diff options
Diffstat (limited to 'tmpfiles.d')
| -rw-r--r-- | tmpfiles.d/.gitignore | 2 | ||||
| -rw-r--r-- | tmpfiles.d/etc.conf.m4 | 22 | ||||
| -rw-r--r-- | tmpfiles.d/home.conf | 11 | ||||
| -rw-r--r-- | tmpfiles.d/journal-nocow.conf | 27 | ||||
| -rw-r--r-- | tmpfiles.d/legacy.conf | 27 | ||||
| -rw-r--r-- | tmpfiles.d/systemd-nologin.conf | 11 | ||||
| -rw-r--r-- | tmpfiles.d/systemd-nspawn.conf | 23 | ||||
| -rw-r--r-- | tmpfiles.d/systemd-remote.conf | 13 | ||||
| -rw-r--r-- | tmpfiles.d/systemd.conf.m4 | 46 | ||||
| -rw-r--r-- | tmpfiles.d/tmp.conf | 18 | ||||
| -rw-r--r-- | tmpfiles.d/var.conf | 22 | ||||
| -rw-r--r-- | tmpfiles.d/x11.conf | 18 |
12 files changed, 240 insertions, 0 deletions
diff --git a/tmpfiles.d/.gitignore b/tmpfiles.d/.gitignore new file mode 100644 index 0000000000..4f0ecaa9c3 --- /dev/null +++ b/tmpfiles.d/.gitignore @@ -0,0 +1,2 @@ +/etc.conf +/systemd.conf diff --git a/tmpfiles.d/etc.conf.m4 b/tmpfiles.d/etc.conf.m4 new file mode 100644 index 0000000000..ef7b9b9541 --- /dev/null +++ b/tmpfiles.d/etc.conf.m4 @@ -0,0 +1,22 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +L /etc/os-release - - - - ../usr/lib/os-release +L /etc/localtime - - - - ../usr/share/zoneinfo/UTC +L+ /etc/mtab - - - - ../proc/self/mounts +m4_ifdef(`HAVE_SMACK_RUN_LABEL', +t /etc/mtab - - - - security.SMACK64=_ +)m4_dnl +m4_ifdef(`ENABLE_RESOLVED', +L! /etc/resolv.conf - - - - ../run/systemd/resolve/resolv.conf +)m4_dnl +C /etc/nsswitch.conf - - - - +m4_ifdef(`HAVE_PAM', +C /etc/pam.d - - - - +)m4_dnl diff --git a/tmpfiles.d/home.conf b/tmpfiles.d/home.conf new file mode 100644 index 0000000000..9f25b83392 --- /dev/null +++ b/tmpfiles.d/home.conf @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +Q /home 0755 - - - +q /srv 0755 - - - diff --git a/tmpfiles.d/journal-nocow.conf b/tmpfiles.d/journal-nocow.conf new file mode 100644 index 0000000000..e7938c8911 --- /dev/null +++ b/tmpfiles.d/journal-nocow.conf @@ -0,0 +1,27 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Set the NOCOW attribute for directories of journal files. This flag +# is inheredited by their new files and sub-directories. Matters only +# for btrfs filesystems. +# +# WARNING: Enabling the NOCOW attribute improves journal performance +# substantially, but also disables the btrfs checksum logic. In +# btrfs RAID filesystems the checksums are needed for rebuilding +# corrupted files. Without checksums such rebuilds are not +# possible. +# +# In a single-disk filesystem (or a filesystem without redundancy) +# enabling the NOCOW attribute for journal files is safe, because +# they have their own checksums and a rebuilding wouldn't be possible +# in any case. + +h /var/log/journal - - - - +C +h /var/log/journal/%m - - - - +C +h /var/log/journal/remote - - - - +C diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf new file mode 100644 index 0000000000..62e2ae0986 --- /dev/null +++ b/tmpfiles.d/legacy.conf @@ -0,0 +1,27 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# These files are considered legacy and are unnecessary on legacy-free +# systems. + +d /run/lock 0755 root root - +L /var/lock - - - - ../run/lock + +# /run/lock/subsys is used for serializing SysV service execution, and +# hence without use on SysV-less systems. + +d /run/lock/subsys 0755 root root - + +# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the +# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and +# 'quotacheck.mode=force' + +r! /forcefsck +r! /fastboot +r! /forcequotacheck diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf new file mode 100644 index 0000000000..a30a8da604 --- /dev/null +++ b/tmpfiles.d/systemd-nologin.conf @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5), systemd-user-session.service(5) and pam_nologin(8). +# This file has special suffix so it is not run by mistake. + +F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)" diff --git a/tmpfiles.d/systemd-nspawn.conf b/tmpfiles.d/systemd-nspawn.conf new file mode 100644 index 0000000000..9fa3878d6b --- /dev/null +++ b/tmpfiles.d/systemd-nspawn.conf @@ -0,0 +1,23 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +Q /var/lib/machines 0700 - - - + +# Remove old temporary snapshots, but only at boot. Ideally we'd have +# "self-destroying" btrfs snapshots that go away if the last last +# reference to it does. To mimic a scheme like this at least remove +# the old snapshots on fresh boots, where we know they cannot be +# referenced anymore. Note that we actually remove all temporary files +# in /var/lib/machines/ at boot, which should be safe since the +# directory has defined semantics. In the root directory (where +# systemd-nspawn --ephemeral places snapshots) we are more strict, to +# avoid removing unrelated temporary files. + +R! /var/lib/machines/.#* +R! /.#machine.* diff --git a/tmpfiles.d/systemd-remote.conf b/tmpfiles.d/systemd-remote.conf new file mode 100644 index 0000000000..e19230f648 --- /dev/null +++ b/tmpfiles.d/systemd-remote.conf @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /var/lib/systemd/journal-upload 0755 systemd-journal-upload systemd-journal-upload - - + +z /var/log/journal/remote 2755 systemd-journal-remote systemd-journal-remote - - +z /run/log/journal/remote 2755 systemd-journal-remote systemd-journal-remote - - diff --git a/tmpfiles.d/systemd.conf.m4 b/tmpfiles.d/systemd.conf.m4 new file mode 100644 index 0000000000..0575408dbe --- /dev/null +++ b/tmpfiles.d/systemd.conf.m4 @@ -0,0 +1,46 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/user 0755 root root - +F! /run/utmp 0664 root utmp - + +d /run/systemd/ask-password 0755 root root - +d /run/systemd/seats 0755 root root - +d /run/systemd/sessions 0755 root root - +d /run/systemd/users 0755 root root - +d /run/systemd/machines 0755 root root - +d /run/systemd/shutdown 0755 root root - +m4_ifdef(`ENABLE_NETWORKD', +d /run/systemd/netif 0755 systemd-network systemd-network - +d /run/systemd/netif/links 0755 systemd-network systemd-network - +d /run/systemd/netif/leases 0755 systemd-network systemd-network - +)m4_dnl + +d /run/log 0755 root root - + +z /run/log/journal 2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - +m4_ifdef(`HAVE_ACL',`` +a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x +A+ /run/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x +'')m4_dnl + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - +z /var/log/journal/%m/system.journal 0640 root systemd-journal - - +m4_ifdef(`HAVE_ACL',`` +a+ /var/log/journal - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x +a+ /var/log/journal/%m - - - - group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- +'')m4_dnl + +d /var/lib/systemd 0755 root root - +d /var/lib/systemd/coredump 0755 root root 3d diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf new file mode 100644 index 0000000000..6bbd1aa341 --- /dev/null +++ b/tmpfiles.d/tmp.conf @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Clear tmp directories separately, to make them easier to override +q /tmp 1777 root root 10d +q /var/tmp 1777 root root 30d + +# Exclude namespace mountpoints created with PrivateTmp=yes +x /tmp/systemd-private-%b-* +X /tmp/systemd-private-%b-*/tmp +x /var/tmp/systemd-private-%b-* +X /var/tmp/systemd-private-%b-*/tmp diff --git a/tmpfiles.d/var.conf b/tmpfiles.d/var.conf new file mode 100644 index 0000000000..ae7952e77a --- /dev/null +++ b/tmpfiles.d/var.conf @@ -0,0 +1,22 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +q /var 0755 - - - + +L /var/run - - - - ../run + +d /var/log 0755 - - - +f /var/log/wtmp 0664 root utmp - +f /var/log/btmp 0600 root utmp - + +d /var/cache 0755 - - - + +d /var/lib 0755 - - - + +d /var/spool 0755 - - - diff --git a/tmpfiles.d/x11.conf b/tmpfiles.d/x11.conf new file mode 100644 index 0000000000..4c96a54a13 --- /dev/null +++ b/tmpfiles.d/x11.conf @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Make sure these are created by default so that nobody else can +d /tmp/.X11-unix 1777 root root 10d +d /tmp/.ICE-unix 1777 root root 10d +d /tmp/.XIM-unix 1777 root root 10d +d /tmp/.font-unix 1777 root root 10d +d /tmp/.Test-unix 1777 root root 10d + +# Unlink the X11 lock files +r! /tmp/.X[0-9]*-lock |