open parent cgroup of %" PRIu64 ", ignoring: %m", cgroup_id);
/* Safety check, never leave cgroupfs */
r = fd_is_fs_type(parent_fd, CGROUP2_SUPER_MAGIC);
if (r < 0)
return log_debug_errno(r, "Failed to determine if parent directory of cgroup %" PRIu64 " is still a cgroup, ignoring: %m", cgroup_id);
if (!r)
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Parent directory of cgroup %" PRIu64 " is not a cgroup, refusing.", cgroup_id);
cgroup_fd = safe_close(cgroup_fd);
r = rm_rf_child(parent_fd, fname, REMOVE_ONLY_DIRECTORIES|REMOVE_PHYSICAL|REMOVE_CHMOD);
if (r < 0) if (r < 0)
log_debug_errno(r, "Failed to remove delegated cgroup %" PRIu64 ", ignoring: %m", cgroup_id); log_debug_errno(r, "Failed to remove delegated cgroup %" PRIu64 ", ignoring: %m", cgroup_id);

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SHELL_EXTRA_DROPIN %} {% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SSH_PROXY_DROPIN %} {% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Copy systemd-stub provided metadata such as PCR signature and public key file # Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage # from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
{% if LINK_SSHD_USERDB_DROPIN %} {% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d /etc/credstore 0700 root root d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
L /etc/os-release - - - - ../usr/lib/os-release L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /home 0755 - - - Q /home 0755 - - -
q /srv 0755 - - - q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Set the NOCOW attribute for directories of journal files. This flag # Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only # is inherited by their new files and sub-directories. Matters only

View File

@ -5,10 +5,11 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# These files are considered legacy and are unnecessary on legacy-free # The functionality provided by these files and directories has been replaced
# systems. # by newer interfaces. Their use is discouraged on legacy-free systems. This
# configuration is provided to maintain backward compatibility.
d /run/lock 0755 root root - d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock L /var/lock - - - - ../run/lock
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %} {% endif %}
{% if HAVE_SYSV_COMPAT %}
# /run/lock/subsys is used for serializing SysV service execution, and # /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems. # hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root - d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the # /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and # kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force' # 'quotacheck.mode=force'
r! /forcefsck r! /forcefsck
r! /fastboot r! /fastboot
r! /forcequotacheck r! /forcequotacheck
{% endif %}

View File

@ -35,7 +35,7 @@ in_files = [
['20-systemd-stub.conf', 'ENABLE_EFI'], ['20-systemd-stub.conf', 'ENABLE_EFI'],
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'], ['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
['etc.conf'], ['etc.conf'],
['legacy.conf', 'HAVE_SYSV_COMPAT'], ['legacy.conf'],
['static-nodes-permissions.conf'], ['static-nodes-permissions.conf'],
['systemd.conf'], ['systemd.conf'],
['var.conf'], ['var.conf'],

View File

@ -1,4 +1,4 @@
# SPDX-License-Identifier: LGPL-2.1-or-later # SPDX-License-Identifier: LGPL-2.1-or-later
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /var/lib/portables 0700 Q /var/lib/portables 0700

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Provision additional login messages from credentials, if they are set. Note # Provision additional login messages from credentials, if they are set. Note
# that these lines are NOPs if the credentials are not set or if the files # that these lines are NOPs if the credentials are not set or if the files

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d$ /run/systemd/netif 0755 systemd-network systemd-network - d$ /run/systemd/netif 0755 systemd-network systemd-network -
d$ /run/systemd/netif/links 0755 systemd-network systemd-network - d$ /run/systemd/netif/links 0755 systemd-network systemd-network -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
Q /var/lib/machines 0700 - - - Q /var/lib/machines 0700 - - -

View File

@ -5,6 +5,6 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Exclude namespace mountpoints created with PrivateTmp=yes # Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-* x /tmp/systemd-private-%b-*

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
d /run/user 0755 root root - d /run/user 0755 root root -
{% if ENABLE_UTMP %} {% if ENABLE_UTMP %}

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Clear tmp directories separately, to make them easier to override # Clear tmp directories separately, to make them easier to override
q /tmp 1777 root root 10d q /tmp 1777 root root 10d

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
q /var 0755 - - - q /var 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or # the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version. # (at your option) any later version.
# See tmpfiles.d(5) for details # See tmpfiles.d(5) for details.
# Make sure these are created by default so that nobody else can # Make sure these are created by default so that nobody else can
# or empty them at startup # or empty them at startup