We printed:
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/20-systemd-shell-extra.conf:10: Unknown modifiers in command 'L$'.
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:10: Unknown modifiers in command 'd$'.
systemd-tmpfiles[705]: /usr/lib/tmpfiles.d/systemd-network.conf:11: Unknown modifiers in command 'd$'.
...
There's a lot of additional characters here make the message harder to parse. We know
that the command is a word without any whitespace, so quoting isn't really necessary.
Change this to:
... unknown modifiers in command: L$
This allows a single tmpfiles snippet with lines to symlink directories
from /usr/share/factory to be shared across many different configurations
while making sure symlinks only get created if the source actually exists.
xdg_user_dirs() doesn't seem well-organized currently.
In all other xdg_user_*() funcs we assume /etc/xdg/systemd
to be a symlink to /etc/systemd/, hence it is the odd one out.
Also, when the relevant envvar is unset, it only returns
the global search dirs.
sd_path_lookup() actually covers this nicely with SD_PATH_SEARCH_*,
where the combined search paths (from user home and system) are used.
Therefore, let's introduce a wrapper for that, and deprecate xdg_user_dirs()
(would be removed in later commits).
Our variables for internal libraries are named 'libfoo' for the shared lib
variant, and 'libfoo_static' for the static lib variant. The only exception was
libbasic, because we didn't have a shared variant for it. But let's rename it
for consitency. This makes the build config easier to understand.
This adds %q, %A and %M specifiers to tmpfiles:
- %A and %M were previously added to tmpfiles.d man page, but not to specifier_table
- %q is added via COMMON_SYSTEM_SPECIFIERS
Mention in the warning message for a failed open on a to be removed file
why systemd-tmpfiles tried to open it.
Also open the file with the O_NOCTTY flag, since it should never become
the controlling terminal.
dangerous_hardlinks() -> hardlinks_protected(),
and the meaning of the function is now in line
with fs.protected_hardlinks value.
Plus, We ship 50-default.conf where the sysctl
is enabled. Mention it in the comment.
If the file was removed by some other program, we should just go
to the next one without failing. item_do() is only used for recursive
globs instead of fixed paths so skipping on missing files makes sense
(unlike if the path was fixed where we should probably fail).
Fixes#32691 (hopefully)
gcrypt is used only for journal sealing operations in libsystemd, so it
can be made into a dlopen dependency that is used only on demand. This
allows to reduce the footprint of libsystemd in the most common cases.
Keep systemd-pull and systemd-resolved with normal linking, as they are
executables, and usually built with OpenSSL support anyway.
Also, use the more correct type of 'const char* const*' for the input strv.
This requires adding the cast in a few places, but also allows to remove some
casts in others.
Follow-up for 26d98cdd78
I.e. stat() cannot be used here.
Also, before this commit, the 'X' is only applied if
the owner has execute bit set. Now it takes group and
other into consideration too. setfacl(1) also has
the same behavior.
let's make userspace verity signature checking optional. This adds a
dissection flag to enable the logic and patches through all our users to
enable it by default, thus effectively not changing anything from the
status quo ante. However, know we have a knob to turn this off in
certain scenarios.
The idea is simple: skip the final operation that creates or removes things
or changes the attributes, but otherwise go through the rest of the code.
This results in quite a lot of fairly repetitive conditions in the low-level
code. Another approach would be to print earlier, at a higher level, but then
we'd have less precise information about what is about to happen.
... i.e. apply nested config (exclusions and such) when executing R and D.
This fixes a long-standing RFE. The existing logic seems to have been an
accident of implementation. After all, if somebody specifies a config with
'R /foo; x /tmp/bar', then probably the goal is to remove stuff from under /foo,
but keep /tmp/bar. If they just wanted to nuke everything, then would not specify
the second item.
This also makes R and D use O_NOATIME, i.e. the access times of the directories
that are accessed will not be changed by the cleanup.
Obviously, we'll have to add this to NEWS and such.
Looking at the whole tmpfiles.d config in Fedora, this change has no effect.
The test cases are adjusted as appropriate. I also added another test case for
'R'/'D' with a file, just to test this code path more.
Replaces #20641.
Fixes#1633.
One of the three must always be specified, but they buried in a long list of
options in the output of --help. Make them more visible to draw the eye.
Also, drop "marked" from the description. It's supposed to mean "configured",
but it's a strange way to say that, and also it's generally obvious that the
program does what its configuration tells it to, and it's not going to remove
all files found on the system.
