diff options
Diffstat (limited to 'src')
30 files changed, 302 insertions, 0 deletions
diff --git a/src/grp-coredump/systemd-coredump/50-coredump.sysctl.in b/src/grp-coredump/systemd-coredump/50-coredump.sysctl.in new file mode 100644 index 0000000000..5a25de4512 --- /dev/null +++ b/src/grp-coredump/systemd-coredump/50-coredump.sysctl.in @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) for the description of the files in this directory, +# and systemd-coredump(8) and core(5) for the explanation of the +# setting below. + +kernel.core_pattern=|@rootlibexecdir@/systemd-coredump %P %u %g %s %t %c %e diff --git a/src/grp-coredump/systemd-coredump/systemd-coredump.sysusers b/src/grp-coredump/systemd-coredump/systemd-coredump.sysusers new file mode 100644 index 0000000000..bc0816ca5e --- /dev/null +++ b/src/grp-coredump/systemd-coredump/systemd-coredump.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-coredump - "systemd Core Dumper" diff --git a/src/grp-initprogs/systemd-sysctl/50-default.sysctl b/src/grp-initprogs/systemd-sysctl/50-default.sysctl new file mode 100644 index 0000000000..def151bb84 --- /dev/null +++ b/src/grp-initprogs/systemd-sysctl/50-default.sysctl @@ -0,0 +1,40 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See sysctl.d(5) and core(5) for for documentation. + +# To override settings in this file, create a local file in /etc +# (e.g. /etc/sysctl.d/90-override.conf), and put any assignments +# there. + +# System Request functionality of the kernel (SYNC) +# +# Use kernel.sysrq = 1 to allow all keys. +# See http://fedoraproject.org/wiki/QA/Sysrq for a list of values and keys. +kernel.sysrq = 16 + +# Append the PID to the core filename +kernel.core_uses_pid = 1 + +# Source route verification +net.ipv4.conf.default.rp_filter = 1 +net.ipv4.conf.all.rp_filter = 1 + +# Do not accept source routing +net.ipv4.conf.default.accept_source_route = 0 +net.ipv4.conf.all.accept_source_route = 0 + +# Promote secondary addresses when the primary address is removed +net.ipv4.conf.default.promote_secondaries = 1 +net.ipv4.conf.all.promote_secondaries = 1 + +# Fair Queue CoDel packet scheduler to fight bufferbloat +net.core.default_qdisc = fq_codel + +# Enable hard and soft link protection +fs.protected_hardlinks = 1 +fs.protected_symlinks = 1 diff --git a/src/grp-initprogs/systemd-sysusers/.gitignore b/src/grp-initprogs/systemd-sysusers/.gitignore new file mode 100644 index 0000000000..c065034d29 --- /dev/null +++ b/src/grp-initprogs/systemd-sysusers/.gitignore @@ -0,0 +1,3 @@ +/basic.conf +/systemd.conf +/systemd-remote.conf diff --git a/src/grp-initprogs/systemd-sysusers/basic.sysusers.in b/src/grp-initprogs/systemd-sysusers/basic.sysusers.in new file mode 100644 index 0000000000..b2dc5ebd4f --- /dev/null +++ b/src/grp-initprogs/systemd-sysusers/basic.sysusers.in @@ -0,0 +1,36 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# The superuser +u root 0 "Super User" /root + +# The nobody user for NFS file systems +u nobody 65534 "Nobody" - + +# Administrator group: can *see* more than normal users +g adm - - - + +# Administrator group: can *do* more than normal users +g wheel - - - + +# Access to certain kernel and userspace facilities +g kmem - - - +g tty @TTY_GID@ - - +g utmp - - - + +# Hardware access groups +g audio - - - +g cdrom - - - +g dialout - - - +g disk - - - +g input - - - +g lp - - - +g tape - - - +g video - - - + +# Default group for normal users +g users - - - diff --git a/src/grp-initprogs/systemd-tmpfiles/etc.tmpfiles.m4 b/src/grp-initprogs/systemd-tmpfiles/etc.tmpfiles.m4 new file mode 100644 index 0000000000..928105ea8d --- /dev/null +++ b/src/grp-initprogs/systemd-tmpfiles/etc.tmpfiles.m4 @@ -0,0 +1,19 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +L /etc/os-release - - - - ../usr/lib/os-release +L /etc/localtime - - - - ../usr/share/zoneinfo/UTC +L+ /etc/mtab - - - - ../proc/self/mounts +m4_ifdef(`HAVE_SMACK_RUN_LABEL', +t /etc/mtab - - - - security.SMACK64=_ +)m4_dnl +C /etc/nsswitch.conf - - - - +m4_ifdef(`HAVE_PAM', +C /etc/pam.d - - - - +)m4_dnl diff --git a/src/grp-initprogs/systemd-tmpfiles/home.tmpfiles b/src/grp-initprogs/systemd-tmpfiles/home.tmpfiles new file mode 100644 index 0000000000..9f25b83392 --- /dev/null +++ b/src/grp-initprogs/systemd-tmpfiles/home.tmpfiles @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +Q /home 0755 - - - +q /srv 0755 - - - diff --git a/src/grp-initprogs/systemd-tmpfiles/systemd-nologin.tmpfiles b/src/grp-initprogs/systemd-tmpfiles/systemd-nologin.tmpfiles new file mode 100644 index 0000000000..a30a8da604 --- /dev/null +++ b/src/grp-initprogs/systemd-tmpfiles/systemd-nologin.tmpfiles @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5), systemd-user-session.service(5) and pam_nologin(8). +# This file has special suffix so it is not run by mistake. + +F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)" diff --git a/src/grp-journal/journalctl/systemd-journal-gatewayd.service.in b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.service.in index f4f845841d..f4f845841d 100644 --- a/src/grp-journal/journalctl/systemd-journal-gatewayd.service.in +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.service.in diff --git a/src/grp-journal/journalctl/systemd-journal-gatewayd.socket b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.socket index 79d9b04210..79d9b04210 100644 --- a/src/grp-journal/journalctl/systemd-journal-gatewayd.socket +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.socket diff --git a/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.sysusers b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.sysusers new file mode 100644 index 0000000000..379be0852e --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-gatewayd/systemd-journal-gatewayd.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-journal-gateway - "systemd Journal Gateway" diff --git a/src/grp-journal/journalctl/systemd-journal-remote.service.in b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.service.in index fdf3da4b64..fdf3da4b64 100644 --- a/src/grp-journal/journalctl/systemd-journal-remote.service.in +++ b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.service.in diff --git a/src/grp-journal/journalctl/systemd-journal-remote.socket b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.socket index 076dcae8a3..076dcae8a3 100644 --- a/src/grp-journal/journalctl/systemd-journal-remote.socket +++ b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.socket diff --git a/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.sysusers b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.sysusers new file mode 100644 index 0000000000..ca20c24896 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-remote/systemd-journal-remote.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-journal-remote - "systemd Journal Remote" diff --git a/src/grp-journal/journalctl/systemd-journal-upload.service.in b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.service.in index 1f488ff425..1f488ff425 100644 --- a/src/grp-journal/journalctl/systemd-journal-upload.service.in +++ b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.service.in diff --git a/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.sysusers b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.sysusers new file mode 100644 index 0000000000..927d400279 --- /dev/null +++ b/src/grp-journal/grp-remote/systemd-journal-upload/systemd-journal-upload.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-journal-upload - "systemd Journal Upload" diff --git a/src/grp-journal/systemd-journald/systemd-journald.sysusers b/src/grp-journal/systemd-journald/systemd-journald.sysusers new file mode 100644 index 0000000000..dcb01f606a --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +g systemd-journal - - diff --git a/src/grp-journal/systemd-journald/systemd-journald.tmpfiles.m4 b/src/grp-journal/systemd-journald/systemd-journald.tmpfiles.m4 new file mode 100644 index 0000000000..2cd58e9121 --- /dev/null +++ b/src/grp-journal/systemd-journald/systemd-journald.tmpfiles.m4 @@ -0,0 +1,73 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/user 0755 root root - +F! /run/utmp 0664 root utmp - + +d /run/systemd/ask-password 0755 root root - +d /run/systemd/seats 0755 root root - +d /run/systemd/sessions 0755 root root - +d /run/systemd/users 0755 root root - +d /run/systemd/machines 0755 root root - +d /run/systemd/shutdown 0755 root root - +m4_ifdef(`ENABLE_NETWORKD', +d /run/systemd/netif 0755 systemd-network systemd-network - +d /run/systemd/netif/links 0755 systemd-network systemd-network - +d /run/systemd/netif/leases 0755 systemd-network systemd-network - +)m4_dnl + +d /run/log 0755 root root - + +z /run/log/journal 2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - +m4_ifdef(`HAVE_ACL',`m4_dnl +m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r-- +'',`` +a+ /run/log/journal/%m - - - - d:group:adm:r-x +a+ /run/log/journal/%m - - - - group:adm:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r-- +'')',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /run/log/journal/%m - - - - d:group:wheel:r-x +a+ /run/log/journal/%m - - - - group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r-- +'')')')m4_dnl + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - +z /var/log/journal/%m/system.journal 0640 root systemd-journal - - +m4_ifdef(`HAVE_ACL',`m4_dnl +m4_ifdef(`ENABLE_ADM_GROUP',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- +'', `` +a+ /var/log/journal - - - - d:group:adm:r-x +a+ /var/log/journal - - - - group:adm:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x +a+ /var/log/journal/%m - - - - group:adm:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- +'')',`m4_dnl +m4_ifdef(`ENABLE_WHEEL_GROUP',`` +a+ /var/log/journal - - - - d:group:wheel:r-x +a+ /var/log/journal - - - - group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- +'')')')m4_dnl + +d /var/lib/systemd 0755 root root - +d /var/lib/systemd/coredump 0755 root root 3d diff --git a/src/grp-network/systemd-networkd/networkd.h b/src/grp-network/libnetworkd-core/networkd.h index b61e03920e..b61e03920e 100644 --- a/src/grp-network/systemd-networkd/networkd.h +++ b/src/grp-network/libnetworkd-core/networkd.h diff --git a/src/grp-network/systemd-networkd/systemd-networkd.sysusers b/src/grp-network/systemd-networkd/systemd-networkd.sysusers new file mode 100644 index 0000000000..208148d6b8 --- /dev/null +++ b/src/grp-network/systemd-networkd/systemd-networkd.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-network - "systemd Network Management" diff --git a/src/grp-resolve/systemd-resolved/resolved-def.h b/src/grp-resolve/libbasic-dns/resolved-def.h index c4c1915b18..c4c1915b18 100644 --- a/src/grp-resolve/systemd-resolved/resolved-def.h +++ b/src/grp-resolve/libbasic-dns/resolved-def.h diff --git a/src/grp-resolve/systemd-resolved/systemd-resolved.sysusers b/src/grp-resolve/systemd-resolved/systemd-resolved.sysusers new file mode 100644 index 0000000000..5872bf2db7 --- /dev/null +++ b/src/grp-resolve/systemd-resolved/systemd-resolved.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-resolve - "systemd Resolver" diff --git a/src/grp-resolve/systemd-resolved/systemd-resolved.tmpfiles b/src/grp-resolve/systemd-resolved/systemd-resolved.tmpfiles new file mode 100644 index 0000000000..3160f5cf7e --- /dev/null +++ b/src/grp-resolve/systemd-resolved/systemd-resolved.tmpfiles @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf diff --git a/src/grp-udev/rules/60-cdrom_id.rules b/src/grp-udev/cdrom_id/60-cdrom_id.rules index 5c3b52ebb9..5c3b52ebb9 100644 --- a/src/grp-udev/rules/60-cdrom_id.rules +++ b/src/grp-udev/cdrom_id/60-cdrom_id.rules diff --git a/src/grp-udev/rules/75-probe_mtd.rules b/src/grp-udev/mtd_probe/75-probe_mtd.rules index 8848aeeaed..8848aeeaed 100644 --- a/src/grp-udev/rules/75-probe_mtd.rules +++ b/src/grp-udev/mtd_probe/75-probe_mtd.rules diff --git a/src/grp-udev/rules/60-persistent-v4l.rules b/src/grp-udev/v4l_id/60-persistent-v4l.rules index 93c5ee8c27..93c5ee8c27 100644 --- a/src/grp-udev/rules/60-persistent-v4l.rules +++ b/src/grp-udev/v4l_id/60-persistent-v4l.rules diff --git a/src/libsystemd/src/sd-path/sd-path.c b/src/grp-utils/systemd-path/sd-path.c index 6d9f3e2a61..6d9f3e2a61 100644 --- a/src/libsystemd/src/sd-path/sd-path.c +++ b/src/grp-utils/systemd-path/sd-path.c diff --git a/src/libsystemd/include/systemd/sd-path.h b/src/grp-utils/systemd-path/sd-path.h index be6abdcd03..be6abdcd03 100644 --- a/src/libsystemd/include/systemd/sd-path.h +++ b/src/grp-utils/systemd-path/sd-path.h diff --git a/src/systemd-nspawn/systemd-nspawn.tmpfiles b/src/systemd-nspawn/systemd-nspawn.tmpfiles new file mode 100644 index 0000000000..9fa3878d6b --- /dev/null +++ b/src/systemd-nspawn/systemd-nspawn.tmpfiles @@ -0,0 +1,23 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +Q /var/lib/machines 0700 - - - + +# Remove old temporary snapshots, but only at boot. Ideally we'd have +# "self-destroying" btrfs snapshots that go away if the last last +# reference to it does. To mimic a scheme like this at least remove +# the old snapshots on fresh boots, where we know they cannot be +# referenced anymore. Note that we actually remove all temporary files +# in /var/lib/machines/ at boot, which should be safe since the +# directory has defined semantics. In the root directory (where +# systemd-nspawn --ephemeral places snapshots) we are more strict, to +# avoid removing unrelated temporary files. + +R! /var/lib/machines/.#* +R! /.#machine.* diff --git a/src/systemd-timesyncd/systemd-timesyncd.sysusers b/src/systemd-timesyncd/systemd-timesyncd.sysusers new file mode 100644 index 0000000000..4d7af7b3ae --- /dev/null +++ b/src/systemd-timesyncd/systemd-timesyncd.sysusers @@ -0,0 +1,8 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +u systemd-timesync - "systemd Time Synchronization" |