summaryrefslogtreecommitdiffstats
path: root/tmpfiles.d (follow)
Commit message (Collapse)AuthorAgeFilesLines
* meson: add workaround for old mesonZbigniew Jędrzejewski-Szmek2021-05-191-1/+2
| | | | | | | Recent meson versions include the directory name in the target name, so there is no conflict for files with the same name in different directories. But at least with meson-0.49.2 in buster we have conflict with sysusers.d/systemd.conf.
* meson: use jinja2 for tmpfiles.d templatesZbigniew Jędrzejewski-Szmek2021-05-195-54/+38
| | | | | | HAVE_SMACK_RUN_LABEL was dropped back in 348b44372f36010d48d9a7dda14ef67155753a71, so one line in etc.conf was not rendered as expected ;( Checking if names are defined is paying for itself!
* Add READMEs in all .d directoriesZbigniew Jędrzejewski-Szmek2021-03-262-13/+22
|
* udev: allow kvm group to access vhost-net deviceMarc-André Lureau2021-01-131-0/+1
| | | | | | | /dev/vhost-net is a host accelerator for virtio net devices. It has been long available and used, thus should be safe to all KVM users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* udev: allow kvm group to access vhost-vsock deviceMarc-André Lureau2021-01-131-0/+1
| | | | | | | | | /dev/vhost-vsock allows to setup a guest CID and running state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING) All this should be legitimate and safe for KVM users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* meson: add option to skip installing to $sysconfdirJörg Thalheim2020-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | This is useful for development where overwriting files out side the configured prefix will affect the host as well as stateless systems such as NixOS that don't let packages install to /etc but handle configuration on their own. Alternative to https://github.com/systemd/systemd/pull/17501 tested with: $ mkdir inst build && cd build $ meson \ -Dcreate-log-dirs=false \ -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \ -Dsysvinit-path=$(realpath ../inst)/etc/init.d \ -Drootprefix=$(realpath ../inst) \ -Dinstall-sysconfdir=false \ --prefix=$(realpath ../inst) .. $ ninja install
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-093-3/+3
|
* pstore: don't enable crash_kexec_post_notifiers by defaultKairui Song2020-10-221-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit f00c36641a253f4ea659ec3def5d87ba1336eb3b enabled crash_kexec_post_notifiers by default regardless of whether pstore is enabled or not. The original intention to enabled this option by default is that it only affects kernel post-panic behavior, so should have no harm. But this is not true if the user wants a reliable kdump. crash_kexec_post_notifiers is known to cause problem with kdump, and it's documented in kernel. It's not easy to fix the problem because of how kdump works. Kdump expects the crashed kernel to jump to an pre-loaded crash kernel, so doing any extra job before the jump will increase the risk. It depends on the user to choose between having a reliable kdump or some other post-panic debug mechanic. So it's better to keep this config untouched by default, or it may put kdump at higher risk of failing silently. User should enable it by uncommenting the config line manually if pstore is always needed. Also add a inline comment inform user about the potential issue. Thanks to Dave Young for finding out this issue. Fixes #16661 Signed-off-by: Kairui Song <kasong@redhat.com>
* tmpfiles: don't complain if we can't enable pstore in containersLennart Poettering2020-05-251-2/+2
|
* pstore: introduce tmpfiles.d/systemd-pstore.confEric DeVolder2020-05-152-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | The systemd pstore service archives the contents of /sys/fs/pstore upon boot so that there is room for a subsequent dump. The issue is that while the service is present, the kernel still needs to be configured to write data into the pstore. The kernel has two parameters, crash_kexec_post_notifiers and printk.always_kmsg_dump, that control writes into pstore. The crash_kexec_post_notifiers parameter enables the kernel to write dmesg (including stack trace) into pstore upon a panic, and printk.always_kmsg_dump parameter enables the kernel to write dmesg upon a shutdown (shutdown, reboot, halt). As it stands today, these parameters are not managed/manipulated by the systemd pstore service, and are solely reliant upon the user [to have the foresight] to set them on the kernel command line at boot, or post boot via sysfs. Furthermore, the user would need to set these parameters in a persistent fashion so that that they are enabled on subsequent reboots. This patch introduces the setting of these two kernel parameters via the systemd tmpfiles technique.
* tmpfiles: apply ACLs to top-level journal directory in /run, tooLennart Poettering2020-01-311-0/+3
| | | | | | We already apply them to the directory in /var. Let's do the same in /run too. That's because due to the log namespace logic we nowadays can gain additional subdirs there during regular operation.
* tmpfiles: merge lines for the same inodesLennart Poettering2020-01-311-18/+9
|
* resolved, networkd: don't resolve the user if not rootTopi Miettinen2019-12-071-0/+1
| | | | | | | | | | If a daemon is not started as root, most likely it also can't create its directory and let's not try to resolve the user in that case either. Create /run/systemd/netif/lldp with tmpfiles.d like other netif directories. This is also very helpful for preparing a RootImage for the daemons as NSS crud is not needed.
* Corect man page reference in systemd-nologin.conf commentsSteve Traylen2019-09-241-1/+1
| | | | | The reference to the man page of `systemd-user-sessions.service` in the comments of `tmpfiles.d/systemd-nologin.conf` is corrected.
* Update m4 for selective utmp support.Donald A. Cupp Jr2019-09-161-0/+2
| | | | modified: tmpfiles.d/systemd.conf.m4
* tmpfiles: override permissions of static nodes that need thisZbigniew Jędrzejewski-Szmek2019-08-192-14/+38
| | | | Fixes #13350.
* tmpfiles: copy files to /etc only on bootZbigniew Jędrzejewski-Szmek2019-07-251-3/+3
| | | | | | | | | | | | | | | | | | | | We'd copy /etc/nsswitch.conf, /etc/pam.d/, and /etc/issue (*) on every tmpfiles --create run. I think we should only do this at boot, so if people install systemd.rpm in a larger transaction and want to create those files at a later step, we don't interfere with that. (Stuff like /etc/os-release and /etc/mtab is not really configurable, we might as was create it uncondtionally.) (Seemingly, the alternative approach might be to not call systemd-tmpfiles --create in systemd.rpm %post. But this wouldn't have much effect, because various packages call it anyway, and our %tmpfiles_create_package macro does too. So we need to change the configuration instead.) (*) We don't provide /usr/share/factory/issue, so normally this fails, but somebody else might provide that file, so it seems useful to keep the C line.
* tmpfiles: stop creating /etc/localtime symlinkZbigniew Jędrzejewski-Szmek2019-07-251-1/+0
| | | | | | | If the symlink is not present, UTC is the default. There *is* a slight advantage to it: humans might expect it to be present and look in /etc. But it might interfere with post-install scripts and it doesn't serve any technical purpose. Let's not create it. Fixes #13183.
* factory: add default /etc/issue fileLennart Poettering2019-07-241-0/+1
| | | | | | Booting up an image with --volatile=yes otherwise looks so naked, so let's include this file in the default factory too. It's common and simple and should be safe to ship.
* coredump: fixed bug - some coredump temp files could be lostKrayushkin Konstantin2019-05-311-0/+5
| | | | | | | | If the machine was suddenly shutted down (hard reboot for example) while processing core dump, temp files created manually (not with a O_TEMPFILE flag) stay in the system. After reboot systemd-coredump treat them as usual files, so they wouldn't be rotated and shall pollute the filesystem. Solution is to simply add those temp files to systemd-tmpfiles configs.
* tmpfiles: do not create /run/nologin if PAM is disabledXi Ruoyao2019-05-131-1/+1
| | | | | | | | | If systemd is not built with PAM support, systemd-user-sessions.service won't be built. On systems without PAM, /run/nologin is useless. On systems with PAM but systemd is not built with PAM, /run/nologin won't be removed and all unprivileged users can't login. So, we should not create /run/nologin if systemd is built without PAM.
* tmpfiles: split tmp.conf outFranck Bui2019-04-133-10/+19
| | | | | | | | | | | | | | | | | tmp.conf was dealing with 2 different kind of paths: one dealing with general temporary paths such as /var/tmp and /tmp and the other one dealing with temporary directories owned by systemd. If for example a user wants to adjust the age argument of the general paths only, he had to overload the whole file which is cumbersome and error prone since any future changes in tmp.conf shipped by systemd will be lost. So this patch splits out tmp.conf so the systemd directories are dealt separately in a dedicated conf file. It's named "systemd-tmp.conf" based on the naming recommendation made in tmpfiles.d man page. In practice it shouldn't cause any regression since it's very unlikely that users override paths owned by systemd.
* sysusers,tmpfiles: re-create systemd-network, systemd-resolve and ↵Yu Watanabe2018-07-161-3/+3
| | | | | | | | | | | | | | systemd-timesync This partially reverts d4e9e574ea0b5d23598a317e68399584d229568b, 0187368cadea183e18c6d575a9d6b7f491a402af, and 4240cb02fda90ba11dfc0114201e42691132c6a9. The services systemd-networkd, systemd-resolved, and systemd-timesyncd enable DynamicUsers= and have bus interfaces. Unfortunately, these has many problems now. Let us create the relevant users, at least, tentatively. Fixes #9503.
* tmpfiles: specify access mode for /run/systemd/netifYu Watanabe2018-06-251-3/+3
| | | | | | This partially reverts 2af767729489f6baa98a2641b2007acab44ed353. As the directories are certainly readable and not-writable by non-privileged users.
* tmpfile: do not specify mode and owner to /run/systemd/netifYu Watanabe2018-06-221-3/+3
| | | | Fixes #9369.
* Drop my copyright headersZbigniew Jędrzejewski-Szmek2018-06-141-2/+0
| | | | | | | perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* add new portable service frameworkLennart Poettering2018-05-242-0/+5
| | | | | | | | | | | This adds a small service "systemd-portabled" and a matching client "portablectl", which implement the "portable service" concept. The daemon implements the actual operations, is PolicyKit-enabled and is activated on demand with exit-on-idle. Both the daemon and the client are an optional build artifact, enabled by default rhough.
* network: set DynamicUser= to systemd-networkd.serviceYu Watanabe2018-05-221-3/+3
|
* tmpfiles: create /var/{lib,log,cache}/private during early bootLennart Poettering2018-05-181-0/+4
| | | | | | | | | This directory is used by the DynamicUer= stuff when used in combination with StateDirectory=/LogDirectory=/CacheDirectory=. Let's make sure the dir exists early on with the right perms. This is not strictly necessary as we'll also create the dir on demand if it is missing, but in the interest of grabbing the name early on, and making things more explicit let's also list this in a tmpfiles.d/ snippet.
* meson: generate m4 preprocessor from config.h (#8914)Yu Watanabe2018-05-071-1/+1
|
* meson: install nspawn tmpfiles snippet only when machined is turned onLennart Poettering2018-04-171-1/+1
|
* tree-wide: drop license boilerplateZbigniew Jędrzejewski-Szmek2018-04-061-13/+0
| | | | | | | | | | Files which are installed as-is (any .service and other unit files, .conf files, .policy files, etc), are left as is. My assumption is that SPDX identifiers are not yet that well known, so it's better to retain the extended header to avoid any doubt. I also kept any copyright lines. We can probably remove them, but it'd nice to obtain explicit acks from all involved authors before doing that.
* nologin: extend the /run/nologin descriptions a bit (#8244)Lennart Poettering2018-02-221-1/+1
| | | | | | | | | | | This is an attempt to improve #8228 a bit, by extending the /run/nologin a bit, but still keeping it somewhat brief. On purpose I used the vague wording "unprivileged user" rather than "non-root user" so that pam_nologin can be updated to disable its behaviour for members of the "wheel" group one day, and our messages would still make sense. See #8228.
* Add license headers and SPDX identifiers to meson.build filesZbigniew Jędrzejewski-Szmek2017-11-191-0/+17
| | | | | | | So far I avoided adding license headers to meson files, but they are pretty big and important and should carry license headers like everything else. I added my own copyright, even though other people modified those files too. But this is mostly symbolic, so I hope that's OK.
* resolved: create private stub resolve file for /etc/resolv.conf integration ↵Dimitri John Ledkov2017-10-241-1/+1
| | | | | | | | | | | (#7014) This creates a second private resolve.conf file which lists the stub resolver and the resolved acquired search domains. This runtime file should be used as a symlink target for /etc/resolv.conf such that non-nss based applications can resolve search domains. Fixes: #7009
* tmpfiles: remove old ICE and X11 sockets at boot (#6979)Frederic Crozat2017-10-061-5/+6
| | | | | | tmpfiles: remove old ICE and X11 sockets at boot When not using tmpfs based /tmp, leftover sockets might prevent X startup. Ensure directory is clean at boot time.
* tmpfiles: change btmp mode 0600 → 0660 (#6997)Lennart Poettering2017-10-041-1/+1
| | | | | As discussed in #6994. Fixes: #6994
* build-sys: s/ENABLE_RESOLVED/ENABLE_RESOLVE/Zbigniew Jędrzejewski-Szmek2017-10-041-1/+1
| | | | | | The configuration option was called -Dresolve, but the internal define was …RESOLVED. This options governs more than just resolved itself, so let's settle on the version without "d".
* build-sys: s/HAVE_UTMP/ENABLE_UTMP/Zbigniew Jędrzejewski-Szmek2017-10-041-1/+1
| | | | | "Have" should be about the external environment and dependencies. Anything which is a pure yes/no choice should be "enable".
* build-sys: use #if Y instead of #ifdef Y everywhereZbigniew Jędrzejewski-Szmek2017-10-041-3/+3
| | | | | | | | | | | | | | | The advantage is that is the name is mispellt, cpp will warn us. $ git grep -Ee "conf.set\('(HAVE|ENABLE)_" -l|xargs sed -r -i "s/conf.set\('(HAVE|ENABLE)_/conf.set10('\1_/" $ git grep -Ee '#ifn?def (HAVE|ENABLE)' -l|xargs sed -r -i 's/#ifdef (HAVE|ENABLE)/#if \1/; s/#ifndef (HAVE|ENABLE)/#if ! \1/;' $ git grep -Ee 'if.*defined\(HAVE' -l|xargs sed -i -r 's/defined\((HAVE_[A-Z0-9_]*)\)/\1/g' $ git grep -Ee 'if.*defined\(ENABLE' -l|xargs sed -i -r 's/defined\((ENABLE_[A-Z0-9_]*)\)/\1/g' + manual changes to meson.build squash! build-sys: use #if Y instead of #ifdef Y everywhere v2: - fix incorrect setting of HAVE_LIBIDN2
* tmpfiles.d/journal-nocow: fix typo (#6804)Lukáš Nykrýn2017-09-121-1/+1
|
* tmpfiles: drop systemd-remote.confYu Watanabe2017-08-082-18/+0
| | | | | | The directories are only used by the specific services, and created before the services are started. So, it is not necessary to create them by systemd-tmpfiles.
* build-sys: drop gitignore patterns for in-tree buildsZbigniew Jędrzejewski-Szmek2017-07-181-4/+0
| | | | ... and other autotools-generated files.
* build-sys: drop automake supportZbigniew Jędrzejewski-Szmek2017-07-181-1/+0
| | | | | v2: - also mention m4
* tmpfiles: create /var/log/lastlog if it does not existMichael Biebl2017-06-291-0/+1
| | | | | | | | | | Create /var/log/lastlog the same way we create utmp and wtmp. This is useful for stateless systems where /var is volatile and a missing /var/log/lastlog otherwise creates error messages like Jun 27 20:00:00 huron sshd[1234]: lastlog_openseek: Couldn't stat /var/log/lastlog: No such file or directory Fixes #6234
* meson: do not use path separator for target name (#6177)Yu Watanabe2017-06-231-1/+1
| | | Fixes #6158.
* build: *really* install tmpfiles.d/systemd-remote.conf when necessary (#6061)Franck Bui2017-05-311-0/+2
| | | | | | | | | | | | | This fixes commit 5e354b22520bbb02e which was an attempt to avoid installation of tmpfiles.d/systemd-remote.conf when it was not needed (ie HAVE_REMOTE=false). Before this fix and with the autotool build, systemd-remote.conf was distributed and also installed (although it was empty) even though HAVE_REMOTE=false. That's what happens when doing last second changes without retesting... While at it, update tmpfiles.d/.gitignore (var.conf was missing as well since commit a083537e5d11b).
* build: only install tmpfiles.d/systemd-remote.conf when necessary (#6051)Franck Bui2017-05-302-13/+25
| | | | | Also only include the relevant parts for systemd-journal-remote and systemd-journal-upload when needed.
* tmpfiles: Remove unnecessary utmp file creation (#6006)codekipper2017-05-242-2/+4
| | | | If utmp is disabled (--disable-utmp) then there is no need to create the wtmp and btmp files.