summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--man/tmpfiles.d.xml43
-rw-r--r--src/journal/journal-remote.c2
-rw-r--r--src/shared/mkdir.c15
-rw-r--r--src/shared/mkdir.h2
-rw-r--r--src/tmpfiles/tmpfiles.c120
-rw-r--r--tmpfiles.d/systemd.conf4
6 files changed, 80 insertions, 106 deletions
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 20ed803a52..76cae39aae 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -189,17 +189,6 @@ L /tmp/foobar - - - - /dev/null</programlisting>
</varlistentry>
<varlistentry>
- <term><varname>m</varname></term>
- <listitem><para>If the
- specified file path exists,
- adjust its access mode, group
- and user to the specified
- values and reset the SELinux
- security context. If it does not exist, do
- nothing.</para></listitem>
- </varlistentry>
-
- <varlistentry>
<term><varname>x</varname></term>
<listitem><para>Ignore a path
during cleaning. Use this type
@@ -262,27 +251,29 @@ L /tmp/foobar - - - - /dev/null</programlisting>
<varlistentry>
<term><varname>z</varname></term>
- <listitem><para>Restore
- SELinux security context
- and set ownership and access
- mode of a file or directory if
- it exists. Lines of this type
- accept shell-style globs in
- place of normal path names.
+ <listitem><para>Adjust the
+ access mode, group and user,
+ and restore the SELinux security
+ context of a file or directory,
+ if it exists. Lines of this
+ type accept shell-style globs
+ in place of normal path names.
</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>Z</varname></term>
<listitem><para>Recursively
- restore SELinux security
- context and set
- ownership and access mode of a
- path and all its
- subdirectories (if it is a
- directory). Lines of this type
- accept shell-style globs in
- place of normal path
+ set the access mode, group and
+ user, and restore the SELinux
+ security context of a file or
+ directory if it exists, as
+ well as of its subdirectories
+ and the files contained
+ therein (if applicable). Lines
+ of this type accept
+ shell-style globs in place of
+ normal path
names.</para></listitem>
</varlistentry>
</variablelist>
diff --git a/src/journal/journal-remote.c b/src/journal/journal-remote.c
index 9adad7aabc..915f234ab2 100644
--- a/src/journal/journal-remote.c
+++ b/src/journal/journal-remote.c
@@ -185,7 +185,7 @@ static int open_output(Writer *s, const char* url) {
if (r < 0)
return log_oom();
} else {
- r = is_dir(arg_output);
+ r = is_dir(arg_output, true);
if (r > 0) {
r = asprintf(&output,
"%s/remote-%s.journal", arg_output, name);
diff --git a/src/shared/mkdir.c b/src/shared/mkdir.c
index ba083d6d67..f941efb401 100644
--- a/src/shared/mkdir.c
+++ b/src/shared/mkdir.c
@@ -58,11 +58,16 @@ int mkdir_safe(const char *path, mode_t mode, uid_t uid, gid_t gid) {
return mkdir_safe_internal(path, mode, uid, gid, mkdir);
}
-int is_dir(const char* path) {
+int is_dir(const char* path, bool follow) {
struct stat st;
- if (stat(path, &st) < 0)
- return -errno;
+ if (follow) {
+ if (stat(path, &st) < 0)
+ return -errno;
+ } else {
+ if (lstat(path, &st) < 0)
+ return -errno;
+ }
return S_ISDIR(st.st_mode);
}
@@ -85,7 +90,7 @@ int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mk
return 0;
p = strndupa(path, e - path);
- r = is_dir(p);
+ r = is_dir(p, true);
if (r > 0)
return 0;
if (r == 0)
@@ -130,7 +135,7 @@ int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, mkdir_fu
return r;
r = _mkdir(path, mode);
- if (r < 0 && (errno != EEXIST || is_dir(path) <= 0))
+ if (r < 0 && (errno != EEXIST || is_dir(path, true) <= 0))
return -errno;
return 0;
diff --git a/src/shared/mkdir.h b/src/shared/mkdir.h
index f1bf4c0a68..d15ede6064 100644
--- a/src/shared/mkdir.h
+++ b/src/shared/mkdir.h
@@ -41,4 +41,4 @@ typedef int (*mkdir_func_t)(const char *pathname, mode_t mode);
int mkdir_safe_internal(const char *path, mode_t mode, uid_t uid, gid_t gid, mkdir_func_t _mkdir);
int mkdir_parents_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
int mkdir_p_internal(const char *prefix, const char *path, mode_t mode, mkdir_func_t _mkdir);
-int is_dir(const char *path);
+int is_dir(const char *path, bool is_dir);
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 6745c23a15..89f6c6bd15 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -71,7 +71,6 @@ typedef enum ItemType {
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
- ADJUST_MODE = 'm',
/* These ones take globs */
WRITE_FILE = 'w',
@@ -79,8 +78,9 @@ typedef enum ItemType {
IGNORE_DIRECTORY_PATH = 'X',
REMOVE_PATH = 'r',
RECURSIVE_REMOVE_PATH = 'R',
+ ADJUST_MODE = 'm', /* legacy, 'z' is identical to this */
RELABEL_PATH = 'z',
- RECURSIVE_RELABEL_PATH = 'Z'
+ RECURSIVE_RELABEL_PATH = 'Z',
} ItemType;
typedef struct Item {
@@ -134,6 +134,7 @@ static bool needs_glob(ItemType t) {
IGNORE_DIRECTORY_PATH,
REMOVE_PATH,
RECURSIVE_REMOVE_PATH,
+ ADJUST_MODE,
RELABEL_PATH,
RECURSIVE_RELABEL_PATH);
}
@@ -543,109 +544,90 @@ static int write_one_file(Item *i, const char *path) {
return 0;
}
-static int recursive_relabel_children(Item *i, const char *path) {
+static int item_set_perms_children(Item *i, const char *path) {
_cleanup_closedir_ DIR *d;
- int ret = 0;
+ int r = 0;
+
+ assert(i);
+ assert(path);
/* This returns the first error we run into, but nevertheless
* tries to go on */
d = opendir(path);
if (!d)
- return errno == ENOENT ? 0 : -errno;
+ return errno == ENOENT || errno == ENOTDIR ? 0 : -errno;
for (;;) {
+ _cleanup_free_ char *p = NULL;
struct dirent *de;
- bool dir;
- int r;
- _cleanup_free_ char *entry_path = NULL;
+ int q;
errno = 0;
de = readdir(d);
- if (!de && errno != 0) {
- if (ret == 0)
- ret = -errno;
- break;
- }
+ if (!de) {
+ if (errno != 0 && r == 0)
+ r = -errno;
- if (!de)
break;
+ }
if (streq(de->d_name, ".") || streq(de->d_name, ".."))
continue;
- if (asprintf(&entry_path, "%s/%s", path, de->d_name) < 0) {
- if (ret == 0)
- ret = -ENOMEM;
- continue;
- }
-
- if (de->d_type == DT_UNKNOWN) {
- r = is_dir(entry_path);
- if (r < 0) {
- if (ret == 0 && errno != ENOENT)
- ret = -errno;
- continue;
- }
-
- dir = r;
-
- } else
- dir = de->d_type == DT_DIR;
+ p = strjoin(path, "/", de->d_name, NULL);
+ if (!p)
+ return -ENOMEM;
- r = item_set_perms(i, entry_path);
- if (r < 0) {
- if (ret == 0 && r != -ENOENT)
- ret = r;
- continue;
- }
+ q = item_set_perms(i, p);
+ if (q < 0 && q != -ENOENT && r == 0)
+ r = q;
- if (dir) {
- r = recursive_relabel_children(i, entry_path);
- if (r < 0 && ret == 0)
- ret = r;
+ if (IN_SET(de->d_type, DT_UNKNOWN, DT_DIR)) {
+ q = item_set_perms_children(i, p);
+ if (q < 0 && r == 0)
+ r = q;
}
}
- return ret;
+ return r;
}
-static int recursive_relabel(Item *i, const char *path) {
- int r;
- struct stat st;
+static int item_set_perms_recursive(Item *i, const char *path) {
+ int r, q;
+
+ assert(i);
+ assert(path);
r = item_set_perms(i, path);
if (r < 0)
return r;
- if (lstat(path, &st) < 0)
- return -errno;
-
- if (S_ISDIR(st.st_mode))
- r = recursive_relabel_children(i, path);
+ q = item_set_perms_children(i, path);
+ if (q < 0 && r == 0)
+ r = q;
return r;
}
static int glob_item(Item *i, int (*action)(Item *, const char *)) {
- int r = 0, k;
_cleanup_globfree_ glob_t g = {};
+ int r = 0, k;
char **fn;
errno = 0;
k = glob(i->path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
- if (k != 0)
- if (k != GLOB_NOMATCH) {
- if (errno > 0)
- errno = EIO;
+ if (k != 0 && k != GLOB_NOMATCH) {
+ if (errno == 0)
+ errno = EIO;
- log_error("glob(%s) failed: %m", i->path);
- return -errno;
- }
+ log_error("glob(%s) failed: %m", i->path);
+ return -errno;
+ }
STRV_FOREACH(fn, g.gl_pathv) {
k = action(i, *fn);
- if (k < 0)
+ if (k < 0 && r == 0)
r = k;
}
@@ -693,13 +675,6 @@ static int create_item(Item *i) {
break;
- case ADJUST_MODE:
- r = item_set_perms_full(i, i->path, true);
- if (r < 0)
- return r;
-
- break;
-
case TRUNCATE_DIRECTORY:
case CREATE_DIRECTORY:
@@ -826,6 +801,7 @@ static int create_item(Item *i) {
break;
}
+ case ADJUST_MODE:
case RELABEL_PATH:
r = glob_item(i, item_set_perms);
@@ -835,9 +811,11 @@ static int create_item(Item *i) {
case RECURSIVE_RELABEL_PATH:
- r = glob_item(i, recursive_relabel);
+ r = glob_item(i, item_set_perms_recursive);
if (r < 0)
return r;
+
+ break;
}
log_debug("%s created successfully.", i->path);
@@ -861,11 +839,11 @@ static int remove_item_instance(Item *i, const char *instance) {
case CREATE_CHAR_DEVICE:
case IGNORE_PATH:
case IGNORE_DIRECTORY_PATH:
+ case ADJUST_MODE:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
case COPY_FILES:
- case ADJUST_MODE:
break;
case REMOVE_PATH:
@@ -908,11 +886,11 @@ static int remove_item(Item *i) {
case CREATE_BLOCK_DEVICE:
case IGNORE_PATH:
case IGNORE_DIRECTORY_PATH:
+ case ADJUST_MODE:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
case COPY_FILES:
- case ADJUST_MODE:
break;
case REMOVE_PATH:
@@ -1158,9 +1136,9 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
case IGNORE_DIRECTORY_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
+ case ADJUST_MODE:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
- case ADJUST_MODE:
break;
case CREATE_SYMLINK:
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index c5910f8cfe..85dc35699d 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -25,7 +25,7 @@ d /run/systemd/netif 0755 systemd-network systemd-network -
d /run/systemd/netif/links 0755 systemd-network systemd-network -
d /run/systemd/netif/leases 0755 systemd-network systemd-network -
-m /var/log/journal 2755 root systemd-journal - -
+z /var/log/journal 2755 root systemd-journal - -
Z /var/log/journal/%m 2755 root systemd-journal - -
-m /run/log/journal 2755 root systemd-journal - -
+z /run/log/journal 2755 root systemd-journal - -
Z /run/log/journal/%m 2755 root systemd-journal - -
generated by cgit v1.2.3-54-g00ecf (git 2.45.2) at 2024-07-12 18:20:03 +0000