Compare commits

...

14 Commits

Author SHA1 Message Date
Mike Yuan 4cd204a7e5
Merge 18c36b1e24 into f70e5620b6 2024-11-21 22:47:07 +01:00
Tobias Zimmermann f70e5620b6 hwdb: Add quirk for Logitech MX Keys for Mac
The KEY_102ND and KEY_GRAVE keys are switched on the
Logitech MX Keys for Mac, so switch them back
2024-11-21 21:16:07 +01:00
Zbigniew Jędrzejewski-Szmek 3127c71bf4
Keep tmpfiles/legacy.conf even if SysVInit support is dropped (#35278) 2024-11-21 21:13:50 +01:00
Yuri Chornoivan b153eebfb2 po: Translated using Weblate (Ukrainian)
Currently translated at 100.0% (257 of 257 strings)

Co-authored-by: Yuri Chornoivan <yurchor@ukr.net>
Translate-URL: https://translate.fedoraproject.org/projects/systemd/main/uk/
Translation: systemd/main
2024-11-22 05:02:16 +09:00
Zbigniew Jędrzejewski-Szmek 2c06e40ae9 tmpfiles: add period at end of the sentence
The license that is immediately above is properly punctuated and it looks
sloppy when our line below isn't.
2024-11-21 18:35:18 +01:00
Zbigniew Jędrzejewski-Szmek 5ca9149464 tmpfiles: narrow scope of HAVE_SYSV_COMPAT condition for legacy.conf
That file contains a bunch of entries of which only some are related to SysV.
The rest are just "traditional APIs" that need to stay. In particular,
/var/lock a.k.a. /run/lock is used by many programs (LVM, iscsi, alsactl).
Similarly, the README about /var/log is something that should stay as long as
we have people migrating from older systems or using the copiuos documentation
that mentions /var/log/messages.txt on the Internet.

/var/lock/subsys is only used by sysvinit, and our code to support /forcefsck,
/fastboot, and /forcequotacheck is conditionalized on HAVE_SYSV_COMPAT, so
conditionalize those here on HAVE_SYSV_COMPAT too.
2024-11-21 18:32:46 +01:00
Mike Yuan 18c36b1e24
basic/cgroup-util: port cg_pidref_get_path() to pidfd_get_cgroupid() 2024-11-19 23:03:19 +01:00
Mike Yuan 43f08f534d
basic/cgroup-util: introduce generic cg_path_from_cgroupid() helper 2024-11-19 23:03:19 +01:00
Mike Yuan bcfcd1e5be
nsresourced: don't specify REMOVE_PHYSICAL, remove redundant safety check
Even without REMOVE_PHYSICAL, rm_rf() permits cgroupfs, hence
just delegate the safety check to that.
2024-11-19 23:03:12 +01:00
Mike Yuan 31865c9948
basic/pidfd-util: introduce pidfd_get_cgroupid() 2024-11-19 23:01:27 +01:00
Mike Yuan 30b1644d31
basic/pidref: move generic pidfd_get_inode_id() to pidfd-util
Prompted by 221d6e54c6
2024-11-19 22:55:53 +01:00
Mike Yuan 7ea32bf4a4
basic/pidfd: try to translate pidfd -> pid through ioctl(PIDFD_GET_INFO) 2024-11-19 22:55:38 +01:00
Mike Yuan 01c3b02427
basic: introduce missing_pidfd.h 2024-11-19 22:55:02 +01:00
Mike Yuan c5160a9e38
basic/process-util: extract pidfd-related funcs into pidfd-util.[ch] 2024-11-19 22:54:58 +01:00
34 changed files with 305 additions and 157 deletions

View File

@ -1438,6 +1438,11 @@ evdev:input:b0003v046DpC309*
KEYBOARD_KEY_c01b6=images # My Pictures (F11)
KEYBOARD_KEY_c01b7=audio # My Music (F12)
# Logitech MX Keys for Mac
evdev:input:b0003v046Dp4092*
KEYBOARD_KEY_70035=102nd # '<' key
KEYBOARD_KEY_70064=grave # '^' key
###########################################################
# Maxdata
###########################################################

View File

@ -9,8 +9,8 @@ msgid ""
msgstr ""
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: 2024-11-06 14:42+0000\n"
"PO-Revision-Date: 2024-11-20 19:13+0000\n"
"Last-Translator: Dmytro Markevych <hotr1pak@gmail.com>\n"
"PO-Revision-Date: 2024-11-21 19:38+0000\n"
"Last-Translator: Yuri Chornoivan <yurchor@ukr.net>\n"
"Language-Team: Ukrainian <https://translate.fedoraproject.org/projects/"
"systemd/main/uk/>\n"
"Language: uk\n"
@ -120,11 +120,11 @@ msgstr "Для оновлення домашньої теки користува
#: src/home/org.freedesktop.home1.policy:53
msgid "Update your home area"
msgstr "Оновіть свій домашній простір"
msgstr "Оновлення домашньої області"
#: src/home/org.freedesktop.home1.policy:54
msgid "Authentication is required to update your home area."
msgstr "Для оновлення домашньої області потрібна автентифікація."
msgstr "Для оновлення домашньої області слід пройти розпізнавання."
#: src/home/org.freedesktop.home1.policy:63
msgid "Resize a home area"
@ -1215,7 +1215,7 @@ msgstr "Керування додатковими функціями"
#: src/sysupdate/org.freedesktop.sysupdate1.policy:76
msgid "Authentication is required to manage optional features"
msgstr "Для керування додатковими функціями потрібна автентифікація"
msgstr "Для керування додатковими можливостями слід пройти розпізнавання"
#: src/timedate/org.freedesktop.timedate1.policy:22
msgid "Set system time"

View File

@ -28,6 +28,7 @@
#include "mkdir.h"
#include "parse-util.h"
#include "path-util.h"
#include "pidfd-util.h"
#include "process-util.h"
#include "set.h"
#include "special.h"
@ -72,6 +73,28 @@ int cg_cgroupid_open(int cgroupfs_fd, uint64_t id) {
return fd;
}
int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret) {
_cleanup_close_ int cgfd = -EBADF;
int r;
cgfd = cg_cgroupid_open(cgroupfs_fd, id);
if (cgfd < 0)
return cgfd;
_cleanup_free_ char *path = NULL;
r = fd_get_path(cgfd, &path);
if (r < 0)
return r;
if (isempty(path_startswith(path, "/sys/fs/cgroup/")))
return -EINVAL;
if (ret)
*ret = TAKE_PTR(path);
return 0;
}
static int cg_enumerate_items(const char *controller, const char *path, FILE **ret, const char *item) {
_cleanup_free_ char *fs = NULL;
FILE *f;
@ -826,6 +849,16 @@ int cg_pidref_get_path(const char *controller, const PidRef *pidref, char **ret_
if (!pidref_is_set(pidref))
return -ESRCH;
if (pidref->fd >= 0) {
uint64_t cgroup_id;
r = pidfd_get_cgroupid(pidref->fd, &cgroup_id);
if (r >= 0)
return cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, ret_path);
if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
return r;
}
r = cg_pid_get_path(controller, pidref->pid, &path);
if (r < 0)
return r;

View File

@ -183,6 +183,8 @@ typedef enum CGroupUnified {
int cg_path_open(const char *controller, const char *path);
int cg_cgroupid_open(int fsfd, uint64_t id);
int cg_path_from_cgroupid(int cgroupfs_fd, uint64_t id, char **ret);
typedef enum CGroupFlags {
CGROUP_SIGCONT = 1 << 0,
CGROUP_IGNORE_SELF = 1 << 1,

View File

@ -72,6 +72,7 @@ basic_sources = files(
'parse-util.c',
'path-util.c',
'percent-util.c',
'pidfd-util.c',
'pidref.c',
'prioq.c',
'proc-cmdline.c',

43
src/basic/missing_pidfd.h Normal file
View File

@ -0,0 +1,43 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <linux/types.h>
#define PIDFS_IOCTL_MAGIC 0xFF
#ifndef PIDFD_GET_CGROUP_NAMESPACE
# define PIDFD_GET_CGROUP_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 1)
# define PIDFD_GET_IPC_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 2)
# define PIDFD_GET_MNT_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 3)
# define PIDFD_GET_NET_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 4)
# define PIDFD_GET_PID_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 5)
# define PIDFD_GET_PID_FOR_CHILDREN_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 6)
# define PIDFD_GET_TIME_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 7)
# define PIDFD_GET_TIME_FOR_CHILDREN_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 8)
# define PIDFD_GET_USER_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 9)
# define PIDFD_GET_UTS_NAMESPACE _IO(PIDFS_IOCTL_MAGIC, 10)
#endif
#ifndef PIDFD_GET_INFO
struct pidfd_info {
__u64 mask;
__u64 cgroupid;
__u32 pid;
__u32 tgid;
__u32 ppid;
__u32 ruid;
__u32 rgid;
__u32 euid;
__u32 egid;
__u32 suid;
__u32 sgid;
__u32 fsuid;
__u32 fsgid;
__u32 spare0[1];
};
#define PIDFD_GET_INFO _IOWR(PIDFS_IOCTL_MAGIC, 11, struct pidfd_info)
#define PIDFD_INFO_PID (1UL << 0)
#define PIDFD_INFO_CREDS (1UL << 1)
#define PIDFD_INFO_CGROUPID (1UL << 2)
#endif

161
src/basic/pidfd-util.c Normal file
View File

@ -0,0 +1,161 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <sys/ioctl.h>
#include <unistd.h>
#include "errno-util.h"
#include "fd-util.h"
#include "fileio.h"
#include "macro.h"
#include "memory-util.h"
#include "missing_magic.h"
#include "missing_pidfd.h"
#include "parse-util.h"
#include "path-util.h"
#include "pidfd-util.h"
#include "stat-util.h"
#include "string-util.h"
static bool pidfd_get_info_supported = true;
static bool ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(intmax_t r) {
return IN_SET(r, -ENOTTY, -EINVAL);
}
_DEFINE_ABS_WRAPPER(PIDFD_IOCTL_NOT_SUPPORTED);
static int pidfd_get_pid_fdinfo(int fd, pid_t *ret) {
char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
_cleanup_free_ char *fdinfo = NULL;
int r;
assert(fd >= 0);
xsprintf(path, "/proc/self/fdinfo/%i", fd);
r = read_full_virtual_file(path, &fdinfo, NULL);
if (r == -ENOENT)
return proc_fd_enoent_errno();
if (r < 0)
return r;
char *p = find_line_startswith(fdinfo, "Pid:");
if (!p)
return -ENOTTY; /* not a pidfd? */
p = skip_leading_chars(p, /* bad = */ NULL);
p[strcspn(p, WHITESPACE)] = 0;
if (streq(p, "0"))
return -EREMOTE; /* PID is in foreign PID namespace? */
if (streq(p, "-1"))
return -ESRCH; /* refers to reaped process? */
return parse_pid(p, ret);
}
static int pidfd_get_pid_ioctl(int fd, pid_t *ret) {
struct pidfd_info info = { .mask = PIDFD_INFO_PID };
assert(fd >= 0);
if (ioctl(fd, PIDFD_GET_INFO, &info) < 0)
return -errno;
assert(FLAGS_SET(info.mask, PIDFD_INFO_PID));
if (ret)
*ret = info.pid;
return 0;
}
int pidfd_get_pid(int fd, pid_t *ret) {
int r;
/* Converts a pidfd into a pid. We try ioctl(PIDFD_GET_INFO) (kernel 6.13+) first,
* /proc/self/fdinfo/ as fallback. Well known errors:
*
* -EBADF fd invalid
* -ESRCH fd valid, but process is already reaped
*
* pidfd_get_pid_fdinfo() might additionally fail for other reasons:
*
* -ENOSYS /proc/ not mounted
* -ENOTTY fd valid, but not a pidfd
* -EREMOTE fd valid, but pid is in another namespace we cannot translate to the local one
*/
assert(fd >= 0);
if (pidfd_get_info_supported) {
r = pidfd_get_pid_ioctl(fd, ret);
if (!ERRNO_IS_NEG_PIDFD_IOCTL_NOT_SUPPORTED(r))
return r;
pidfd_get_info_supported = false;
}
return pidfd_get_pid_fdinfo(fd, ret);
}
int pidfd_verify_pid(int pidfd, pid_t pid) {
pid_t current_pid;
int r;
assert(pidfd >= 0);
assert(pid > 0);
r = pidfd_get_pid(pidfd, &current_pid);
if (r < 0)
return r;
return current_pid != pid ? -ESRCH : 0;
}
int pidfd_get_cgroupid(int fd, uint64_t *ret) {
struct pidfd_info info = { .mask = PIDFD_INFO_CGROUP };
assert(fd >= 0);
if (!pidfd_get_info_supported)
return -EOPNOTSUPP;
if (ioctl(fd, PIDFD_GET_INFO, &info) < 0) {
if (ERRNO_IS_PIDFD_IOCTL_NOT_SUPPORTED(errno)) {
pidfd_get_info_supported = false;
return -EOPNOTSUPP;
}
return -errno;
}
if (!FLAGS_SET(info.mask, PIDFD_INFO_CGROUP))
return -ENODATA;
if (ret)
*ret = info.cgroupid;
return 0;
}
int pidfd_get_inode_id(int fd, uint64_t *ret) {
static int cached_supported = -1;
int r;
assert(fd >= 0);
if (cached_supported < 0) {
cached_supported = fd_is_fs_type(fd, PID_FS_MAGIC);
if (cached_supported < 0)
return cached_supported;
}
if (cached_supported == 0)
return -EOPNOTSUPP;
struct stat st;
if (fstat(fd, &st) < 0)
return -errno;
if (ret)
*ret = (uint64_t) st.st_ino;
return 0;
}

15
src/basic/pidfd-util.h Normal file
View File

@ -0,0 +1,15 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#pragma once
#include <stdint.h>
#if HAVE_PIDFD_OPEN
#include <sys/pidfd.h>
#endif
#include <sys/types.h>
int pidfd_get_pid(int fd, pid_t *ret);
int pidfd_verify_pid(int pidfd, pid_t pid);
int pidfd_get_cgroupid(int fd, uint64_t *ret);
int pidfd_get_inode_id(int fd, uint64_t *ret);

View File

@ -1,36 +1,14 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#if HAVE_PIDFD_OPEN
#include <sys/pidfd.h>
#endif
#include "errno-util.h"
#include "fd-util.h"
#include "missing_magic.h"
#include "missing_syscall.h"
#include "missing_wait.h"
#include "parse-util.h"
#include "pidfd-util.h"
#include "pidref.h"
#include "process-util.h"
#include "signal-util.h"
#include "stat-util.h"
static int pidfd_inode_ids_supported(void) {
static int cached = -1;
if (cached >= 0)
return cached;
_cleanup_close_ int fd = pidfd_open(getpid_cached(), 0);
if (fd < 0) {
if (ERRNO_IS_NOT_SUPPORTED(errno))
return (cached = false);
return -errno;
}
return (cached = fd_is_fs_type(fd, PID_FS_MAGIC));
}
int pidref_acquire_pidfd_id(PidRef *pidref) {
int r;
@ -49,19 +27,14 @@ int pidref_acquire_pidfd_id(PidRef *pidref) {
if (pidref->fd_id > 0)
return 0;
r = pidfd_inode_ids_supported();
if (r < 0)
return r;
if (r == 0)
return -EOPNOTSUPP;
struct stat st;
if (fstat(pidref->fd, &st) < 0)
return log_debug_errno(errno, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
r = pidfd_get_inode_id(pidref->fd, &pidref->fd_id);
if (r < 0) {
if (!ERRNO_IS_NEG_NOT_SUPPORTED(r))
log_debug_errno(r, "Failed to get inode number of pidfd for pid " PID_FMT ": %m",
pidref->pid);
return r;
}
pidref->fd_id = (uint64_t) st.st_ino;
return 0;
}

View File

@ -1874,59 +1874,6 @@ int get_oom_score_adjust(int *ret) {
return 0;
}
int pidfd_get_pid(int fd, pid_t *ret) {
char path[STRLEN("/proc/self/fdinfo/") + DECIMAL_STR_MAX(int)];
_cleanup_free_ char *fdinfo = NULL;
int r;
/* Converts a pidfd into a pid. Well known errors:
*
* -EBADF fd invalid
* -ENOSYS /proc/ not mounted
* -ENOTTY fd valid, but not a pidfd
* -EREMOTE fd valid, but pid is in another namespace we cannot translate to the local one
* -ESRCH fd valid, but process is already reaped
*/
assert(fd >= 0);
xsprintf(path, "/proc/self/fdinfo/%i", fd);
r = read_full_virtual_file(path, &fdinfo, NULL);
if (r == -ENOENT)
return proc_fd_enoent_errno();
if (r < 0)
return r;
char *p = find_line_startswith(fdinfo, "Pid:");
if (!p)
return -ENOTTY; /* not a pidfd? */
p = skip_leading_chars(p, /* bad = */ NULL);
p[strcspn(p, WHITESPACE)] = 0;
if (streq(p, "0"))
return -EREMOTE; /* PID is in foreign PID namespace? */
if (streq(p, "-1"))
return -ESRCH; /* refers to reaped process? */
return parse_pid(p, ret);
}
int pidfd_verify_pid(int pidfd, pid_t pid) {
pid_t current_pid;
int r;
assert(pidfd >= 0);
assert(pid > 0);
r = pidfd_get_pid(pidfd, &current_pid);
if (r < 0)
return r;
return current_pid != pid ? -ESRCH : 0;
}
static int rlimit_to_nice(rlim_t limit) {
if (limit <= 1)
return PRIO_MAX-1; /* i.e. 19 */

View File

@ -251,9 +251,6 @@ assert_cc(TASKS_MAX <= (unsigned long) PID_T_MAX);
/* Like TAKE_PTR() but for pid_t, resetting them to 0 */
#define TAKE_PID(pid) TAKE_GENERIC(pid, pid_t, 0)
int pidfd_get_pid(int fd, pid_t *ret);
int pidfd_verify_pid(int pidfd, pid_t pid);
int setpriority_closest(int priority);
_noreturn_ void freeze(void);

View File

@ -1,9 +1,6 @@
/* SPDX-License-Identifier: LGPL-2.1-or-later */
#include <sys/epoll.h>
#if HAVE_PIDFD_OPEN
#include <sys/pidfd.h>
#endif
#include <sys/timerfd.h>
#include <sys/wait.h>
@ -31,6 +28,7 @@
#include "origin-id.h"
#include "path-util.h"
#include "prioq.h"
#include "pidfd-util.h"
#include "process-util.h"
#include "psi-util.h"
#include "set.h"

View File

@ -22,6 +22,7 @@
#include "macro.h"
#include "parse-util.h"
#include "path-util.h"
#include "pidfd-util.h"
#include "process-util.h"
#include "socket-util.h"
#include "stdio-util.h"

View File

@ -525,49 +525,20 @@ int userns_info_add_cgroup(UserNamespaceInfo *userns, uint64_t cgroup_id) {
}
static int userns_destroy_cgroup(uint64_t cgroup_id) {
_cleanup_close_ int cgroup_fd = -EBADF, parent_fd = -EBADF;
_cleanup_free_ char *path = NULL;
int r;
cgroup_fd = cg_cgroupid_open(/* cgroupfsfd= */ -EBADF, cgroup_id);
if (cgroup_fd == -ESTALE) {
log_debug_errno(cgroup_fd, "Control group %" PRIu64 " already gone, ignoring: %m", cgroup_id);
r = cg_path_from_cgroupid(/* cgroupfs_fd = */ -EBADF, cgroup_id, &path);
if (r == -ESTALE) {
log_debug_errno(r, "Control group %" PRIu64 " already gone, ignoring.", cgroup_id);
return 0;
}
if (cgroup_fd < 0)
return log_debug_errno(errno, "Failed to open cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
_cleanup_free_ char *path = NULL;
r = fd_get_path(cgroup_fd, &path);
if (r < 0)
return log_debug_errno(r, "Failed to get path of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
const char *e = path_startswith(path, "/sys/fs/cgroup/");
if (!e)
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got cgroup path that doesn't start with /sys/fs/cgroup/, refusing: %s", path);
if (isempty(e))
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Got root cgroup path, which can't be right, refusing.");
log_debug("Destroying cgroup %" PRIu64 " (%s)", cgroup_id, path);
log_debug("Path of cgroup %" PRIu64 " is: %s", cgroup_id, path);
_cleanup_free_ char *fname = NULL;
r = path_extract_filename(path, &fname);
if (r < 0)
return log_debug_errno(r, "Failed to extract name of cgroup %" PRIu64 ", ignoring: %m", cgroup_id);
parent_fd = openat(cgroup_fd, "..", O_CLOEXEC|O_DIRECTORY);
if (parent_fd < 0)
return log_debug_errno(errno, "Failed to open parent cgroup of %" PRIu64 ", ignoring: %m", cgroup_id);
/* Safety check, never leave cgroupfs */
r = fd_is_fs_type(parent_fd, CGROUP2_SUPER_MAGIC);
if (r < 0)
return log_debug_errno(r, "Failed to determine if parent directory of cgroup %" PRIu64 " is still a cgroup, ignoring: %m", cgroup_id);
if (!r)
return log_debug_errno(SYNTHETIC_ERRNO(EPERM), "Parent directory of cgroup %" PRIu64 " is not a cgroup, refusing.", cgroup_id);
cgroup_fd = safe_close(cgroup_fd);
r = rm_rf_child(parent_fd, fname, REMOVE_ONLY_DIRECTORIES|REMOVE_PHYSICAL|REMOVE_CHMOD);
r = rm_rf(path, REMOVE_ROOT|REMOVE_ONLY_DIRECTORIES|REMOVE_CHMOD);
if (r < 0)
log_debug_errno(r, "Failed to remove delegated cgroup %" PRIu64 ", ignoring: %m", cgroup_id);

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
{% if LINK_SHELL_EXTRA_DROPIN %}
L$ {{SHELLPROFILEDIR}}/70-systemd-shell-extra.sh - - - - {{LIBEXECDIR}}/profile.d/70-systemd-shell-extra.sh

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
{% if LINK_SSH_PROXY_DROPIN %}
L$ {{SSHCONFDIR}}/20-systemd-ssh-proxy.conf - - - - {{LIBEXECDIR}}/ssh_config.d/20-systemd-ssh-proxy.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Copy systemd-stub provided metadata such as PCR signature and public key file
# from initrd into /run/, so that it will survive the initrd stage

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
{% if LINK_SSHD_USERDB_DROPIN %}
L {{SSHDCONFDIR}}/20-systemd-userdb.conf - - - - {{LIBEXECDIR}}/sshd_config.d/20-systemd-userdb.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
d /etc/credstore 0700 root root
d /etc/credstore.encrypted 0700 root root

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
L /etc/os-release - - - - ../usr/lib/os-release
L+ /etc/mtab - - - - ../proc/self/mounts

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
Q /home 0755 - - -
q /srv 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Set the NOCOW attribute for directories of journal files. This flag
# is inherited by their new files and sub-directories. Matters only

View File

@ -5,10 +5,11 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# These files are considered legacy and are unnecessary on legacy-free
# systems.
# The functionality provided by these files and directories has been replaced
# by newer interfaces. Their use is discouraged on legacy-free systems. This
# configuration is provided to maintain backward compatibility.
d /run/lock 0755 root root -
L /var/lock - - - - ../run/lock
@ -16,15 +17,15 @@ L /var/lock - - - - ../run/lock
L$ /var/log/README - - - - ../..{{DOC_DIR}}/README.logs
{% endif %}
{% if HAVE_SYSV_COMPAT %}
# /run/lock/subsys is used for serializing SysV service execution, and
# hence without use on SysV-less systems.
d /run/lock/subsys 0755 root root -
# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force'
r! /forcefsck
r! /fastboot
r! /forcequotacheck
{% endif %}

View File

@ -35,7 +35,7 @@ in_files = [
['20-systemd-stub.conf', 'ENABLE_EFI'],
['20-systemd-userdb.conf', 'ENABLE_SSH_USERDB_CONFIG'],
['etc.conf'],
['legacy.conf', 'HAVE_SYSV_COMPAT'],
['legacy.conf'],
['static-nodes-permissions.conf'],
['systemd.conf'],
['var.conf'],

View File

@ -1,4 +1,4 @@
# SPDX-License-Identifier: LGPL-2.1-or-later
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
Q /var/lib/portables 0700

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Provision additional login messages from credentials, if they are set. Note
# that these lines are NOPs if the credentials are not set or if the files

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
d$ /run/systemd/netif 0755 systemd-network systemd-network -
d$ /run/systemd/netif/links 0755 systemd-network systemd-network -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
Q /var/lib/machines 0700 - - -

View File

@ -5,6 +5,6 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
d /run/user 0755 root root -
{% if ENABLE_UTMP %}

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Clear tmp directories separately, to make them easier to override
q /tmp 1777 root root 10d

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
q /var 0755 - - -

View File

@ -5,7 +5,7 @@
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
# See tmpfiles.d(5) for details.
# Make sure these are created by default so that nobody else can
# or empty them at startup