summaryrefslogtreecommitdiff
path: root/tmpfiles.d
AgeCommit message (Collapse)Author
2017-02-07tmpfiles.d: set primary group rights to r-w (#5265)lewo
If the /var/log/journal directory is created with rigths 700, the application of an ACL rules without any primary group right sets it to 0. A chmod 755 on this file will then only set the ACL mask and let the ACL primary group right to 0. The directory is then unreadable for the primary group. This patch explicitly sets the primary group to avoid this problem. Fixes #5264.
2016-12-27tmpfiles: automatically remove old private tmp dirs after rebootLennart Poettering
Let's automatically destory per-unit private temporary directories, as they are created by PrivateTmp=yes on each boot, if we notice them to be around, in case they are left-overs from the last boot. Fixes: #4401
2016-07-11treewide: fix typos and remove accidental repetition of wordsTorstein Husebø
2016-06-21resolved: respond to local resolver requests on 127.0.0.53:53Lennart Poettering
In order to improve compatibility with local clients that speak DNS directly (and do not use NSS or our bus API) listen locally on 127.0.0.53:53 and process any queries made that way. Note that resolved does not implement a full DNS server on this port, but simply enough to allow normal, local clients to resolve RRs through resolved. Specifically it does not implement queries without the RD bit set (these are requests where recursive lookups are explicitly disabled), and neither queries with DNSSEC DO set in combination with DNSSEC CD (i.e. DNSSEC lookups with validation turned off). It also refuses zone transfers and obsolete RR types. All lookups done this way will be rejected with a clean error code, so that the client side can repeat the query with a reduced feature set. The code will set the DNSSEC AD flag however, depending on whether the data resolved has been validated (or comes from a local, trusted source). Lookups made via this mechanisms are propagated to LLMNR and mDNS as necessary, but this is only partially useful as DNS packets cannot carry IP scope data (i.e. the ifindex), and hence link-local addresses returned cannot be used properly (and given that LLMNR/mDNS are mostly about link-local communication this is quite a limitation). Also, given that DNS tends to use IDNA for non-ASCII names, while LLMNR/mDNS uses UTF-8 lookups cannot be mapped 1:1. In general this should improve compatibility with clients bypassing NSS but it is highly recommended for clients to instead use NSS or our native bus API. This patch also beefs up the DnsStream logic, as it reuses the code for local TCP listening. DnsStream now provides proper reference counting for its objects. In order to avoid feedback loops resolved will no silently ignore 127.0.0.53 specified as DNS server when reading configuration. resolved listens on 127.0.0.53:53 instead of 127.0.0.1:53 in order to leave the latter free for local, external DNS servers or forwarders. This also changes the "etc.conf" tmpfiles snippet to create a symlink from /etc/resolv.conf to /usr/lib/systemd/resolv.conf by default, thus making this stub the default mode of operation if /etc is not populated.
2016-05-03tmpfiles: don't set the x bit for volatile system journal when ACL support ↵Franck Bui
is enabled (#3079) When ACL support is enabled, systemd-tmpfiles-setup service sets the following ACL entries to the volatile system journal: $ getfacl /run/log/journal/*/system.journal getfacl: Removing leading '/' from absolute path names # file: run/log/journal/xxx/system.journal # owner: root # group: systemd-journal user::rwx group::r-- group:wheel:r-x group:adm:r-x mask::r-x other::--- This patch makes sure that the exec bit is not set anymore for the volatile system journals.
2016-05-01build-sys: allow references to adm group to be omitted (#3150)Franck Bui
2016-02-17build-sys: allow references to wheel group to be omittedZbigniew Jędrzejewski-Szmek
https://github.com/systemd/systemd/issues/2492
2016-02-01tmpfiles: drop /run/lock/lockdevMartin Pitt
Hardly any software uses that any more, and better locking mechanisms like flock() have been available for many years. Also drop the corresponding "lock" group from sysusers.d/basic.conf.in, as nothing else is using this.
2016-01-15journal-remote: change owner of /var/log/journal/remote and create ↵Yu Watanabe
/var/lib/systemd/journal-upload
2015-11-29tmpfiles: set acls on system.journal explicitlyZbigniew Jędrzejewski-Szmek
https://github.com/systemd/systemd/issues/1397
2015-11-29tmpfiles: also set acls on /var/log/journalZbigniew Jędrzejewski-Szmek
This way, directories created later for containers or for journald-remote, will be readable by adm & wheel groups by default, similarly to /var/log/journal/%m itself. https://github.com/systemd/systemd/issues/1971
2015-10-22tmpfiles.d: change all subvolumes to use quotaLennart Poettering
Let's make sure the subvolumes we create fit into a sensible definition of a quota tree.
2015-09-10smack: label /etc/mtab as "_" when '--with-smack-run-label' is enabled.Sangjung Woo
/etc/mtab should be labeled as "_", even though systemd has its own smack label using '--with-smack-run-label' configuration. This is mainly because all processes could read that file and the origin of this file (i.e. /proc/mounts) is labeled as "_". This labels /etc/mtab as "_" when '--with-smack-run-label' is enabled.
2015-07-09tmpfiles: don't recursively descend into journal directories in /varLennart Poettering
Do so only in /run. We shouldn't alter ACLs for existing files in /var, but only for new files. If the admin made changes to the ACLs they shouls stay in place. We should still do recursive ACL changes for files in /run, since those are not persistent, and will hence lack ACLs on every boot. Also, /var/log/journal might be quit large, /run/log/journal is usually not, hence we should avoid the recursive descending on /var, but not on /run. Fixes #534
2015-06-15tmpfiles: automatically remove old machine snapshots at bootLennart Poettering
Remove old temporary snapshots, but only at boot. Ideally we'd have "self-destroying" btrfs snapshots that go away if the last last reference to it does. To mimic a scheme like this at least remove the old snapshots on fresh boots, where we know they cannot be referenced anymore. Note that we actually remove all temporary files in /var/lib/machines/ at boot, which should be safe since the directory has defined semantics. In the root directory (where systemd-nspawn --ephemeral places snapshots) we are more strict, to avoid removing unrelated temporary files. This also splits out nspawn/container related tmpfiles bits into a new tmpfiles snippet to systemd-nspawn.conf
2015-06-01tmpfiles: Fix comment typoColin Guthrie
2015-05-21tmpfiles: create /etc/resolv.conf symlink only on bootZbigniew Jędrzejewski-Szmek
We will create the symlink on boot as a fallback to provide name resolution. But if the symlink was removed afterwards, it most likely should not be recreated. Creating it only on boot also solves the issue where it would be created prematurely during installation, before the system was actually booted. https://bugzilla.redhat.com/show_bug.cgi?id=1197204
2015-04-21tmpfiles: make /home and /var btrfs subvolumes by default when booted up ↵Lennart Poettering
with them missing This way the root subvolume can be left read-only easily, and variable and user data writable with explicit quota set.
2015-04-21tmpfiles: there's no systemd-forbid-user-logins.service serviceLennart Poettering
2015-04-13tmpfiles: Add +C attrib to the journal files directoriesGoffredo Baroncelli
Add the +C file attribute (NOCOW) to the journal directories, so that the flag is inherited automatically for new journal files created in them. The journal write pattern is problematic on btrfs file systems as it results in badly fragmented files when copy-on-write (COW) is used: the performances decreases substantially over time. To avoid this issue, this tmpfile.d snippet sets the NOCOW attribute to the journal files directories, so newly created journal files inherit the NCOOW attribute that disables copy-on-write. Be aware that the NOCOW file attribute also disables btrfs checksumming for these files, and thus prevents btrfs from rebuilding corrupted files on a RAID filesystem. In a single disk filesystems (or filesystems without redundancy) it is safe to use the NOCOW flags without drawbacks, since the journal files contain their own checksumming.
2015-03-03tmpfiles.d: only copy /etc/pam.d if PAM is presentRoss Burton
If HAVE_PAM isn't set then don't attempt to copy /etc/pam.d from the factory, as it doesn't get installed.
2015-02-02tmpfiles: Remove unnecessary blank line when configured with ↵Sangjung Woo
"--disable-resolved" This patch removes unnecessary blank line in /usr/lib/tmpfiles.d/etc.conf when configured with "--disable-resolved". (i.e. ENABLE_RESOLVED is not defined)
2015-01-22tmpfiles: use ACL magic on journal directoriesZbigniew Jędrzejewski-Szmek
2015-01-15nspawn,machined: change default container image location from ↵Lennart Poettering
/var/lib/container to /var/lib/machines Given that this is also the place to store raw disk images which are very much bootable with qemu/kvm it sounds like a misnomer to call the directory "container". Hence, let's change this sooner rather than later, and use the generic name, in particular since we otherwise try to use the generic "machine" preferably over the more specific "container" or "vm".
2014-12-28tmpfiles.d: upgrade a couple of directories we create at boot to subvolumesLennart Poettering
In particular we upgrade /var/lib/container, /var/tmp and /tmp to subvolumes.
2014-11-30build-sys: configure the list of system users, files and directoriesŁukasz Stelmach
Choose which system users defined in sysusers.d/systemd.conf and files or directories in tmpfiles.d/systemd.conf, should be provided depending on comile-time configuration.
2014-11-25tmpfiles.d: Fix directory nameMartin Pitt
The .service uses "/var/lib/container", not "containers".
2014-11-21tmpfiles.d: Create /var/lib/containersMartin Pitt
Create /var/lib/containers so that it exists with an appropriate mode. We want 0700 by default so that users on the host aren't able to call suid root binaries in the container. This becomes a security issue if a user can enter a container as root, create a suid root binary, and call that from the host. (This assumes that containers are caged by mandatory access control or are started as user).
2014-08-27tmpfiles: make resolv.conf entry conditional on resolved supportTom Gundersen
2014-07-29factory: install minimal PAM and nsswitch configKay Sievers
2014-07-15journal-remote: add units and read certs from default locationsZbigniew Jędrzejewski-Szmek
2014-06-30tmpfiles: explicitly set mode for /run/logLennart Poettering
2014-06-30tmpfiles: don't do automatic cleanup in $XDG_RUNTIME_DIRLennart Poettering
Now that logind will clean up all IPC resources of a user we should really consider $XDG_RUNTIME_DIR as just another kind of IPC with the same life-cycle logic as the other IPC resources. This should be safe now to do since every user gets his own $XDG_RUNTIME_DIR tmpfs instance with a fixed size limit, so that flooding of it will more effectively be averted.
2014-06-19tmpfiles: automatically clean up /var/lib/systemd/coredump after 3dLennart Poettering
2014-06-17tmpfiles: remove line for automatic clean-ups for /var/cache/man/Lennart Poettering
Management of /var/cache/man should move to the distribution package owning the directory (for example, man-db). As man pages are a non-essential part of the system and unnecessary for minimal setups, there's no point in having systemd ship these lines. Distribution packages should make sure the appropriate package for their distribution adopts this line. Ideally, the line is adopted by the upstream package. For Fedora I have filed this bug: https://bugzilla.redhat.com/show_bug.cgi?id=1110274
2014-06-16tmpfiles: add new "L+" command as stronger version of "L", that removes the ↵Lennart Poettering
destination before creating a symlink Also, make use of this for mtab as long as mount insists on creating it even if we invoke it with "-n".
2014-06-15tmpfiles: create /etc/resolv.conf as link to networkd's version, if it ↵Lennart Poettering
doesn't exist If /etc/resolv.conf doesn't exist it's better than nothing to make it point to networkd's version.
2014-06-13tmpfiles: always use relative symlinks from tmpfiles snippetsLennart Poettering
2014-06-13tmpfiles: add minimal tmpfiles snippet to rebuild the most essential stuff ↵Lennart Poettering
from /etc
2014-06-11tmpfiles: don't allow read access to journal files to users not in ↵Lennart Poettering
systemd-journal Also, don't apply access mode recursively to /var/log/journal/*/, since that might be quite large, and should be correct anyway.
2014-06-11tmpfiles: don't apply sgid and executable bit to journal files, only the ↵Lennart Poettering
directories they are contained in
2014-06-11tmpfiles: if /var is mounted from tmpfs, we should adjust its access modeLennart Poettering
2014-06-11tmpfiles: always recreate the most basic directory structure in /varLennart Poettering
Let's allow booting up with /var empty. Only create the most basic directories to get to a working directory structure and symlink set in /var.
2014-06-10tmpfiles: get rid of "m" lines, make them redundant by "z"Lennart Poettering
"m" so far has been a non-globbing version of "z". Since this makes it quite redundant, let's get rid of it. Remove "m" from the man pages, beef up "z" docs instead, and make "m" nothing more than a compatibility alias for "z".
2014-06-03networkd: split runtime config dir from state dirTom Gundersen
Configuration will be in root:root /run/systemd/network and state will be in systemd-network:systemd-network /run/systemd/netif This matches what we do for logind's seat/session state.
2014-06-02tmpfiles: systemd.conf - fix ownership of network directoriesTom Gundersen
2014-05-22timesyncd: order after tmpfiles to get a working network monitorKay Sievers
2014-05-16network: always create /run/systemd/network/linksLennart Poettering
This ways the networkd client library should work even if networkd is not running. http://lists.freedesktop.org/archives/systemd-devel/2014-May/019242.html
2014-04-17tmpfiles: fix permissions on new journal filesGreg KH
When starting up journald on a new system, set the proper permissions on the system.journal files, not only on the journal directory.
2013-12-24tmpfiles: introduce the concept of unsafe operationsZbigniew Jędrzejewski-Szmek
Various operations done by systemd-tmpfiles may only be safely done at boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin). Other operations may be done at any point in time (e.g. setting the ownership on /{run,var}/log/journal). This distinction is largely orthogonal to the type of operation. A new switch --unsafe is added, and operations which should only be executed during bootup are marked with an exclamation mark in the configuration files. systemd-tmpfiles.service is modified to use this switch, and guards are added so it is hard to re-start it by mistake. If we install a new version of systemd, we actually want to enforce some changes to tmpfiles configuration immediately. This should now be possible to do safely, so distribution packages can be modified to execute the "safe" subset at package installation time. /run/nologin creation is split out into a separate service, to make it easy to override. https://bugzilla.redhat.com/show_bug.cgi?id=1043212 https://bugzilla.redhat.com/show_bug.cgi?id=1045849