| Commit message (Collapse) | Author | Age | Files | Lines |
|---|
| |
|
|
|
|
|
| |
Let's make the risk of accidental misuse, and mark lines that shall be
covered by --purge with an explicit new flag "$".
See: #33349
|
| |
|
|
|
|
|
| |
Our variables for internal libraries are named 'libfoo' for the shared lib
variant, and 'libfoo_static' for the static lib variant. The only exception was
libbasic, because we didn't have a shared variant for it. But let's rename it
for consitency. This makes the build config easier to understand.
|
| |
|
|
|
|
| |
This adds %q, %A and %M specifiers to tmpfiles:
- %A and %M were previously added to tmpfiles.d man page, but not to specifier_table
- %q is added via COMMON_SYSTEM_SPECIFIERS
|
| | |
|
| | |
|
| | |
|
| | |
|
| | |
|
| |
|
|
|
| |
Also, make contrast between --remove and --purge clearer: one deletes
files marked for deletion, the other deletes files marked for creation.
|
| |
|
|
|
|
|
| |
Also, extend the man page explanation substantially, matching more
closely what --create says.
Fixes: #33349
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
| |
Mention in the warning message for a failed open on a to be removed file
why systemd-tmpfiles tried to open it.
Also open the file with the O_NOCTTY flag, since it should never become
the controlling terminal.
|
| |
|
|
|
|
| |
Note that item_do() now aborts on OOM, since it's
pretty pointless to iterate further if memory allocation
doesn't work.
|
| |
|
|
| |
Follow-up for 677430b3c7fcd1b352eb66f19b8746741459b91a
|
| |
|
|
|
|
|
|
|
| |
dangerous_hardlinks() -> hardlinks_protected(),
and the meaning of the function is now in line
with fs.protected_hardlinks value.
Plus, We ship 50-default.conf where the sysctl
is enabled. Mention it in the comment.
|
| |
|
|
|
|
|
|
|
| |
If the file was removed by some other program, we should just go
to the next one without failing. item_do() is only used for recursive
globs instead of fixed paths so skipping on missing files makes sense
(unlike if the path was fixed where we should probably fail).
Fixes #32691 (hopefully)
|
| |
|
|
|
|
|
|
|
| |
gcrypt is used only for journal sealing operations in libsystemd, so it
can be made into a dlopen dependency that is used only on demand. This
allows to reduce the footprint of libsystemd in the most common cases.
Keep systemd-pull and systemd-resolved with normal linking, as they are
executables, and usually built with OpenSSL support anyway.
|
| |\
| |
| | |
Read kernel-install config from /run/kernel too
|
| | |
| |
| |
| |
| |
| | |
Also, use the more correct type of 'const char* const*' for the input strv.
This requires adding the cast in a few places, but also allows to remove some
casts in others.
|
| | |
| |
| |
| |
| | |
If we're building a strv, let's just use strv_new() with the CONF_PATHS macro,
which gives as an exploded string set.
|
| | |
| |
| |
| |
| |
| |
| |
| |
| |
| |
| | |
Follow-up for 26d98cdd78cb5283f5771bd5866997acc494b067
I.e. stat() cannot be used here.
Also, before this commit, the 'X' is only applied if
the owner has execute bit set. Now it takes group and
other into consideration too. setfacl(1) also has
the same behavior.
|
| | | |
|
| | |
| |
| |
| | |
Follow-up to 4f49512695f8214c55c206b3c2f583dc7b309e1b
|
| |/
|
|
|
|
|
|
|
|
| |
checking
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
|
| | |
|
| |
|
|
|
| |
It was pointed out in review that the preexisting code should be updated
(https://github.com/systemd/systemd/pull/30380#discussion_r1426899180).
|
| |
|
|
|
|
|
|
| |
The idea is simple: skip the final operation that creates or removes things
or changes the attributes, but otherwise go through the rest of the code.
This results in quite a lot of fairly repetitive conditions in the low-level
code. Another approach would be to print earlier, at a higher level, but then
we'd have less precise information about what is about to happen.
|
| |
|
|
| |
No functional change.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
... i.e. apply nested config (exclusions and such) when executing R and D.
This fixes a long-standing RFE. The existing logic seems to have been an
accident of implementation. After all, if somebody specifies a config with
'R /foo; x /tmp/bar', then probably the goal is to remove stuff from under /foo,
but keep /tmp/bar. If they just wanted to nuke everything, then would not specify
the second item.
This also makes R and D use O_NOATIME, i.e. the access times of the directories
that are accessed will not be changed by the cleanup.
Obviously, we'll have to add this to NEWS and such.
Looking at the whole tmpfiles.d config in Fedora, this change has no effect.
The test cases are adjusted as appropriate. I also added another test case for
'R'/'D' with a file, just to test this code path more.
Replaces #20641.
Fixes #1633.
|
| |
|
|
| |
In preparation for future commits.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
One of the three must always be specified, but they buried in a long list of
options in the output of --help. Make them more visible to draw the eye.
Also, drop "marked" from the description. It's supposed to mean "configured",
but it's a strange way to say that, and also it's generally obvious that the
program does what its configuration tells it to, and it's not going to remove
all files found on the system.
|
| |
|
|
| |
It's a commonly used verb meaning "to open again".
|
| | |
|
| | |
|
| |
|
|
|
|
|
| |
No functional change.
Note that this function will be modified in subsequent commits, and the API
will change.
|
| |
|
|
|
|
|
|
| |
a3451c2c4ce7d3c02451f6ace4ee9f873880f78f added offline uid/gid support in a way
where the <root>/etc/passwd and <root>/etc/group would be read anew for each
configuration file that was parsed. The result would always be the same, so I
assume that this was an oversight. Let's use a global cache and and read the
file just once.
|
| | |
|
| |
|
|
|
|
| |
I was trying to run sysusers --replace, but the input file didn't have the right
suffix, and the message was very confusing. Let's split the message in two to
make it clearer that we care about the extension.
|
| |
|
|
| |
Fixes #30690.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
| |
When using the `--image` or `-E` options, `arg_exclude_prefixes` is extended via
the `exclude_default_prefixes` function, which calls `strv_extend_strv`, adding
values using `strdup` that must be freed on exit.
Also changing `arg_include_prefixes` to use the same model, although there is no
leak here.
|
| |\
| |
| | |
stat-util: Add statx version of timespec_load
|
| | |
| |
| |
| | |
This is a new utility function recently added. Let's use it.
|
| |\ \
| |/
|/| |
tmpfiles: correctly apply globbing when cleaning 'x' lines
|
| | | |
|
| | |
| |
| |
| | |
otherwise it just gets too confusing to follow.
|
| |/
|
|
|
| |
Any file/directory created by a tmpfiles.d will be deleted. Useful for
purge/factory reset patterns.
|
