summaryrefslogtreecommitdiffstats
path: root/tmpfiles.d (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tmpfiles: use same credstore perms everywhereLennart Poettering2023-05-311-4/+4
| | | | | | | | | | | | | | | | | | | | | In b6033b706028a64e9affb79050ced1ad9a4f5b43 support was added to create {/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These perms are so restrictive that not even root can access them unless it has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time In 24039e1207c169b18adf5234ad300ea3ba1b671e support was added to create /etc/credstore with perm 0700 from meson.build at build time. This patch makes unifies the two parts: 1. creates both /etc/credstore *and* /etc/credstore.encrypted in both places (the build system still won't create them in /run/, since that's pointless since not shipped, and the runtime won't create the dirs below /usr/lib/, since that's not generically writable anyway). 2. Both at runtime and at build time we'll create the dirs with mode 0700. This is easier for packaging tools to handle since they generally react pretty negatively on dirs they can't enumerate.
* tmpfiles.d: drop misleading commentZbigniew Jędrzejewski-Szmek2023-02-211-1/+0
| | | | | | I'm not sure what "suffix" was meant by this comment, but the file has the usual suffix. The file was added with the current name back in c4708f132381e4bbc864d5241381b5cde4f54878. Maybe an earlier version of the patch did something different.
* vconsole: allow setting default keymap through build optionMike Yuan2023-02-151-0/+1
| | | | | | | Allow defining the default keymap to be used by vconsole-setup through a build option. A template vconsole.conf also gets populated by tmpfiles if it doesn't exist.
* tmpfiles: automatically create /etc/credstore/ and friendsLennart Poettering2023-01-272-0/+14
| | | | | | | | | | | | | | | | | | | This adds a tmpfiles.d/ snippet for LoadCredential= style credentials directories in /etc/ and /run/. This is done primarily to ensure that the access modes for the dirs are set up properly, in the most restrictive ways. Specifically these are set to 0000, so that CAP_DAC_OVERRIDE is necessary to enumerate and read the credentials, and being UID=0 is not sufficient to do so. This creates /etc/credstore/, but leaves /run/credstore/ absent if missing, for now. Thinking is: the latter being non-persistent is created by software usually, not manually by users, and hence more likely right. But dunno, we might want to revisit this sooner or later. This is ultimately an exercise to advertise the LoadCredential= concept a bit, and do so in a reasonably secure way, underlining the safety of the concept.
* tmpfiles.d: do not fail if provision.conf failsLuca Boccassi2022-11-041-2/+2
| | | | | | On a read-only filesystem creating /root/.ssh might fail, but that's ok. Do not fail the run, as this is only needed to add the credential, which is a separate step.
* Remove duplicated wordJochen Sprickerhof2022-10-291-1/+1
|
* tree-wide: replace "plural(s)" by "plurals"Zbigniew Jędrzejewski-Szmek2022-10-171-1/+1
| | | | | | | | (s) is just ugly with a vibe of DOS. In most cases just using the normal plural form is more natural and gramatically correct. There are some log_debug() statements left, and texts in foreign licenses or headers. Those are not touched on purpose.
* tmpfiles: add lines for provisioning ssh keys for root by defaultLennart Poettering2022-09-231-0/+5
| | | | | | | | With this, I can now easily do: systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot To boot into an image with my SSH key copied in. Yay!
* tmpfiles: copy PCR sig/pkey from initrd /.extra/ into /run/Lennart Poettering2022-09-091-0/+6
| | | | | | | | | | | | | | | Now that sd-stub will place the PCR signature and its public key in the initrd's /.extra/ directory, let's copy it from there into /run/ from userspace. This is done because /.extra/ is on the initrd's tmpfs which will be emptied during the initrd → host transition. Since we want these two files to survive we'll copy them – if they exist – into /run/ where they will survive the transition. Thus, with this last change the files will have safely propagated from their PE sections into files in /run/ where userspace can find them The paths in /run/ happen to be the exact ones that systemd-cryptenroll/systemd-cryptsetup/systemd-creds look for them.
* tree-wide: fix typoYu Watanabe2022-08-011-1/+1
|
* tmpfiles: automatically provision /etc/issue.d/ + /etc/motd.d/ + /etc/hosts ↵Lennart Poettering2022-07-212-0/+18
| | | | from credentials
* meson: Sort lines in tmpfiles.d/meson.buildDaan De Meyer2022-05-031-3/+3
|
* tmpfiles: Split networkd entries into a separate fileDaan De Meyer2022-05-033-6/+14
| | | | | | | Many distributions ship systemd-networkd as a separate file so we need to be able to ship the tmpfiles networkd entries as part of that separate networkd package. Let's split the networkd entries into a separate file to make that possible.
* meson: also allow setting GIT_VERSION via templatesZbigniew Jędrzejewski-Szmek2022-04-051-1/+1
| | | | | | | | | GIT_VERSION is not available as a config.h variable, because it's rendered into version.h during builds. Let's rework jinja2 rendering to also parse version.h. No functional change, the new variable is so far unused. I guess this will make partial rebuilds a bit slower, but it's useful to be able to use the full version string.
* factory: populate /etc/locale.conf with systemd build-time settingLuca BRUNO2021-12-231-0/+1
| | | | | | | | | | | | | This adds /etc/locale.conf to the set of configuration files populated by tmpfiles.d factory /etc handling. In particular, the build-time locale configuration in systemd is now wired to a /usr factory file, and installed to the system. On boot, if other locale customization tools did not write /etc/locale.conf on the system, the factory default file gets copied to /etc by systemd-tmpfiles. This is done in order to avoid skews between different system components when no locale settings are configured. At that point, systemd can safely act as the fallback owner of /etc/locale.conf.
* tmpfiles: split out config for systemd-resolveZbigniew Jędrzejewski-Szmek2021-11-163-3/+11
| | | | | | | | | This mirrors what was done in 564761fcaeda8c013210f7c6934847a6d0228ec9 for sysusers.d. If we allow separating resolved sysusers config in a subpackage, we should do the same for the symlink that is only useful when resolved is installed. Related to #21317.
* build: preserve correct mode when generating files via jinja2Christian Brauner2021-11-081-2/+1
| | | | | | | | | When using "capture : true" in custom_target()s the mode of the source file is not preserved when the generated file is not installed and so needs to be tweaked manually. Switch from output capture to creating the target file and copy the permissions from the input file. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
* tmpfiles.d: remove .Test-unix, it's obsoletePeter Hutterer2021-08-311-1/+0
| | | | | | | | | | See libxtrans commit 0794b1b712a90b40e2b019c9edc6f96874493c52. The code to generate this socket was removed 5 years ago and even before it was conditional on #define TEST_t. There is no reference to that #define in either the X server nor libX11's git history, or in any of the current libX*. Let's assume this is well and truly obsolete.
* meson: use a/b instead of join_paths(a,b)Zbigniew Jędrzejewski-Szmek2021-07-271-2/+1
| | | | It is nicer and shorter.
* meson: require 0.53.2 and drop some workarounds for old mesonZbigniew Jędrzejewski-Szmek2021-07-271-2/+1
| | | | | | Ubuntu Bionic 18.04 has 0.45, so it was below the previously required minimum version already. Focal 20.04 has 0.53.2. Let's require that and use various features that are available.
* docs: move /var/log/README to a tmpfiles.d symlinkLuca BRUNO2021-07-212-15/+26
| | | | | | This moves the /var/log/README content out of /var and into the docs location, replacing the previous file with a symlink created through a tmpfiles.d entry.
* meson: add workaround for old mesonZbigniew Jędrzejewski-Szmek2021-05-191-1/+2
| | | | | | | Recent meson versions include the directory name in the target name, so there is no conflict for files with the same name in different directories. But at least with meson-0.49.2 in buster we have conflict with sysusers.d/systemd.conf.
* meson: use jinja2 for tmpfiles.d templatesZbigniew Jędrzejewski-Szmek2021-05-195-54/+38
| | | | | | HAVE_SMACK_RUN_LABEL was dropped back in 348b44372f36010d48d9a7dda14ef67155753a71, so one line in etc.conf was not rendered as expected ;( Checking if names are defined is paying for itself!
* Add READMEs in all .d directoriesZbigniew Jędrzejewski-Szmek2021-03-262-13/+22
|
* udev: allow kvm group to access vhost-net deviceMarc-André Lureau2021-01-131-0/+1
| | | | | | | /dev/vhost-net is a host accelerator for virtio net devices. It has been long available and used, thus should be safe to all KVM users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* udev: allow kvm group to access vhost-vsock deviceMarc-André Lureau2021-01-131-0/+1
| | | | | | | | | /dev/vhost-vsock allows to setup a guest CID and running state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING) All this should be legitimate and safe for KVM users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* meson: add option to skip installing to $sysconfdirJörg Thalheim2020-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | This is useful for development where overwriting files out side the configured prefix will affect the host as well as stateless systems such as NixOS that don't let packages install to /etc but handle configuration on their own. Alternative to https://github.com/systemd/systemd/pull/17501 tested with: $ mkdir inst build && cd build $ meson \ -Dcreate-log-dirs=false \ -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \ -Dsysvinit-path=$(realpath ../inst)/etc/init.d \ -Drootprefix=$(realpath ../inst) \ -Dinstall-sysconfdir=false \ --prefix=$(realpath ../inst) .. $ ninja install
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-093-3/+3
|
* pstore: don't enable crash_kexec_post_notifiers by defaultKairui Song2020-10-221-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit f00c36641a253f4ea659ec3def5d87ba1336eb3b enabled crash_kexec_post_notifiers by default regardless of whether pstore is enabled or not. The original intention to enabled this option by default is that it only affects kernel post-panic behavior, so should have no harm. But this is not true if the user wants a reliable kdump. crash_kexec_post_notifiers is known to cause problem with kdump, and it's documented in kernel. It's not easy to fix the problem because of how kdump works. Kdump expects the crashed kernel to jump to an pre-loaded crash kernel, so doing any extra job before the jump will increase the risk. It depends on the user to choose between having a reliable kdump or some other post-panic debug mechanic. So it's better to keep this config untouched by default, or it may put kdump at higher risk of failing silently. User should enable it by uncommenting the config line manually if pstore is always needed. Also add a inline comment inform user about the potential issue. Thanks to Dave Young for finding out this issue. Fixes #16661 Signed-off-by: Kairui Song <kasong@redhat.com>
* tmpfiles: don't complain if we can't enable pstore in containersLennart Poettering2020-05-251-2/+2
|
* pstore: introduce tmpfiles.d/systemd-pstore.confEric DeVolder2020-05-152-0/+30
| | | | | | | | | | | | | | | | | | | | | | | | The systemd pstore service archives the contents of /sys/fs/pstore upon boot so that there is room for a subsequent dump. The issue is that while the service is present, the kernel still needs to be configured to write data into the pstore. The kernel has two parameters, crash_kexec_post_notifiers and printk.always_kmsg_dump, that control writes into pstore. The crash_kexec_post_notifiers parameter enables the kernel to write dmesg (including stack trace) into pstore upon a panic, and printk.always_kmsg_dump parameter enables the kernel to write dmesg upon a shutdown (shutdown, reboot, halt). As it stands today, these parameters are not managed/manipulated by the systemd pstore service, and are solely reliant upon the user [to have the foresight] to set them on the kernel command line at boot, or post boot via sysfs. Furthermore, the user would need to set these parameters in a persistent fashion so that that they are enabled on subsequent reboots. This patch introduces the setting of these two kernel parameters via the systemd tmpfiles technique.
* tmpfiles: apply ACLs to top-level journal directory in /run, tooLennart Poettering2020-01-311-0/+3
| | | | | | We already apply them to the directory in /var. Let's do the same in /run too. That's because due to the log namespace logic we nowadays can gain additional subdirs there during regular operation.
* tmpfiles: merge lines for the same inodesLennart Poettering2020-01-311-18/+9
|
* resolved, networkd: don't resolve the user if not rootTopi Miettinen2019-12-071-0/+1
| | | | | | | | | | If a daemon is not started as root, most likely it also can't create its directory and let's not try to resolve the user in that case either. Create /run/systemd/netif/lldp with tmpfiles.d like other netif directories. This is also very helpful for preparing a RootImage for the daemons as NSS crud is not needed.
* Corect man page reference in systemd-nologin.conf commentsSteve Traylen2019-09-241-1/+1
| | | | | The reference to the man page of `systemd-user-sessions.service` in the comments of `tmpfiles.d/systemd-nologin.conf` is corrected.
* Update m4 for selective utmp support.Donald A. Cupp Jr2019-09-161-0/+2
| | | | modified: tmpfiles.d/systemd.conf.m4
* tmpfiles: override permissions of static nodes that need thisZbigniew Jędrzejewski-Szmek2019-08-192-14/+38
| | | | Fixes #13350.
* tmpfiles: copy files to /etc only on bootZbigniew Jędrzejewski-Szmek2019-07-251-3/+3
| | | | | | | | | | | | | | | | | | | | We'd copy /etc/nsswitch.conf, /etc/pam.d/, and /etc/issue (*) on every tmpfiles --create run. I think we should only do this at boot, so if people install systemd.rpm in a larger transaction and want to create those files at a later step, we don't interfere with that. (Stuff like /etc/os-release and /etc/mtab is not really configurable, we might as was create it uncondtionally.) (Seemingly, the alternative approach might be to not call systemd-tmpfiles --create in systemd.rpm %post. But this wouldn't have much effect, because various packages call it anyway, and our %tmpfiles_create_package macro does too. So we need to change the configuration instead.) (*) We don't provide /usr/share/factory/issue, so normally this fails, but somebody else might provide that file, so it seems useful to keep the C line.
* tmpfiles: stop creating /etc/localtime symlinkZbigniew Jędrzejewski-Szmek2019-07-251-1/+0
| | | | | | | If the symlink is not present, UTC is the default. There *is* a slight advantage to it: humans might expect it to be present and look in /etc. But it might interfere with post-install scripts and it doesn't serve any technical purpose. Let's not create it. Fixes #13183.
* factory: add default /etc/issue fileLennart Poettering2019-07-241-0/+1
| | | | | | Booting up an image with --volatile=yes otherwise looks so naked, so let's include this file in the default factory too. It's common and simple and should be safe to ship.
* coredump: fixed bug - some coredump temp files could be lostKrayushkin Konstantin2019-05-311-0/+5
| | | | | | | | If the machine was suddenly shutted down (hard reboot for example) while processing core dump, temp files created manually (not with a O_TEMPFILE flag) stay in the system. After reboot systemd-coredump treat them as usual files, so they wouldn't be rotated and shall pollute the filesystem. Solution is to simply add those temp files to systemd-tmpfiles configs.
* tmpfiles: do not create /run/nologin if PAM is disabledXi Ruoyao2019-05-131-1/+1
| | | | | | | | | If systemd is not built with PAM support, systemd-user-sessions.service won't be built. On systems without PAM, /run/nologin is useless. On systems with PAM but systemd is not built with PAM, /run/nologin won't be removed and all unprivileged users can't login. So, we should not create /run/nologin if systemd is built without PAM.
* tmpfiles: split tmp.conf outFranck Bui2019-04-133-10/+19
| | | | | | | | | | | | | | | | | tmp.conf was dealing with 2 different kind of paths: one dealing with general temporary paths such as /var/tmp and /tmp and the other one dealing with temporary directories owned by systemd. If for example a user wants to adjust the age argument of the general paths only, he had to overload the whole file which is cumbersome and error prone since any future changes in tmp.conf shipped by systemd will be lost. So this patch splits out tmp.conf so the systemd directories are dealt separately in a dedicated conf file. It's named "systemd-tmp.conf" based on the naming recommendation made in tmpfiles.d man page. In practice it shouldn't cause any regression since it's very unlikely that users override paths owned by systemd.
* sysusers,tmpfiles: re-create systemd-network, systemd-resolve and ↵Yu Watanabe2018-07-161-3/+3
| | | | | | | | | | | | | | systemd-timesync This partially reverts d4e9e574ea0b5d23598a317e68399584d229568b, 0187368cadea183e18c6d575a9d6b7f491a402af, and 4240cb02fda90ba11dfc0114201e42691132c6a9. The services systemd-networkd, systemd-resolved, and systemd-timesyncd enable DynamicUsers= and have bus interfaces. Unfortunately, these has many problems now. Let us create the relevant users, at least, tentatively. Fixes #9503.
* tmpfiles: specify access mode for /run/systemd/netifYu Watanabe2018-06-251-3/+3
| | | | | | This partially reverts 2af767729489f6baa98a2641b2007acab44ed353. As the directories are certainly readable and not-writable by non-privileged users.
* tmpfile: do not specify mode and owner to /run/systemd/netifYu Watanabe2018-06-221-3/+3
| | | | Fixes #9369.
* Drop my copyright headersZbigniew Jędrzejewski-Szmek2018-06-141-2/+0
| | | | | | | perl -i -0pe 's/\s*Copyright © .... Zbigniew Jędrzejewski.*?\n/\n/gms' man/*xml git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/(#\n)?# +Copyright © [0-9, -]+ Zbigniew Jędrzejewski.*?\n//gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s*\/\*\*\*\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*?\s*\*\*\*\/\s*/\n\n/gms' git grep -e 'Copyright.*Jędrzejewski' -l | xargs perl -i -0pe 's/\s+Copyright © [0-9, -]+ Zbigniew Jędrzejewski[^\n]*//gms'
* tree-wide: beautify remaining copyright statementsLennart Poettering2018-06-141-1/+1
| | | | | | Let's unify an beautify our remaining copyright statements, with a unicode ©. This means our copyright statements are now always formatted the same way. Yay.
* add new portable service frameworkLennart Poettering2018-05-242-0/+5
| | | | | | | | | | | This adds a small service "systemd-portabled" and a matching client "portablectl", which implement the "portable service" concept. The daemon implements the actual operations, is PolicyKit-enabled and is activated on demand with exit-on-idle. Both the daemon and the client are an optional build artifact, enabled by default rhough.
* network: set DynamicUser= to systemd-networkd.serviceYu Watanabe2018-05-221-3/+3
|