From d924a938fe3dbba360cdbee0201ea9797c5f8bff Mon Sep 17 00:00:00 2001 From: Zbigniew Jędrzejewski-Szmek Date: Sun, 16 May 2021 13:35:51 +0200 Subject: meson: use jinja2 for tmpfiles.d templates HAVE_SMACK_RUN_LABEL was dropped back in 348b44372f36010d48d9a7dda14ef67155753a71, so one line in etc.conf was not rendered as expected ;( Checking if names are defined is paying for itself! --- meson.build | 7 ++- src/basic/fileio.c | 2 +- tmpfiles.d/etc.conf.in | 22 +++++++++ tmpfiles.d/etc.conf.m4 | 22 --------- tmpfiles.d/meson.build | 36 +++++--------- tmpfiles.d/static-nodes-permissions.conf.in | 6 +-- tmpfiles.d/systemd.conf.in | 72 ++++++++++++++++++++++++++++ tmpfiles.d/systemd.conf.m4 | 74 ----------------------------- tmpfiles.d/var.conf.in | 25 ++++++++++ tmpfiles.d/var.conf.m4 | 25 ---------- 10 files changed, 137 insertions(+), 154 deletions(-) create mode 100644 tmpfiles.d/etc.conf.in delete mode 100644 tmpfiles.d/etc.conf.m4 create mode 100644 tmpfiles.d/systemd.conf.in delete mode 100644 tmpfiles.d/systemd.conf.m4 create mode 100644 tmpfiles.d/var.conf.in delete mode 100644 tmpfiles.d/var.conf.m4 diff --git a/meson.build b/meson.build index 44931368de..c98c4c1e7d 100644 --- a/meson.build +++ b/meson.build @@ -850,6 +850,7 @@ conf.set10('ENABLE_ADM_GROUP', get_option('adm-group')) conf.set10('ENABLE_WHEEL_GROUP', get_option('wheel-group')) dev_kvm_mode = get_option('dev-kvm-mode') +conf.set_quoted('DEV_KVM_MODE', dev_kvm_mode) # FIXME: convert to 0o… notation substs.set('DEV_KVM_MODE', dev_kvm_mode) conf.set10('DEV_KVM_UACCESS', dev_kvm_mode != '0666') group_render_mode = get_option('group-render-mode') @@ -1040,10 +1041,8 @@ else endif conf.set10('HAVE_APPARMOR', have) -smack_run_label = get_option('smack-run-label') -if smack_run_label != '' - conf.set_quoted('SMACK_RUN_LABEL', smack_run_label) -endif +conf.set10('HAVE_SMACK_RUN_LABEL', get_option('smack-run-label') != '') +conf.set_quoted('SMACK_RUN_LABEL', get_option('smack-run-label')) want_polkit = get_option('polkit') install_polkit = false diff --git a/src/basic/fileio.c b/src/basic/fileio.c index 93d8547b32..dabdf5b517 100644 --- a/src/basic/fileio.c +++ b/src/basic/fileio.c @@ -1391,7 +1391,7 @@ int rename_and_apply_smack_floor_label(const char *from, const char *to) { if (rename(from, to) < 0) return -errno; -#ifdef SMACK_RUN_LABEL +#if HAVE_SMACK_RUN_LABEL r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL); if (r < 0) return r; diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in new file mode 100644 index 0000000000..2323fd8cd8 --- /dev/null +++ b/tmpfiles.d/etc.conf.in @@ -0,0 +1,22 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +L /etc/os-release - - - - ../usr/lib/os-release +L+ /etc/mtab - - - - ../proc/self/mounts +{% if HAVE_SMACK_RUN_LABEL %} +t /etc/mtab - - - - security.SMACK64=_ +{% endif %} +{% if ENABLE_RESOLVE %} +L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf +{% endif %} +C! /etc/nsswitch.conf - - - - +{% if HAVE_PAM %} +C! /etc/pam.d - - - - +{% endif %} +C! /etc/issue - - - - diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 deleted file mode 100644 index f82e0b82ce..0000000000 --- a/tmpfiles.d/etc.conf.m4 +++ /dev/null @@ -1,22 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# See tmpfiles.d(5) for details - -L /etc/os-release - - - - ../usr/lib/os-release -L+ /etc/mtab - - - - ../proc/self/mounts -m4_ifdef(`HAVE_SMACK_RUN_LABEL', -t /etc/mtab - - - - security.SMACK64=_ -)m4_dnl -m4_ifdef(`ENABLE_RESOLVE', -L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf -)m4_dnl -C! /etc/nsswitch.conf - - - - -m4_ifdef(`HAVE_PAM', -C! /etc/pam.d - - - - -)m4_dnl -C! /etc/issue - - - - diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build index d5d4bbc9ea..d449034dba 100644 --- a/tmpfiles.d/meson.build +++ b/tmpfiles.d/meson.build @@ -26,34 +26,20 @@ foreach pair : files endif endforeach -in_files = ['static-nodes-permissions.conf'] - -foreach file : in_files - gen = configure_file( - input : file + '.in', - output : file, - configuration : substs) - if enable_tmpfiles - install_data(gen, - install_dir : tmpfilesdir) - endif -endforeach - -m4_files = ['etc.conf', +in_files = ['etc.conf', + 'static-nodes-permissions.conf', 'systemd.conf', 'var.conf'] -foreach file : m4_files - if enable_tmpfiles - custom_target( - 'tmpfiles.d_' + file, - input : file + '.m4', - output: file, - command : [meson_apply_m4, config_h, '@INPUT@'], - capture : true, - install : true, - install_dir : tmpfilesdir) - endif +foreach file : in_files + custom_target( + file, + input : file + '.in', + output: file, + command : [meson_render_jinja2, config_h, '@INPUT@'], + capture : true, + install : enable_tmpfiles, + install_dir : tmpfilesdir) endforeach if enable_tmpfiles and install_sysconfdir diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in index e5aa8fdb20..f77312a71c 100644 --- a/tmpfiles.d/static-nodes-permissions.conf.in +++ b/tmpfiles.d/static-nodes-permissions.conf.in @@ -14,6 +14,6 @@ z /dev/snd/timer 0660 - audio - z /dev/loop-control 0660 - disk - z /dev/net/tun 0666 - - - z /dev/fuse 0666 - - - -z /dev/kvm @DEV_KVM_MODE@ - kvm - -z /dev/vhost-net @DEV_KVM_MODE@ - kvm - -z /dev/vhost-vsock @DEV_KVM_MODE@ - kvm - +z /dev/kvm {{DEV_KVM_MODE}} - kvm - +z /dev/vhost-net {{DEV_KVM_MODE}} - kvm - +z /dev/vhost-vsock {{DEV_KVM_MODE}} - kvm - diff --git a/tmpfiles.d/systemd.conf.in b/tmpfiles.d/systemd.conf.in new file mode 100644 index 0000000000..9b2357cd31 --- /dev/null +++ b/tmpfiles.d/systemd.conf.in @@ -0,0 +1,72 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/user 0755 root root - +{% if ENABLE_UTMP %} +F! /run/utmp 0664 root utmp - +{% endif %} + +d /run/systemd/ask-password 0755 root root - +d /run/systemd/seats 0755 root root - +d /run/systemd/sessions 0755 root root - +d /run/systemd/users 0755 root root - +d /run/systemd/machines 0755 root root - +d /run/systemd/shutdown 0755 root root - +{% if ENABLE_NETWORKD %} +d /run/systemd/netif 0755 systemd-network systemd-network - +d /run/systemd/netif/links 0755 systemd-network systemd-network - +d /run/systemd/netif/leases 0755 systemd-network systemd-network - +d /run/systemd/netif/lldp 0755 systemd-network systemd-network - +{% endif %} + +d /run/log 0755 root root - + +z /run/log/journal 2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - +{% if HAVE_ACL %} +{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %} +a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x +a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r-- +{% elif ENABLE_ADM_GROUP %} +a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x +a+ /run/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r-- +{% elif ENABLE_WHEEL_GROUP %} +a+ /run/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x +a+ /run/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r-- +{% endif %} +{% endif %} + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - +z /var/log/journal/%m/system.journal 0640 root systemd-journal - - +{% if HAVE_ACL %} +{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %} +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- +{% elif ENABLE_ADM_GROUP %} +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- +{% elif ENABLE_WHEEL_GROUP %} +a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- +{% endif %} +{% endif %} + +d /var/lib/systemd 0755 root root - +d /var/lib/systemd/coredump 0755 root root 3d + +d /var/lib/private 0700 root root - +d /var/log/private 0700 root root - +d /var/cache/private 0700 root root - diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 deleted file mode 100644 index 11d87d275b..0000000000 --- a/tmpfiles.d/systemd.conf.m4 +++ /dev/null @@ -1,74 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# See tmpfiles.d(5) for details - -d /run/user 0755 root root - -m4_ifdef(`ENABLE_UTMP', -F! /run/utmp 0664 root utmp - -)m4_dnl - -d /run/systemd/ask-password 0755 root root - -d /run/systemd/seats 0755 root root - -d /run/systemd/sessions 0755 root root - -d /run/systemd/users 0755 root root - -d /run/systemd/machines 0755 root root - -d /run/systemd/shutdown 0755 root root - -m4_ifdef(`ENABLE_NETWORKD', -d /run/systemd/netif 0755 systemd-network systemd-network - -d /run/systemd/netif/links 0755 systemd-network systemd-network - -d /run/systemd/netif/leases 0755 systemd-network systemd-network - -d /run/systemd/netif/lldp 0755 systemd-network systemd-network - -)m4_dnl - -d /run/log 0755 root root - - -z /run/log/journal 2755 root systemd-journal - - -Z /run/log/journal/%m ~2750 root systemd-journal - - -m4_ifdef(`HAVE_ACL',`m4_dnl -m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl -m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x -a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x -a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r-- -'',`` -a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x -a+ /run/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x -a+ /run/log/journal/%m/*.journal* - - - - group:adm:r-- -'')',`m4_dnl -m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /run/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x -a+ /run/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x -a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r-- -'')')')m4_dnl - -z /var/log/journal 2755 root systemd-journal - - -z /var/log/journal/%m 2755 root systemd-journal - - -z /var/log/journal/%m/system.journal 0640 root systemd-journal - - -m4_ifdef(`HAVE_ACL',`m4_dnl -m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl -m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x -a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x -a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- -'', `` -a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x -a+ /var/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x -a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- -'')',`m4_dnl -m4_ifdef(`ENABLE_WHEEL_GROUP',`` -a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x -a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x -a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- -'')')')m4_dnl - -d /var/lib/systemd 0755 root root - -d /var/lib/systemd/coredump 0755 root root 3d - -d /var/lib/private 0700 root root - -d /var/log/private 0700 root root - -d /var/cache/private 0700 root root - diff --git a/tmpfiles.d/var.conf.in b/tmpfiles.d/var.conf.in new file mode 100644 index 0000000000..557dd20ce9 --- /dev/null +++ b/tmpfiles.d/var.conf.in @@ -0,0 +1,25 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +q /var 0755 - - - + +L /var/run - - - - ../run + +d /var/log 0755 - - - +{% if ENABLE_UTMP %} +f /var/log/wtmp 0664 root utmp - +f /var/log/btmp 0660 root utmp - +f /var/log/lastlog 0664 root utmp - +{% endif %} + +d /var/cache 0755 - - - + +d /var/lib 0755 - - - + +d /var/spool 0755 - - - diff --git a/tmpfiles.d/var.conf.m4 b/tmpfiles.d/var.conf.m4 deleted file mode 100644 index 0e2c50966d..0000000000 --- a/tmpfiles.d/var.conf.m4 +++ /dev/null @@ -1,25 +0,0 @@ -# This file is part of systemd. -# -# systemd is free software; you can redistribute it and/or modify it -# under the terms of the GNU Lesser General Public License as published by -# the Free Software Foundation; either version 2.1 of the License, or -# (at your option) any later version. - -# See tmpfiles.d(5) for details - -q /var 0755 - - - - -L /var/run - - - - ../run - -d /var/log 0755 - - - -m4_ifdef(`ENABLE_UTMP', -f /var/log/wtmp 0664 root utmp - -f /var/log/btmp 0660 root utmp - -f /var/log/lastlog 0664 root utmp - -)m4_dnl - -d /var/cache 0755 - - - - -d /var/lib 0755 - - - - -d /var/spool 0755 - - - -- cgit v1.2.3