]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/tmpfiles/tmpfiles.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util-lib: move string table stuff into its own string-table.[ch]
[thirdparty/systemd.git] / src / tmpfiles / tmpfiles.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering, Kay Sievers
7 Copyright 2015 Zbigniew Jędrzejewski-Szmek
8
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
13
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 ***/
22
23 #include <dirent.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <fnmatch.h>
27 #include <getopt.h>
28 #include <glob.h>
29 #include <limits.h>
30 #include <linux/fs.h>
31 #include <stdbool.h>
32 #include <stddef.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <sys/stat.h>
37 #include <sys/xattr.h>
38 #include <time.h>
39 #include <unistd.h>
40
41 #include "acl-util.h"
42 #include "btrfs-util.h"
43 #include "capability.h"
44 #include "chattr-util.h"
45 #include "conf-files.h"
46 #include "copy.h"
47 #include "escape.h"
48 #include "fd-util.h"
49 #include "fileio.h"
50 #include "formats-util.h"
51 #include "fs-util.h"
52 #include "io-util.h"
53 #include "label.h"
54 #include "log.h"
55 #include "macro.h"
56 #include "missing.h"
57 #include "mkdir.h"
58 #include "parse-util.h"
59 #include "path-util.h"
60 #include "rm-rf.h"
61 #include "selinux-util.h"
62 #include "set.h"
63 #include "specifier.h"
64 #include "stat-util.h"
65 #include "string-table.h"
66 #include "string-util.h"
67 #include "strv.h"
68 #include "user-util.h"
69 #include "util.h"
70
71 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
72 * them in the file system. This is intended to be used to create
73 * properly owned directories beneath /tmp, /var/tmp, /run, which are
74 * volatile and hence need to be recreated on bootup. */
75
76 typedef enum ItemType {
77 /* These ones take file names */
78 CREATE_FILE = 'f',
79 TRUNCATE_FILE = 'F',
80 CREATE_DIRECTORY = 'd',
81 TRUNCATE_DIRECTORY = 'D',
82 CREATE_SUBVOLUME = 'v',
83 CREATE_SUBVOLUME_INHERIT_QUOTA = 'q',
84 CREATE_SUBVOLUME_NEW_QUOTA = 'Q',
85 CREATE_FIFO = 'p',
86 CREATE_SYMLINK = 'L',
87 CREATE_CHAR_DEVICE = 'c',
88 CREATE_BLOCK_DEVICE = 'b',
89 COPY_FILES = 'C',
90
91 /* These ones take globs */
92 WRITE_FILE = 'w',
93 SET_XATTR = 't',
94 RECURSIVE_SET_XATTR = 'T',
95 SET_ACL = 'a',
96 RECURSIVE_SET_ACL = 'A',
97 SET_ATTRIBUTE = 'h',
98 RECURSIVE_SET_ATTRIBUTE = 'H',
99 IGNORE_PATH = 'x',
100 IGNORE_DIRECTORY_PATH = 'X',
101 REMOVE_PATH = 'r',
102 RECURSIVE_REMOVE_PATH = 'R',
103 RELABEL_PATH = 'z',
104 RECURSIVE_RELABEL_PATH = 'Z',
105 ADJUST_MODE = 'm', /* legacy, 'z' is identical to this */
106 } ItemType;
107
108 typedef struct Item {
109 ItemType type;
110
111 char *path;
112 char *argument;
113 char **xattrs;
114 #ifdef HAVE_ACL
115 acl_t acl_access;
116 acl_t acl_default;
117 #endif
118 uid_t uid;
119 gid_t gid;
120 mode_t mode;
121 usec_t age;
122
123 dev_t major_minor;
124 unsigned attribute_value;
125 unsigned attribute_mask;
126
127 bool uid_set:1;
128 bool gid_set:1;
129 bool mode_set:1;
130 bool age_set:1;
131 bool mask_perms:1;
132 bool attribute_set:1;
133
134 bool keep_first_level:1;
135
136 bool force:1;
137
138 bool done:1;
139 } Item;
140
141 typedef struct ItemArray {
142 Item *items;
143 size_t count;
144 size_t size;
145 } ItemArray;
146
147 static bool arg_create = false;
148 static bool arg_clean = false;
149 static bool arg_remove = false;
150 static bool arg_boot = false;
151
152 static char **arg_include_prefixes = NULL;
153 static char **arg_exclude_prefixes = NULL;
154 static char *arg_root = NULL;
155
156 static const char conf_file_dirs[] = CONF_DIRS_NULSTR("tmpfiles");
157
158 #define MAX_DEPTH 256
159
160 static OrderedHashmap *items = NULL, *globs = NULL;
161 static Set *unix_sockets = NULL;
162
163 static const Specifier specifier_table[] = {
164 { 'm', specifier_machine_id, NULL },
165 { 'b', specifier_boot_id, NULL },
166 { 'H', specifier_host_name, NULL },
167 { 'v', specifier_kernel_release, NULL },
168 {}
169 };
170
171 static bool needs_glob(ItemType t) {
172 return IN_SET(t,
173 WRITE_FILE,
174 IGNORE_PATH,
175 IGNORE_DIRECTORY_PATH,
176 REMOVE_PATH,
177 RECURSIVE_REMOVE_PATH,
178 ADJUST_MODE,
179 RELABEL_PATH,
180 RECURSIVE_RELABEL_PATH,
181 SET_XATTR,
182 RECURSIVE_SET_XATTR,
183 SET_ACL,
184 RECURSIVE_SET_ACL,
185 SET_ATTRIBUTE,
186 RECURSIVE_SET_ATTRIBUTE);
187 }
188
189 static bool takes_ownership(ItemType t) {
190 return IN_SET(t,
191 CREATE_FILE,
192 TRUNCATE_FILE,
193 CREATE_DIRECTORY,
194 TRUNCATE_DIRECTORY,
195 CREATE_SUBVOLUME,
196 CREATE_SUBVOLUME_INHERIT_QUOTA,
197 CREATE_SUBVOLUME_NEW_QUOTA,
198 CREATE_FIFO,
199 CREATE_SYMLINK,
200 CREATE_CHAR_DEVICE,
201 CREATE_BLOCK_DEVICE,
202 COPY_FILES,
203 WRITE_FILE,
204 IGNORE_PATH,
205 IGNORE_DIRECTORY_PATH,
206 REMOVE_PATH,
207 RECURSIVE_REMOVE_PATH);
208 }
209
210 static struct Item* find_glob(OrderedHashmap *h, const char *match) {
211 ItemArray *j;
212 Iterator i;
213
214 ORDERED_HASHMAP_FOREACH(j, h, i) {
215 unsigned n;
216
217 for (n = 0; n < j->count; n++) {
218 Item *item = j->items + n;
219
220 if (fnmatch(item->path, match, FNM_PATHNAME|FNM_PERIOD) == 0)
221 return item;
222 }
223 }
224
225 return NULL;
226 }
227
228 static void load_unix_sockets(void) {
229 _cleanup_fclose_ FILE *f = NULL;
230 char line[LINE_MAX];
231
232 if (unix_sockets)
233 return;
234
235 /* We maintain a cache of the sockets we found in
236 * /proc/net/unix to speed things up a little. */
237
238 unix_sockets = set_new(&string_hash_ops);
239 if (!unix_sockets)
240 return;
241
242 f = fopen("/proc/net/unix", "re");
243 if (!f)
244 return;
245
246 /* Skip header */
247 if (!fgets(line, sizeof(line), f))
248 goto fail;
249
250 for (;;) {
251 char *p, *s;
252 int k;
253
254 if (!fgets(line, sizeof(line), f))
255 break;
256
257 truncate_nl(line);
258
259 p = strchr(line, ':');
260 if (!p)
261 continue;
262
263 if (strlen(p) < 37)
264 continue;
265
266 p += 37;
267 p += strspn(p, WHITESPACE);
268 p += strcspn(p, WHITESPACE); /* skip one more word */
269 p += strspn(p, WHITESPACE);
270
271 if (*p != '/')
272 continue;
273
274 s = strdup(p);
275 if (!s)
276 goto fail;
277
278 path_kill_slashes(s);
279
280 k = set_consume(unix_sockets, s);
281 if (k < 0 && k != -EEXIST)
282 goto fail;
283 }
284
285 return;
286
287 fail:
288 set_free_free(unix_sockets);
289 unix_sockets = NULL;
290 }
291
292 static bool unix_socket_alive(const char *fn) {
293 assert(fn);
294
295 load_unix_sockets();
296
297 if (unix_sockets)
298 return !!set_get(unix_sockets, (char*) fn);
299
300 /* We don't know, so assume yes */
301 return true;
302 }
303
304 static int dir_is_mount_point(DIR *d, const char *subdir) {
305
306 union file_handle_union h = FILE_HANDLE_INIT;
307 int mount_id_parent, mount_id;
308 int r_p, r;
309
310 r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0);
311 if (r_p < 0)
312 r_p = -errno;
313
314 h.handle.handle_bytes = MAX_HANDLE_SZ;
315 r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0);
316 if (r < 0)
317 r = -errno;
318
319 /* got no handle; make no assumptions, return error */
320 if (r_p < 0 && r < 0)
321 return r_p;
322
323 /* got both handles; if they differ, it is a mount point */
324 if (r_p >= 0 && r >= 0)
325 return mount_id_parent != mount_id;
326
327 /* got only one handle; assume different mount points if one
328 * of both queries was not supported by the filesystem */
329 if (r_p == -ENOSYS || r_p == -EOPNOTSUPP || r == -ENOSYS || r == -EOPNOTSUPP)
330 return true;
331
332 /* return error */
333 if (r_p < 0)
334 return r_p;
335 return r;
336 }
337
338 static DIR* xopendirat_nomod(int dirfd, const char *path) {
339 DIR *dir;
340
341 dir = xopendirat(dirfd, path, O_NOFOLLOW|O_NOATIME);
342 if (dir)
343 return dir;
344
345 log_debug_errno(errno, "Cannot open %sdirectory \"%s\": %m", dirfd == AT_FDCWD ? "" : "sub", path);
346 if (errno != EPERM)
347 return NULL;
348
349 dir = xopendirat(dirfd, path, O_NOFOLLOW);
350 if (!dir)
351 log_debug_errno(errno, "Cannot open %sdirectory \"%s\": %m", dirfd == AT_FDCWD ? "" : "sub", path);
352
353 return dir;
354 }
355
356 static DIR* opendir_nomod(const char *path) {
357 return xopendirat_nomod(AT_FDCWD, path);
358 }
359
360 static int dir_cleanup(
361 Item *i,
362 const char *p,
363 DIR *d,
364 const struct stat *ds,
365 usec_t cutoff,
366 dev_t rootdev,
367 bool mountpoint,
368 int maxdepth,
369 bool keep_this_level) {
370
371 struct dirent *dent;
372 struct timespec times[2];
373 bool deleted = false;
374 int r = 0;
375
376 while ((dent = readdir(d))) {
377 struct stat s;
378 usec_t age;
379 _cleanup_free_ char *sub_path = NULL;
380
381 if (STR_IN_SET(dent->d_name, ".", ".."))
382 continue;
383
384 if (fstatat(dirfd(d), dent->d_name, &s, AT_SYMLINK_NOFOLLOW) < 0) {
385 if (errno == ENOENT)
386 continue;
387
388 /* FUSE, NFS mounts, SELinux might return EACCES */
389 if (errno == EACCES)
390 log_debug_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
391 else
392 log_error_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
393 r = -errno;
394 continue;
395 }
396
397 /* Stay on the same filesystem */
398 if (s.st_dev != rootdev) {
399 log_debug("Ignoring \"%s/%s\": different filesystem.", p, dent->d_name);
400 continue;
401 }
402
403 /* Try to detect bind mounts of the same filesystem instance; they
404 * do not differ in device major/minors. This type of query is not
405 * supported on all kernels or filesystem types though. */
406 if (S_ISDIR(s.st_mode) && dir_is_mount_point(d, dent->d_name) > 0) {
407 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
408 p, dent->d_name);
409 continue;
410 }
411
412 /* Do not delete read-only files owned by root */
413 if (s.st_uid == 0 && !(s.st_mode & S_IWUSR)) {
414 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p, dent->d_name);
415 continue;
416 }
417
418 sub_path = strjoin(p, "/", dent->d_name, NULL);
419 if (!sub_path) {
420 r = log_oom();
421 goto finish;
422 }
423
424 /* Is there an item configured for this path? */
425 if (ordered_hashmap_get(items, sub_path)) {
426 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path);
427 continue;
428 }
429
430 if (find_glob(globs, sub_path)) {
431 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path);
432 continue;
433 }
434
435 if (S_ISDIR(s.st_mode)) {
436
437 if (mountpoint &&
438 streq(dent->d_name, "lost+found") &&
439 s.st_uid == 0) {
440 log_debug("Ignoring \"%s\".", sub_path);
441 continue;
442 }
443
444 if (maxdepth <= 0)
445 log_warning("Reached max depth on \"%s\".", sub_path);
446 else {
447 _cleanup_closedir_ DIR *sub_dir;
448 int q;
449
450 sub_dir = xopendirat_nomod(dirfd(d), dent->d_name);
451 if (!sub_dir) {
452 if (errno != ENOENT)
453 r = log_error_errno(errno, "opendir(%s) failed: %m", sub_path);
454
455 continue;
456 }
457
458 q = dir_cleanup(i, sub_path, sub_dir, &s, cutoff, rootdev, false, maxdepth-1, false);
459 if (q < 0)
460 r = q;
461 }
462
463 /* Note: if you are wondering why we don't
464 * support the sticky bit for excluding
465 * directories from cleaning like we do it for
466 * other file system objects: well, the sticky
467 * bit already has a meaning for directories,
468 * so we don't want to overload that. */
469
470 if (keep_this_level) {
471 log_debug("Keeping \"%s\".", sub_path);
472 continue;
473 }
474
475 /* Ignore ctime, we change it when deleting */
476 age = timespec_load(&s.st_mtim);
477 if (age >= cutoff) {
478 char a[FORMAT_TIMESTAMP_MAX];
479 /* Follows spelling in stat(1). */
480 log_debug("Directory \"%s\": modify time %s is too new.",
481 sub_path,
482 format_timestamp_us(a, sizeof(a), age));
483 continue;
484 }
485
486 age = timespec_load(&s.st_atim);
487 if (age >= cutoff) {
488 char a[FORMAT_TIMESTAMP_MAX];
489 log_debug("Directory \"%s\": access time %s is too new.",
490 sub_path,
491 format_timestamp_us(a, sizeof(a), age));
492 continue;
493 }
494
495 log_debug("Removing directory \"%s\".", sub_path);
496 if (unlinkat(dirfd(d), dent->d_name, AT_REMOVEDIR) < 0)
497 if (errno != ENOENT && errno != ENOTEMPTY) {
498 log_error_errno(errno, "rmdir(%s): %m", sub_path);
499 r = -errno;
500 }
501
502 } else {
503 /* Skip files for which the sticky bit is
504 * set. These are semantics we define, and are
505 * unknown elsewhere. See XDG_RUNTIME_DIR
506 * specification for details. */
507 if (s.st_mode & S_ISVTX) {
508 log_debug("Skipping \"%s\": sticky bit set.", sub_path);
509 continue;
510 }
511
512 if (mountpoint && S_ISREG(s.st_mode))
513 if (s.st_uid == 0 && STR_IN_SET(dent->d_name,
514 ".journal",
515 "aquota.user",
516 "aquota.group")) {
517 log_debug("Skipping \"%s\".", sub_path);
518 continue;
519 }
520
521 /* Ignore sockets that are listed in /proc/net/unix */
522 if (S_ISSOCK(s.st_mode) && unix_socket_alive(sub_path)) {
523 log_debug("Skipping \"%s\": live socket.", sub_path);
524 continue;
525 }
526
527 /* Ignore device nodes */
528 if (S_ISCHR(s.st_mode) || S_ISBLK(s.st_mode)) {
529 log_debug("Skipping \"%s\": a device.", sub_path);
530 continue;
531 }
532
533 /* Keep files on this level around if this is
534 * requested */
535 if (keep_this_level) {
536 log_debug("Keeping \"%s\".", sub_path);
537 continue;
538 }
539
540 age = timespec_load(&s.st_mtim);
541 if (age >= cutoff) {
542 char a[FORMAT_TIMESTAMP_MAX];
543 /* Follows spelling in stat(1). */
544 log_debug("File \"%s\": modify time %s is too new.",
545 sub_path,
546 format_timestamp_us(a, sizeof(a), age));
547 continue;
548 }
549
550 age = timespec_load(&s.st_atim);
551 if (age >= cutoff) {
552 char a[FORMAT_TIMESTAMP_MAX];
553 log_debug("File \"%s\": access time %s is too new.",
554 sub_path,
555 format_timestamp_us(a, sizeof(a), age));
556 continue;
557 }
558
559 age = timespec_load(&s.st_ctim);
560 if (age >= cutoff) {
561 char a[FORMAT_TIMESTAMP_MAX];
562 log_debug("File \"%s\": change time %s is too new.",
563 sub_path,
564 format_timestamp_us(a, sizeof(a), age));
565 continue;
566 }
567
568 log_debug("unlink \"%s\"", sub_path);
569
570 if (unlinkat(dirfd(d), dent->d_name, 0) < 0)
571 if (errno != ENOENT)
572 r = log_error_errno(errno, "unlink(%s): %m", sub_path);
573
574 deleted = true;
575 }
576 }
577
578 finish:
579 if (deleted) {
580 usec_t age1, age2;
581 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
582
583 /* Restore original directory timestamps */
584 times[0] = ds->st_atim;
585 times[1] = ds->st_mtim;
586
587 age1 = timespec_load(&ds->st_atim);
588 age2 = timespec_load(&ds->st_mtim);
589 log_debug("Restoring access and modification time on \"%s\": %s, %s",
590 p,
591 format_timestamp_us(a, sizeof(a), age1),
592 format_timestamp_us(b, sizeof(b), age2));
593 if (futimens(dirfd(d), times) < 0)
594 log_error_errno(errno, "utimensat(%s): %m", p);
595 }
596
597 return r;
598 }
599
600 static int path_set_perms(Item *i, const char *path) {
601 _cleanup_close_ int fd = -1;
602 struct stat st;
603
604 assert(i);
605 assert(path);
606
607 /* We open the file with O_PATH here, to make the operation
608 * somewhat atomic. Also there's unfortunately no fchmodat()
609 * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via
610 * O_PATH. */
611
612 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|O_NOATIME);
613 if (fd < 0)
614 return log_error_errno(errno, "Adjusting owner and mode for %s failed: %m", path);
615
616 if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
617 return log_error_errno(errno, "Failed to fstat() file %s: %m", path);
618
619 if (S_ISLNK(st.st_mode))
620 log_debug("Skipping mode an owner fix for symlink %s.", path);
621 else {
622 char fn[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
623 xsprintf(fn, "/proc/self/fd/%i", fd);
624
625 /* not using i->path directly because it may be a glob */
626 if (i->mode_set) {
627 mode_t m = i->mode;
628
629 if (i->mask_perms) {
630 if (!(st.st_mode & 0111))
631 m &= ~0111;
632 if (!(st.st_mode & 0222))
633 m &= ~0222;
634 if (!(st.st_mode & 0444))
635 m &= ~0444;
636 if (!S_ISDIR(st.st_mode))
637 m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */
638 }
639
640 if (m == (st.st_mode & 07777))
641 log_debug("\"%s\" has right mode %o", path, st.st_mode);
642 else {
643 log_debug("chmod \"%s\" to mode %o", path, m);
644 if (chmod(fn, m) < 0)
645 return log_error_errno(errno, "chmod(%s) failed: %m", path);
646 }
647 }
648
649 if ((i->uid != st.st_uid || i->gid != st.st_gid) &&
650 (i->uid_set || i->gid_set)) {
651 log_debug("chown \"%s\" to "UID_FMT"."GID_FMT,
652 path,
653 i->uid_set ? i->uid : UID_INVALID,
654 i->gid_set ? i->gid : GID_INVALID);
655 if (chown(fn,
656 i->uid_set ? i->uid : UID_INVALID,
657 i->gid_set ? i->gid : GID_INVALID) < 0)
658 return log_error_errno(errno, "chown(%s) failed: %m", path);
659 }
660 }
661
662 fd = safe_close(fd);
663
664 return label_fix(path, false, false);
665 }
666
667 static int parse_xattrs_from_arg(Item *i) {
668 const char *p;
669 int r;
670
671 assert(i);
672 assert(i->argument);
673
674 p = i->argument;
675
676 for (;;) {
677 _cleanup_free_ char *name = NULL, *value = NULL, *xattr = NULL, *xattr_replaced = NULL;
678
679 r = extract_first_word(&p, &xattr, NULL, EXTRACT_QUOTES|EXTRACT_CUNESCAPE);
680 if (r < 0)
681 log_warning_errno(r, "Failed to parse extended attribute '%s', ignoring: %m", p);
682 if (r <= 0)
683 break;
684
685 r = specifier_printf(xattr, specifier_table, NULL, &xattr_replaced);
686 if (r < 0)
687 return log_error_errno(r, "Failed to replace specifiers in extended attribute '%s': %m", xattr);
688
689 r = split_pair(xattr_replaced, "=", &name, &value);
690 if (r < 0) {
691 log_warning_errno(r, "Failed to parse extended attribute, ignoring: %s", xattr);
692 continue;
693 }
694
695 if (isempty(name) || isempty(value)) {
696 log_warning("Malformed extended attribute found, ignoring: %s", xattr);
697 continue;
698 }
699
700 if (strv_push_pair(&i->xattrs, name, value) < 0)
701 return log_oom();
702
703 name = value = NULL;
704 }
705
706 return 0;
707 }
708
709 static int path_set_xattrs(Item *i, const char *path) {
710 char **name, **value;
711
712 assert(i);
713 assert(path);
714
715 STRV_FOREACH_PAIR(name, value, i->xattrs) {
716 int n;
717
718 n = strlen(*value);
719 log_debug("Setting extended attribute '%s=%s' on %s.", *name, *value, path);
720 if (lsetxattr(path, *name, *value, n, 0) < 0) {
721 log_error("Setting extended attribute %s=%s on %s failed: %m", *name, *value, path);
722 return -errno;
723 }
724 }
725 return 0;
726 }
727
728 static int parse_acls_from_arg(Item *item) {
729 #ifdef HAVE_ACL
730 int r;
731
732 assert(item);
733
734 /* If force (= modify) is set, we will not modify the acl
735 * afterwards, so the mask can be added now if necessary. */
736
737 r = parse_acl(item->argument, &item->acl_access, &item->acl_default, !item->force);
738 if (r < 0)
739 log_warning_errno(r, "Failed to parse ACL \"%s\": %m. Ignoring", item->argument);
740 #else
741 log_warning_errno(ENOSYS, "ACLs are not supported. Ignoring");
742 #endif
743
744 return 0;
745 }
746
747 #ifdef HAVE_ACL
748 static int path_set_acl(const char *path, const char *pretty, acl_type_t type, acl_t acl, bool modify) {
749 _cleanup_(acl_free_charpp) char *t = NULL;
750 _cleanup_(acl_freep) acl_t dup = NULL;
751 int r;
752
753 /* Returns 0 for success, positive error if already warned,
754 * negative error otherwise. */
755
756 if (modify) {
757 r = acls_for_file(path, type, acl, &dup);
758 if (r < 0)
759 return r;
760
761 r = calc_acl_mask_if_needed(&dup);
762 if (r < 0)
763 return r;
764 } else {
765 dup = acl_dup(acl);
766 if (!dup)
767 return -errno;
768
769 /* the mask was already added earlier if needed */
770 }
771
772 r = add_base_acls_if_needed(&dup, path);
773 if (r < 0)
774 return r;
775
776 t = acl_to_any_text(dup, NULL, ',', TEXT_ABBREVIATE);
777 log_debug("Setting %s ACL %s on %s.",
778 type == ACL_TYPE_ACCESS ? "access" : "default",
779 strna(t), pretty);
780
781 r = acl_set_file(path, type, dup);
782 if (r < 0)
783 /* Return positive to indicate we already warned */
784 return -log_error_errno(errno,
785 "Setting %s ACL \"%s\" on %s failed: %m",
786 type == ACL_TYPE_ACCESS ? "access" : "default",
787 strna(t), pretty);
788
789 return 0;
790 }
791 #endif
792
793 static int path_set_acls(Item *item, const char *path) {
794 int r = 0;
795 #ifdef HAVE_ACL
796 char fn[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
797 _cleanup_close_ int fd = -1;
798 struct stat st;
799
800 assert(item);
801 assert(path);
802
803 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|O_NOATIME);
804 if (fd < 0)
805 return log_error_errno(errno, "Adjusting ACL of %s failed: %m", path);
806
807 if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
808 return log_error_errno(errno, "Failed to fstat() file %s: %m", path);
809
810 if (S_ISLNK(st.st_mode)) {
811 log_debug("Skipping ACL fix for symlink %s.", path);
812 return 0;
813 }
814
815 xsprintf(fn, "/proc/self/fd/%i", fd);
816
817 if (item->acl_access)
818 r = path_set_acl(fn, path, ACL_TYPE_ACCESS, item->acl_access, item->force);
819
820 if (r == 0 && item->acl_default)
821 r = path_set_acl(fn, path, ACL_TYPE_DEFAULT, item->acl_default, item->force);
822
823 if (r > 0)
824 return -r; /* already warned */
825 else if (r == -EOPNOTSUPP) {
826 log_debug_errno(r, "ACLs not supported by file system at %s", path);
827 return 0;
828 } else if (r < 0)
829 log_error_errno(r, "ACL operation on \"%s\" failed: %m", path);
830 #endif
831 return r;
832 }
833
834 #define ATTRIBUTES_ALL \
835 (FS_NOATIME_FL | \
836 FS_SYNC_FL | \
837 FS_DIRSYNC_FL | \
838 FS_APPEND_FL | \
839 FS_COMPR_FL | \
840 FS_NODUMP_FL | \
841 FS_EXTENT_FL | \
842 FS_IMMUTABLE_FL | \
843 FS_JOURNAL_DATA_FL | \
844 FS_SECRM_FL | \
845 FS_UNRM_FL | \
846 FS_NOTAIL_FL | \
847 FS_TOPDIR_FL | \
848 FS_NOCOW_FL)
849
850 static int parse_attribute_from_arg(Item *item) {
851
852 static const struct {
853 char character;
854 unsigned value;
855 } attributes[] = {
856 { 'A', FS_NOATIME_FL }, /* do not update atime */
857 { 'S', FS_SYNC_FL }, /* Synchronous updates */
858 { 'D', FS_DIRSYNC_FL }, /* dirsync behaviour (directories only) */
859 { 'a', FS_APPEND_FL }, /* writes to file may only append */
860 { 'c', FS_COMPR_FL }, /* Compress file */
861 { 'd', FS_NODUMP_FL }, /* do not dump file */
862 { 'e', FS_EXTENT_FL }, /* Top of directory hierarchies*/
863 { 'i', FS_IMMUTABLE_FL }, /* Immutable file */
864 { 'j', FS_JOURNAL_DATA_FL }, /* Reserved for ext3 */
865 { 's', FS_SECRM_FL }, /* Secure deletion */
866 { 'u', FS_UNRM_FL }, /* Undelete */
867 { 't', FS_NOTAIL_FL }, /* file tail should not be merged */
868 { 'T', FS_TOPDIR_FL }, /* Top of directory hierarchies*/
869 { 'C', FS_NOCOW_FL }, /* Do not cow file */
870 };
871
872 enum {
873 MODE_ADD,
874 MODE_DEL,
875 MODE_SET
876 } mode = MODE_ADD;
877
878 unsigned value = 0, mask = 0;
879 const char *p;
880
881 assert(item);
882
883 p = item->argument;
884 if (p) {
885 if (*p == '+') {
886 mode = MODE_ADD;
887 p++;
888 } else if (*p == '-') {
889 mode = MODE_DEL;
890 p++;
891 } else if (*p == '=') {
892 mode = MODE_SET;
893 p++;
894 }
895 }
896
897 if (isempty(p) && mode != MODE_SET) {
898 log_error("Setting file attribute on '%s' needs an attribute specification.", item->path);
899 return -EINVAL;
900 }
901
902 for (; p && *p ; p++) {
903 unsigned i, v;
904
905 for (i = 0; i < ELEMENTSOF(attributes); i++)
906 if (*p == attributes[i].character)
907 break;
908
909 if (i >= ELEMENTSOF(attributes)) {
910 log_error("Unknown file attribute '%c' on '%s'.", *p, item->path);
911 return -EINVAL;
912 }
913
914 v = attributes[i].value;
915
916 if (mode == MODE_ADD || mode == MODE_SET)
917 value |= v;
918 else
919 value &= ~v;
920
921 mask |= v;
922 }
923
924 if (mode == MODE_SET)
925 mask |= ATTRIBUTES_ALL;
926
927 assert(mask != 0);
928
929 item->attribute_mask = mask;
930 item->attribute_value = value;
931 item->attribute_set = true;
932
933 return 0;
934 }
935
936 static int path_set_attribute(Item *item, const char *path) {
937 _cleanup_close_ int fd = -1;
938 struct stat st;
939 unsigned f;
940 int r;
941
942 if (!item->attribute_set || item->attribute_mask == 0)
943 return 0;
944
945 fd = open(path, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOATIME|O_NOFOLLOW);
946 if (fd < 0) {
947 if (errno == ELOOP)
948 return log_error_errno(errno, "Skipping file attributes adjustment on symlink %s.", path);
949
950 return log_error_errno(errno, "Cannot open '%s': %m", path);
951 }
952
953 if (fstat(fd, &st) < 0)
954 return log_error_errno(errno, "Cannot stat '%s': %m", path);
955
956 /* Issuing the file attribute ioctls on device nodes is not
957 * safe, as that will be delivered to the drivers, not the
958 * file system containing the device node. */
959 if (!S_ISREG(st.st_mode) && !S_ISDIR(st.st_mode)) {
960 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path);
961 return -EINVAL;
962 }
963
964 f = item->attribute_value & item->attribute_mask;
965
966 /* Mask away directory-specific flags */
967 if (!S_ISDIR(st.st_mode))
968 f &= ~FS_DIRSYNC_FL;
969
970 r = chattr_fd(fd, f, item->attribute_mask);
971 if (r < 0)
972 log_full_errno(r == -ENOTTY ? LOG_DEBUG : LOG_WARNING,
973 r,
974 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
975 path, item->attribute_value, item->attribute_mask);
976
977 return 0;
978 }
979
980 static int write_one_file(Item *i, const char *path) {
981 _cleanup_close_ int fd = -1;
982 int flags, r = 0;
983 struct stat st;
984
985 assert(i);
986 assert(path);
987
988 flags = i->type == CREATE_FILE ? O_CREAT|O_APPEND|O_NOFOLLOW :
989 i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC|O_NOFOLLOW : 0;
990
991 RUN_WITH_UMASK(0000) {
992 mac_selinux_create_file_prepare(path, S_IFREG);
993 fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode);
994 mac_selinux_create_file_clear();
995 }
996
997 if (fd < 0) {
998 if (i->type == WRITE_FILE && errno == ENOENT) {
999 log_debug_errno(errno, "Not writing \"%s\": %m", path);
1000 return 0;
1001 }
1002
1003 r = -errno;
1004 if (!i->argument && errno == EROFS && stat(path, &st) == 0 &&
1005 (i->type == CREATE_FILE || st.st_size == 0))
1006 goto check_mode;
1007
1008 return log_error_errno(r, "Failed to create file %s: %m", path);
1009 }
1010
1011 if (i->argument) {
1012 _cleanup_free_ char *unescaped = NULL, *replaced = NULL;
1013
1014 log_debug("%s to \"%s\".", i->type == CREATE_FILE ? "Appending" : "Writing", path);
1015
1016 r = cunescape(i->argument, 0, &unescaped);
1017 if (r < 0)
1018 return log_error_errno(r, "Failed to unescape parameter to write: %s", i->argument);
1019
1020 r = specifier_printf(unescaped, specifier_table, NULL, &replaced);
1021 if (r < 0)
1022 return log_error_errno(r, "Failed to replace specifiers in parameter to write '%s': %m", unescaped);
1023
1024 r = loop_write(fd, replaced, strlen(replaced), false);
1025 if (r < 0)
1026 return log_error_errno(r, "Failed to write file \"%s\": %m", path);
1027 } else
1028 log_debug("\"%s\" has been created.", path);
1029
1030 fd = safe_close(fd);
1031
1032 if (stat(path, &st) < 0)
1033 return log_error_errno(errno, "stat(%s) failed: %m", path);
1034
1035 check_mode:
1036 if (!S_ISREG(st.st_mode)) {
1037 log_error("%s is not a file.", path);
1038 return -EEXIST;
1039 }
1040
1041 r = path_set_perms(i, path);
1042 if (r < 0)
1043 return r;
1044
1045 return 0;
1046 }
1047
1048 typedef int (*action_t)(Item *, const char *);
1049
1050 static int item_do_children(Item *i, const char *path, action_t action) {
1051 _cleanup_closedir_ DIR *d;
1052 int r = 0;
1053
1054 assert(i);
1055 assert(path);
1056
1057 /* This returns the first error we run into, but nevertheless
1058 * tries to go on */
1059
1060 d = opendir_nomod(path);
1061 if (!d)
1062 return errno == ENOENT || errno == ENOTDIR ? 0 : -errno;
1063
1064 for (;;) {
1065 _cleanup_free_ char *p = NULL;
1066 struct dirent *de;
1067 int q;
1068
1069 errno = 0;
1070 de = readdir(d);
1071 if (!de) {
1072 if (errno != 0 && r == 0)
1073 r = -errno;
1074
1075 break;
1076 }
1077
1078 if (STR_IN_SET(de->d_name, ".", ".."))
1079 continue;
1080
1081 p = strjoin(path, "/", de->d_name, NULL);
1082 if (!p)
1083 return -ENOMEM;
1084
1085 q = action(i, p);
1086 if (q < 0 && q != -ENOENT && r == 0)
1087 r = q;
1088
1089 if (IN_SET(de->d_type, DT_UNKNOWN, DT_DIR)) {
1090 q = item_do_children(i, p, action);
1091 if (q < 0 && r == 0)
1092 r = q;
1093 }
1094 }
1095
1096 return r;
1097 }
1098
1099 static int glob_item(Item *i, action_t action, bool recursive) {
1100 _cleanup_globfree_ glob_t g = {
1101 .gl_closedir = (void (*)(void *)) closedir,
1102 .gl_readdir = (struct dirent *(*)(void *)) readdir,
1103 .gl_opendir = (void *(*)(const char *)) opendir_nomod,
1104 .gl_lstat = lstat,
1105 .gl_stat = stat,
1106 };
1107 int r = 0, k;
1108 char **fn;
1109
1110 errno = 0;
1111 k = glob(i->path, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g);
1112 if (k != 0 && k != GLOB_NOMATCH)
1113 return log_error_errno(errno ?: EIO, "glob(%s) failed: %m", i->path);
1114
1115 STRV_FOREACH(fn, g.gl_pathv) {
1116 k = action(i, *fn);
1117 if (k < 0 && r == 0)
1118 r = k;
1119
1120 if (recursive) {
1121 k = item_do_children(i, *fn, action);
1122 if (k < 0 && r == 0)
1123 r = k;
1124 }
1125 }
1126
1127 return r;
1128 }
1129
1130 typedef enum {
1131 CREATION_NORMAL,
1132 CREATION_EXISTING,
1133 CREATION_FORCE,
1134 _CREATION_MODE_MAX,
1135 _CREATION_MODE_INVALID = -1
1136 } CreationMode;
1137
1138 static const char *creation_mode_verb_table[_CREATION_MODE_MAX] = {
1139 [CREATION_NORMAL] = "Created",
1140 [CREATION_EXISTING] = "Found existing",
1141 [CREATION_FORCE] = "Created replacement",
1142 };
1143
1144 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb, CreationMode);
1145
1146 static int create_item(Item *i) {
1147 _cleanup_free_ char *resolved = NULL;
1148 struct stat st;
1149 int r = 0;
1150 CreationMode creation;
1151
1152 assert(i);
1153
1154 log_debug("Running create action for entry %c %s", (char) i->type, i->path);
1155
1156 switch (i->type) {
1157
1158 case IGNORE_PATH:
1159 case IGNORE_DIRECTORY_PATH:
1160 case REMOVE_PATH:
1161 case RECURSIVE_REMOVE_PATH:
1162 return 0;
1163
1164 case CREATE_FILE:
1165 case TRUNCATE_FILE:
1166 r = write_one_file(i, i->path);
1167 if (r < 0)
1168 return r;
1169 break;
1170
1171 case COPY_FILES: {
1172 r = specifier_printf(i->argument, specifier_table, NULL, &resolved);
1173 if (r < 0)
1174 return log_error_errno(r, "Failed to substitute specifiers in copy source %s: %m", i->argument);
1175
1176 log_debug("Copying tree \"%s\" to \"%s\".", resolved, i->path);
1177 r = copy_tree(resolved, i->path, false);
1178
1179 if (r == -EROFS && stat(i->path, &st) == 0)
1180 r = -EEXIST;
1181
1182 if (r < 0) {
1183 struct stat a, b;
1184
1185 if (r != -EEXIST)
1186 return log_error_errno(r, "Failed to copy files to %s: %m", i->path);
1187
1188 if (stat(resolved, &a) < 0)
1189 return log_error_errno(errno, "stat(%s) failed: %m", resolved);
1190
1191 if (stat(i->path, &b) < 0)
1192 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1193
1194 if ((a.st_mode ^ b.st_mode) & S_IFMT) {
1195 log_debug("Can't copy to %s, file exists already and is of different type", i->path);
1196 return 0;
1197 }
1198 }
1199
1200 r = path_set_perms(i, i->path);
1201 if (r < 0)
1202 return r;
1203
1204 break;
1205
1206 case WRITE_FILE:
1207 r = glob_item(i, write_one_file, false);
1208 if (r < 0)
1209 return r;
1210
1211 break;
1212
1213 case CREATE_DIRECTORY:
1214 case TRUNCATE_DIRECTORY:
1215 case CREATE_SUBVOLUME:
1216 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1217 case CREATE_SUBVOLUME_NEW_QUOTA:
1218
1219 RUN_WITH_UMASK(0000)
1220 mkdir_parents_label(i->path, 0755);
1221
1222 if (IN_SET(i->type, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA)) {
1223 RUN_WITH_UMASK((~i->mode) & 0777)
1224 r = btrfs_subvol_make(i->path);
1225 } else
1226 r = 0;
1227
1228 if (IN_SET(i->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY) || r == -ENOTTY)
1229 RUN_WITH_UMASK(0000)
1230 r = mkdir_label(i->path, i->mode);
1231
1232 if (r < 0) {
1233 int k;
1234
1235 if (r != -EEXIST && r != -EROFS)
1236 return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", i->path);
1237
1238 k = is_dir(i->path, false);
1239 if (k == -ENOENT && r == -EROFS)
1240 return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", i->path);
1241 if (k < 0)
1242 return log_error_errno(k, "Failed to check if %s exists: %m", i->path);
1243 if (!k) {
1244 log_warning("\"%s\" already exists and is not a directory.", i->path);
1245 return 0;
1246 }
1247
1248 creation = CREATION_EXISTING;
1249 } else
1250 creation = CREATION_NORMAL;
1251
1252 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation), i->path);
1253
1254 if (IN_SET(i->type, CREATE_SUBVOLUME_NEW_QUOTA, CREATE_SUBVOLUME_INHERIT_QUOTA)) {
1255 r = btrfs_subvol_auto_qgroup(i->path, 0, i->type == CREATE_SUBVOLUME_NEW_QUOTA);
1256 if (r == -ENOTTY) {
1257 log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" because of unsupported file system or because directory is not a subvolume: %m", i->path);
1258 return 0;
1259 }
1260 if (r == -EROFS) {
1261 log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" because of read-only file system: %m", i->path);
1262 return 0;
1263 }
1264 if (r < 0)
1265 return log_error_errno(r, "Failed to adjust quota for subvolume \"%s\": %m", i->path);
1266 if (r > 0)
1267 log_debug("Adjusted quota for subvolume \"%s\".", i->path);
1268 if (r == 0)
1269 log_debug("Quota for subvolume \"%s\" already in place, no change made.", i->path);
1270 }
1271
1272 r = path_set_perms(i, i->path);
1273 if (r < 0)
1274 return r;
1275
1276 break;
1277
1278 case CREATE_FIFO:
1279
1280 RUN_WITH_UMASK(0000) {
1281 mac_selinux_create_file_prepare(i->path, S_IFIFO);
1282 r = mkfifo(i->path, i->mode);
1283 mac_selinux_create_file_clear();
1284 }
1285
1286 if (r < 0) {
1287 if (errno != EEXIST)
1288 return log_error_errno(errno, "Failed to create fifo %s: %m", i->path);
1289
1290 if (lstat(i->path, &st) < 0)
1291 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1292
1293 if (!S_ISFIFO(st.st_mode)) {
1294
1295 if (i->force) {
1296 RUN_WITH_UMASK(0000) {
1297 mac_selinux_create_file_prepare(i->path, S_IFIFO);
1298 r = mkfifo_atomic(i->path, i->mode);
1299 mac_selinux_create_file_clear();
1300 }
1301
1302 if (r < 0)
1303 return log_error_errno(r, "Failed to create fifo %s: %m", i->path);
1304 creation = CREATION_FORCE;
1305 } else {
1306 log_warning("\"%s\" already exists and is not a fifo.", i->path);
1307 return 0;
1308 }
1309 } else
1310 creation = CREATION_EXISTING;
1311 } else
1312 creation = CREATION_NORMAL;
1313 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation), i->path);
1314
1315 r = path_set_perms(i, i->path);
1316 if (r < 0)
1317 return r;
1318
1319 break;
1320 }
1321
1322 case CREATE_SYMLINK: {
1323 r = specifier_printf(i->argument, specifier_table, NULL, &resolved);
1324 if (r < 0)
1325 return log_error_errno(r, "Failed to substitute specifiers in symlink target %s: %m", i->argument);
1326
1327 mac_selinux_create_file_prepare(i->path, S_IFLNK);
1328 r = symlink(resolved, i->path);
1329 mac_selinux_create_file_clear();
1330
1331 if (r < 0) {
1332 _cleanup_free_ char *x = NULL;
1333
1334 if (errno != EEXIST)
1335 return log_error_errno(errno, "symlink(%s, %s) failed: %m", resolved, i->path);
1336
1337 r = readlink_malloc(i->path, &x);
1338 if (r < 0 || !streq(resolved, x)) {
1339
1340 if (i->force) {
1341 mac_selinux_create_file_prepare(i->path, S_IFLNK);
1342 r = symlink_atomic(resolved, i->path);
1343 mac_selinux_create_file_clear();
1344
1345 if (r < 0)
1346 return log_error_errno(r, "symlink(%s, %s) failed: %m", resolved, i->path);
1347
1348 creation = CREATION_FORCE;
1349 } else {
1350 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i->path);
1351 return 0;
1352 }
1353 } else
1354 creation = CREATION_EXISTING;
1355 } else
1356
1357 creation = CREATION_NORMAL;
1358 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation), i->path);
1359 break;
1360 }
1361
1362 case CREATE_BLOCK_DEVICE:
1363 case CREATE_CHAR_DEVICE: {
1364 mode_t file_type;
1365
1366 if (have_effective_cap(CAP_MKNOD) == 0) {
1367 /* In a container we lack CAP_MKNOD. We
1368 shouldn't attempt to create the device node in
1369 that case to avoid noise, and we don't support
1370 virtualized devices in containers anyway. */
1371
1372 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i->path);
1373 return 0;
1374 }
1375
1376 file_type = i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR;
1377
1378 RUN_WITH_UMASK(0000) {
1379 mac_selinux_create_file_prepare(i->path, file_type);
1380 r = mknod(i->path, i->mode | file_type, i->major_minor);
1381 mac_selinux_create_file_clear();
1382 }
1383
1384 if (r < 0) {
1385 if (errno == EPERM) {
1386 log_debug("We lack permissions, possibly because of cgroup configuration; "
1387 "skipping creation of device node %s.", i->path);
1388 return 0;
1389 }
1390
1391 if (errno != EEXIST)
1392 return log_error_errno(errno, "Failed to create device node %s: %m", i->path);
1393
1394 if (lstat(i->path, &st) < 0)
1395 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1396
1397 if ((st.st_mode & S_IFMT) != file_type) {
1398
1399 if (i->force) {
1400
1401 RUN_WITH_UMASK(0000) {
1402 mac_selinux_create_file_prepare(i->path, file_type);
1403 r = mknod_atomic(i->path, i->mode | file_type, i->major_minor);
1404 mac_selinux_create_file_clear();
1405 }
1406
1407 if (r < 0)
1408 return log_error_errno(r, "Failed to create device node \"%s\": %m", i->path);
1409 creation = CREATION_FORCE;
1410 } else {
1411 log_debug("%s is not a device node.", i->path);
1412 return 0;
1413 }
1414 } else
1415 creation = CREATION_EXISTING;
1416 } else
1417 creation = CREATION_NORMAL;
1418
1419 log_debug("%s %s device node \"%s\" %u:%u.",
1420 creation_mode_verb_to_string(creation),
1421 i->type == CREATE_BLOCK_DEVICE ? "block" : "char",
1422 i->path, major(i->mode), minor(i->mode));
1423
1424 r = path_set_perms(i, i->path);
1425 if (r < 0)
1426 return r;
1427
1428 break;
1429 }
1430
1431 case ADJUST_MODE:
1432 case RELABEL_PATH:
1433 r = glob_item(i, path_set_perms, false);
1434 if (r < 0)
1435 return r;
1436 break;
1437
1438 case RECURSIVE_RELABEL_PATH:
1439 r = glob_item(i, path_set_perms, true);
1440 if (r < 0)
1441 return r;
1442 break;
1443
1444 case SET_XATTR:
1445 r = glob_item(i, path_set_xattrs, false);
1446 if (r < 0)
1447 return r;
1448 break;
1449
1450 case RECURSIVE_SET_XATTR:
1451 r = glob_item(i, path_set_xattrs, true);
1452 if (r < 0)
1453 return r;
1454 break;
1455
1456 case SET_ACL:
1457 r = glob_item(i, path_set_acls, false);
1458 if (r < 0)
1459 return r;
1460 break;
1461
1462 case RECURSIVE_SET_ACL:
1463 r = glob_item(i, path_set_acls, true);
1464 if (r < 0)
1465 return r;
1466 break;
1467
1468 case SET_ATTRIBUTE:
1469 r = glob_item(i, path_set_attribute, false);
1470 if (r < 0)
1471 return r;
1472 break;
1473
1474 case RECURSIVE_SET_ATTRIBUTE:
1475 r = glob_item(i, path_set_attribute, true);
1476 if (r < 0)
1477 return r;
1478 break;
1479 }
1480
1481 return 0;
1482 }
1483
1484 static int remove_item_instance(Item *i, const char *instance) {
1485 int r;
1486
1487 assert(i);
1488
1489 switch (i->type) {
1490
1491 case REMOVE_PATH:
1492 if (remove(instance) < 0 && errno != ENOENT)
1493 return log_error_errno(errno, "rm(%s): %m", instance);
1494
1495 break;
1496
1497 case TRUNCATE_DIRECTORY:
1498 case RECURSIVE_REMOVE_PATH:
1499 /* FIXME: we probably should use dir_cleanup() here
1500 * instead of rm_rf() so that 'x' is honoured. */
1501 log_debug("rm -rf \"%s\"", instance);
1502 r = rm_rf(instance, (i->type == RECURSIVE_REMOVE_PATH ? REMOVE_ROOT|REMOVE_SUBVOLUME : 0) | REMOVE_PHYSICAL);
1503 if (r < 0 && r != -ENOENT)
1504 return log_error_errno(r, "rm_rf(%s): %m", instance);
1505
1506 break;
1507
1508 default:
1509 assert_not_reached("wut?");
1510 }
1511
1512 return 0;
1513 }
1514
1515 static int remove_item(Item *i) {
1516 int r = 0;
1517
1518 assert(i);
1519
1520 log_debug("Running remove action for entry %c %s", (char) i->type, i->path);
1521
1522 switch (i->type) {
1523
1524 case CREATE_FILE:
1525 case TRUNCATE_FILE:
1526 case CREATE_DIRECTORY:
1527 case CREATE_SUBVOLUME:
1528 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1529 case CREATE_SUBVOLUME_NEW_QUOTA:
1530 case CREATE_FIFO:
1531 case CREATE_SYMLINK:
1532 case CREATE_CHAR_DEVICE:
1533 case CREATE_BLOCK_DEVICE:
1534 case IGNORE_PATH:
1535 case IGNORE_DIRECTORY_PATH:
1536 case ADJUST_MODE:
1537 case RELABEL_PATH:
1538 case RECURSIVE_RELABEL_PATH:
1539 case WRITE_FILE:
1540 case COPY_FILES:
1541 case SET_XATTR:
1542 case RECURSIVE_SET_XATTR:
1543 case SET_ACL:
1544 case RECURSIVE_SET_ACL:
1545 case SET_ATTRIBUTE:
1546 case RECURSIVE_SET_ATTRIBUTE:
1547 break;
1548
1549 case REMOVE_PATH:
1550 case TRUNCATE_DIRECTORY:
1551 case RECURSIVE_REMOVE_PATH:
1552 r = glob_item(i, remove_item_instance, false);
1553 break;
1554 }
1555
1556 return r;
1557 }
1558
1559 static int clean_item_instance(Item *i, const char* instance) {
1560 _cleanup_closedir_ DIR *d = NULL;
1561 struct stat s, ps;
1562 bool mountpoint;
1563 usec_t cutoff, n;
1564 char timestamp[FORMAT_TIMESTAMP_MAX];
1565
1566 assert(i);
1567
1568 if (!i->age_set)
1569 return 0;
1570
1571 n = now(CLOCK_REALTIME);
1572 if (n < i->age)
1573 return 0;
1574
1575 cutoff = n - i->age;
1576
1577 d = opendir_nomod(instance);
1578 if (!d) {
1579 if (errno == ENOENT || errno == ENOTDIR) {
1580 log_debug_errno(errno, "Directory \"%s\": %m", instance);
1581 return 0;
1582 }
1583
1584 log_error_errno(errno, "Failed to open directory %s: %m", instance);
1585 return -errno;
1586 }
1587
1588 if (fstat(dirfd(d), &s) < 0)
1589 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1590
1591 if (!S_ISDIR(s.st_mode)) {
1592 log_error("%s is not a directory.", i->path);
1593 return -ENOTDIR;
1594 }
1595
1596 if (fstatat(dirfd(d), "..", &ps, AT_SYMLINK_NOFOLLOW) != 0)
1597 return log_error_errno(errno, "stat(%s/..) failed: %m", i->path);
1598
1599 mountpoint = s.st_dev != ps.st_dev || s.st_ino == ps.st_ino;
1600
1601 log_debug("Cleanup threshold for %s \"%s\" is %s",
1602 mountpoint ? "mount point" : "directory",
1603 instance,
1604 format_timestamp_us(timestamp, sizeof(timestamp), cutoff));
1605
1606 return dir_cleanup(i, instance, d, &s, cutoff, s.st_dev, mountpoint,
1607 MAX_DEPTH, i->keep_first_level);
1608 }
1609
1610 static int clean_item(Item *i) {
1611 int r = 0;
1612
1613 assert(i);
1614
1615 log_debug("Running clean action for entry %c %s", (char) i->type, i->path);
1616
1617 switch (i->type) {
1618 case CREATE_DIRECTORY:
1619 case CREATE_SUBVOLUME:
1620 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1621 case CREATE_SUBVOLUME_NEW_QUOTA:
1622 case TRUNCATE_DIRECTORY:
1623 case IGNORE_PATH:
1624 case COPY_FILES:
1625 clean_item_instance(i, i->path);
1626 break;
1627 case IGNORE_DIRECTORY_PATH:
1628 r = glob_item(i, clean_item_instance, false);
1629 break;
1630 default:
1631 break;
1632 }
1633
1634 return r;
1635 }
1636
1637 static int process_item_array(ItemArray *array);
1638
1639 static int process_item(Item *i) {
1640 int r, q, p, t = 0;
1641 _cleanup_free_ char *prefix = NULL;
1642
1643 assert(i);
1644
1645 if (i->done)
1646 return 0;
1647
1648 i->done = true;
1649
1650 prefix = malloc(strlen(i->path) + 1);
1651 if (!prefix)
1652 return log_oom();
1653
1654 PATH_FOREACH_PREFIX(prefix, i->path) {
1655 ItemArray *j;
1656
1657 j = ordered_hashmap_get(items, prefix);
1658 if (j) {
1659 int s;
1660
1661 s = process_item_array(j);
1662 if (s < 0 && t == 0)
1663 t = s;
1664 }
1665 }
1666
1667 r = arg_create ? create_item(i) : 0;
1668 q = arg_remove ? remove_item(i) : 0;
1669 p = arg_clean ? clean_item(i) : 0;
1670
1671 return t < 0 ? t :
1672 r < 0 ? r :
1673 q < 0 ? q :
1674 p;
1675 }
1676
1677 static int process_item_array(ItemArray *array) {
1678 unsigned n;
1679 int r = 0, k;
1680
1681 assert(array);
1682
1683 for (n = 0; n < array->count; n++) {
1684 k = process_item(array->items + n);
1685 if (k < 0 && r == 0)
1686 r = k;
1687 }
1688
1689 return r;
1690 }
1691
1692 static void item_free_contents(Item *i) {
1693 assert(i);
1694 free(i->path);
1695 free(i->argument);
1696 strv_free(i->xattrs);
1697
1698 #ifdef HAVE_ACL
1699 acl_free(i->acl_access);
1700 acl_free(i->acl_default);
1701 #endif
1702 }
1703
1704 static void item_array_free(ItemArray *a) {
1705 unsigned n;
1706
1707 if (!a)
1708 return;
1709
1710 for (n = 0; n < a->count; n++)
1711 item_free_contents(a->items + n);
1712 free(a->items);
1713 free(a);
1714 }
1715
1716 static int item_compare(const void *a, const void *b) {
1717 const Item *x = a, *y = b;
1718
1719 /* Make sure that the ownership taking item is put first, so
1720 * that we first create the node, and then can adjust it */
1721
1722 if (takes_ownership(x->type) && !takes_ownership(y->type))
1723 return -1;
1724 if (!takes_ownership(x->type) && takes_ownership(y->type))
1725 return 1;
1726
1727 return (int) x->type - (int) y->type;
1728 }
1729
1730 static bool item_compatible(Item *a, Item *b) {
1731 assert(a);
1732 assert(b);
1733 assert(streq(a->path, b->path));
1734
1735 if (takes_ownership(a->type) && takes_ownership(b->type))
1736 /* check if the items are the same */
1737 return streq_ptr(a->argument, b->argument) &&
1738
1739 a->uid_set == b->uid_set &&
1740 a->uid == b->uid &&
1741
1742 a->gid_set == b->gid_set &&
1743 a->gid == b->gid &&
1744
1745 a->mode_set == b->mode_set &&
1746 a->mode == b->mode &&
1747
1748 a->age_set == b->age_set &&
1749 a->age == b->age &&
1750
1751 a->mask_perms == b->mask_perms &&
1752
1753 a->keep_first_level == b->keep_first_level &&
1754
1755 a->major_minor == b->major_minor;
1756
1757 return true;
1758 }
1759
1760 static bool should_include_path(const char *path) {
1761 char **prefix;
1762
1763 STRV_FOREACH(prefix, arg_exclude_prefixes)
1764 if (path_startswith(path, *prefix)) {
1765 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1766 path, *prefix);
1767 return false;
1768 }
1769
1770 STRV_FOREACH(prefix, arg_include_prefixes)
1771 if (path_startswith(path, *prefix)) {
1772 log_debug("Entry \"%s\" matches include prefix \"%s\".", path, *prefix);
1773 return true;
1774 }
1775
1776 /* no matches, so we should include this path only if we
1777 * have no whitelist at all */
1778 if (strv_length(arg_include_prefixes) == 0)
1779 return true;
1780
1781 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path);
1782 return false;
1783 }
1784
1785 static int parse_line(const char *fname, unsigned line, const char *buffer) {
1786
1787 _cleanup_free_ char *action = NULL, *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
1788 _cleanup_(item_free_contents) Item i = {};
1789 ItemArray *existing;
1790 OrderedHashmap *h;
1791 int r, pos;
1792 bool force = false, boot = false;
1793
1794 assert(fname);
1795 assert(line >= 1);
1796 assert(buffer);
1797
1798 r = extract_many_words(
1799 &buffer,
1800 NULL,
1801 EXTRACT_QUOTES,
1802 &action,
1803 &path,
1804 &mode,
1805 &user,
1806 &group,
1807 &age,
1808 NULL);
1809 if (r < 0)
1810 return log_error_errno(r, "[%s:%u] Failed to parse line: %m", fname, line);
1811 else if (r < 2) {
1812 log_error("[%s:%u] Syntax error.", fname, line);
1813 return -EIO;
1814 }
1815
1816 if (!isempty(buffer) && !streq(buffer, "-")) {
1817 i.argument = strdup(buffer);
1818 if (!i.argument)
1819 return log_oom();
1820 }
1821
1822 if (isempty(action)) {
1823 log_error("[%s:%u] Command too short '%s'.", fname, line, action);
1824 return -EINVAL;
1825 }
1826
1827 for (pos = 1; action[pos]; pos++) {
1828 if (action[pos] == '!' && !boot)
1829 boot = true;
1830 else if (action[pos] == '+' && !force)
1831 force = true;
1832 else {
1833 log_error("[%s:%u] Unknown modifiers in command '%s'",
1834 fname, line, action);
1835 return -EINVAL;
1836 }
1837 }
1838
1839 if (boot && !arg_boot) {
1840 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
1841 action, path);
1842 return 0;
1843 }
1844
1845 i.type = action[0];
1846 i.force = force;
1847
1848 r = specifier_printf(path, specifier_table, NULL, &i.path);
1849 if (r < 0) {
1850 log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, path);
1851 return r;
1852 }
1853
1854 switch (i.type) {
1855
1856 case CREATE_DIRECTORY:
1857 case CREATE_SUBVOLUME:
1858 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1859 case CREATE_SUBVOLUME_NEW_QUOTA:
1860 case TRUNCATE_DIRECTORY:
1861 case CREATE_FIFO:
1862 case IGNORE_PATH:
1863 case IGNORE_DIRECTORY_PATH:
1864 case REMOVE_PATH:
1865 case RECURSIVE_REMOVE_PATH:
1866 case ADJUST_MODE:
1867 case RELABEL_PATH:
1868 case RECURSIVE_RELABEL_PATH:
1869 if (i.argument)
1870 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname, line, i.type);
1871
1872 break;
1873
1874 case CREATE_FILE:
1875 case TRUNCATE_FILE:
1876 break;
1877
1878 case CREATE_SYMLINK:
1879 if (!i.argument) {
1880 i.argument = strappend("/usr/share/factory/", i.path);
1881 if (!i.argument)
1882 return log_oom();
1883 }
1884 break;
1885
1886 case WRITE_FILE:
1887 if (!i.argument) {
1888 log_error("[%s:%u] Write file requires argument.", fname, line);
1889 return -EBADMSG;
1890 }
1891 break;
1892
1893 case COPY_FILES:
1894 if (!i.argument) {
1895 i.argument = strappend("/usr/share/factory/", i.path);
1896 if (!i.argument)
1897 return log_oom();
1898 } else if (!path_is_absolute(i.argument)) {
1899 log_error("[%s:%u] Source path is not absolute.", fname, line);
1900 return -EBADMSG;
1901 }
1902
1903 path_kill_slashes(i.argument);
1904 break;
1905
1906 case CREATE_CHAR_DEVICE:
1907 case CREATE_BLOCK_DEVICE: {
1908 unsigned major, minor;
1909
1910 if (!i.argument) {
1911 log_error("[%s:%u] Device file requires argument.", fname, line);
1912 return -EBADMSG;
1913 }
1914
1915 if (sscanf(i.argument, "%u:%u", &major, &minor) != 2) {
1916 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname, line, i.argument);
1917 return -EBADMSG;
1918 }
1919
1920 i.major_minor = makedev(major, minor);
1921 break;
1922 }
1923
1924 case SET_XATTR:
1925 case RECURSIVE_SET_XATTR:
1926 if (!i.argument) {
1927 log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
1928 return -EBADMSG;
1929 }
1930 r = parse_xattrs_from_arg(&i);
1931 if (r < 0)
1932 return r;
1933 break;
1934
1935 case SET_ACL:
1936 case RECURSIVE_SET_ACL:
1937 if (!i.argument) {
1938 log_error("[%s:%u] Set ACLs requires argument.", fname, line);
1939 return -EBADMSG;
1940 }
1941 r = parse_acls_from_arg(&i);
1942 if (r < 0)
1943 return r;
1944 break;
1945
1946 case SET_ATTRIBUTE:
1947 case RECURSIVE_SET_ATTRIBUTE:
1948 if (!i.argument) {
1949 log_error("[%s:%u] Set file attribute requires argument.", fname, line);
1950 return -EBADMSG;
1951 }
1952 r = parse_attribute_from_arg(&i);
1953 if (r < 0)
1954 return r;
1955 break;
1956
1957 default:
1958 log_error("[%s:%u] Unknown command type '%c'.", fname, line, (char) i.type);
1959 return -EBADMSG;
1960 }
1961
1962 if (!path_is_absolute(i.path)) {
1963 log_error("[%s:%u] Path '%s' not absolute.", fname, line, i.path);
1964 return -EBADMSG;
1965 }
1966
1967 path_kill_slashes(i.path);
1968
1969 if (!should_include_path(i.path))
1970 return 0;
1971
1972 if (arg_root) {
1973 char *p;
1974
1975 p = prefix_root(arg_root, i.path);
1976 if (!p)
1977 return log_oom();
1978
1979 free(i.path);
1980 i.path = p;
1981 }
1982
1983 if (!isempty(user) && !streq(user, "-")) {
1984 const char *u = user;
1985
1986 r = get_user_creds(&u, &i.uid, NULL, NULL, NULL);
1987 if (r < 0) {
1988 log_error("[%s:%u] Unknown user '%s'.", fname, line, user);
1989 return r;
1990 }
1991
1992 i.uid_set = true;
1993 }
1994
1995 if (!isempty(group) && !streq(group, "-")) {
1996 const char *g = group;
1997
1998 r = get_group_creds(&g, &i.gid);
1999 if (r < 0) {
2000 log_error("[%s:%u] Unknown group '%s'.", fname, line, group);
2001 return r;
2002 }
2003
2004 i.gid_set = true;
2005 }
2006
2007 if (!isempty(mode) && !streq(mode, "-")) {
2008 const char *mm = mode;
2009 unsigned m;
2010
2011 if (*mm == '~') {
2012 i.mask_perms = true;
2013 mm++;
2014 }
2015
2016 if (parse_mode(mm, &m) < 0) {
2017 log_error("[%s:%u] Invalid mode '%s'.", fname, line, mode);
2018 return -EBADMSG;
2019 }
2020
2021 i.mode = m;
2022 i.mode_set = true;
2023 } else
2024 i.mode = IN_SET(i.type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA) ? 0755 : 0644;
2025
2026 if (!isempty(age) && !streq(age, "-")) {
2027 const char *a = age;
2028
2029 if (*a == '~') {
2030 i.keep_first_level = true;
2031 a++;
2032 }
2033
2034 if (parse_sec(a, &i.age) < 0) {
2035 log_error("[%s:%u] Invalid age '%s'.", fname, line, age);
2036 return -EBADMSG;
2037 }
2038
2039 i.age_set = true;
2040 }
2041
2042 h = needs_glob(i.type) ? globs : items;
2043
2044 existing = ordered_hashmap_get(h, i.path);
2045 if (existing) {
2046 unsigned n;
2047
2048 for (n = 0; n < existing->count; n++) {
2049 if (!item_compatible(existing->items + n, &i)) {
2050 log_warning("[%s:%u] Duplicate line for path \"%s\", ignoring.",
2051 fname, line, i.path);
2052 return 0;
2053 }
2054 }
2055 } else {
2056 existing = new0(ItemArray, 1);
2057 r = ordered_hashmap_put(h, i.path, existing);
2058 if (r < 0)
2059 return log_oom();
2060 }
2061
2062 if (!GREEDY_REALLOC(existing->items, existing->size, existing->count + 1))
2063 return log_oom();
2064
2065 memcpy(existing->items + existing->count++, &i, sizeof(i));
2066
2067 /* Sort item array, to enforce stable ordering of application */
2068 qsort_safe(existing->items, existing->count, sizeof(Item), item_compare);
2069
2070 zero(i);
2071 return 0;
2072 }
2073
2074 static void help(void) {
2075 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
2076 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
2077 " -h --help Show this help\n"
2078 " --version Show package version\n"
2079 " --create Create marked files/directories\n"
2080 " --clean Clean up marked directories\n"
2081 " --remove Remove marked files/directories\n"
2082 " --boot Execute actions only safe at boot\n"
2083 " --prefix=PATH Only apply rules with the specified prefix\n"
2084 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2085 " --root=PATH Operate on an alternate filesystem root\n",
2086 program_invocation_short_name);
2087 }
2088
2089 static int parse_argv(int argc, char *argv[]) {
2090
2091 enum {
2092 ARG_VERSION = 0x100,
2093 ARG_CREATE,
2094 ARG_CLEAN,
2095 ARG_REMOVE,
2096 ARG_BOOT,
2097 ARG_PREFIX,
2098 ARG_EXCLUDE_PREFIX,
2099 ARG_ROOT,
2100 };
2101
2102 static const struct option options[] = {
2103 { "help", no_argument, NULL, 'h' },
2104 { "version", no_argument, NULL, ARG_VERSION },
2105 { "create", no_argument, NULL, ARG_CREATE },
2106 { "clean", no_argument, NULL, ARG_CLEAN },
2107 { "remove", no_argument, NULL, ARG_REMOVE },
2108 { "boot", no_argument, NULL, ARG_BOOT },
2109 { "prefix", required_argument, NULL, ARG_PREFIX },
2110 { "exclude-prefix", required_argument, NULL, ARG_EXCLUDE_PREFIX },
2111 { "root", required_argument, NULL, ARG_ROOT },
2112 {}
2113 };
2114
2115 int c, r;
2116
2117 assert(argc >= 0);
2118 assert(argv);
2119
2120 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
2121
2122 switch (c) {
2123
2124 case 'h':
2125 help();
2126 return 0;
2127
2128 case ARG_VERSION:
2129 return version();
2130
2131 case ARG_CREATE:
2132 arg_create = true;
2133 break;
2134
2135 case ARG_CLEAN:
2136 arg_clean = true;
2137 break;
2138
2139 case ARG_REMOVE:
2140 arg_remove = true;
2141 break;
2142
2143 case ARG_BOOT:
2144 arg_boot = true;
2145 break;
2146
2147 case ARG_PREFIX:
2148 if (strv_push(&arg_include_prefixes, optarg) < 0)
2149 return log_oom();
2150 break;
2151
2152 case ARG_EXCLUDE_PREFIX:
2153 if (strv_push(&arg_exclude_prefixes, optarg) < 0)
2154 return log_oom();
2155 break;
2156
2157 case ARG_ROOT:
2158 r = parse_path_argument_and_warn(optarg, true, &arg_root);
2159 if (r < 0)
2160 return r;
2161 break;
2162
2163 case '?':
2164 return -EINVAL;
2165
2166 default:
2167 assert_not_reached("Unhandled option");
2168 }
2169
2170 if (!arg_clean && !arg_create && !arg_remove) {
2171 log_error("You need to specify at least one of --clean, --create or --remove.");
2172 return -EINVAL;
2173 }
2174
2175 return 1;
2176 }
2177
2178 static int read_config_file(const char *fn, bool ignore_enoent) {
2179 _cleanup_fclose_ FILE *f = NULL;
2180 char line[LINE_MAX];
2181 Iterator iterator;
2182 unsigned v = 0;
2183 Item *i;
2184 int r;
2185
2186 assert(fn);
2187
2188 r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &f);
2189 if (r < 0) {
2190 if (ignore_enoent && r == -ENOENT) {
2191 log_debug_errno(r, "Failed to open \"%s\": %m", fn);
2192 return 0;
2193 }
2194
2195 return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
2196 }
2197 log_debug("Reading config file \"%s\".", fn);
2198
2199 FOREACH_LINE(line, f, break) {
2200 char *l;
2201 int k;
2202
2203 v++;
2204
2205 l = strstrip(line);
2206 if (*l == '#' || *l == 0)
2207 continue;
2208
2209 k = parse_line(fn, v, l);
2210 if (k < 0 && r == 0)
2211 r = k;
2212 }
2213
2214 /* we have to determine age parameter for each entry of type X */
2215 ORDERED_HASHMAP_FOREACH(i, globs, iterator) {
2216 Iterator iter;
2217 Item *j, *candidate_item = NULL;
2218
2219 if (i->type != IGNORE_DIRECTORY_PATH)
2220 continue;
2221
2222 ORDERED_HASHMAP_FOREACH(j, items, iter) {
2223 if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
2224 continue;
2225
2226 if (path_equal(j->path, i->path)) {
2227 candidate_item = j;
2228 break;
2229 }
2230
2231 if ((!candidate_item && path_startswith(i->path, j->path)) ||
2232 (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
2233 candidate_item = j;
2234 }
2235
2236 if (candidate_item && candidate_item->age_set) {
2237 i->age = candidate_item->age;
2238 i->age_set = true;
2239 }
2240 }
2241
2242 if (ferror(f)) {
2243 log_error_errno(errno, "Failed to read from file %s: %m", fn);
2244 if (r == 0)
2245 r = -EIO;
2246 }
2247
2248 return r;
2249 }
2250
2251 int main(int argc, char *argv[]) {
2252 int r, k;
2253 ItemArray *a;
2254 Iterator iterator;
2255
2256 r = parse_argv(argc, argv);
2257 if (r <= 0)
2258 goto finish;
2259
2260 log_set_target(LOG_TARGET_AUTO);
2261 log_parse_environment();
2262 log_open();
2263
2264 umask(0022);
2265
2266 mac_selinux_init(NULL);
2267
2268 items = ordered_hashmap_new(&string_hash_ops);
2269 globs = ordered_hashmap_new(&string_hash_ops);
2270
2271 if (!items || !globs) {
2272 r = log_oom();
2273 goto finish;
2274 }
2275
2276 r = 0;
2277
2278 if (optind < argc) {
2279 int j;
2280
2281 for (j = optind; j < argc; j++) {
2282 k = read_config_file(argv[j], false);
2283 if (k < 0 && r == 0)
2284 r = k;
2285 }
2286
2287 } else {
2288 _cleanup_strv_free_ char **files = NULL;
2289 char **f;
2290
2291 r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
2292 if (r < 0) {
2293 log_error_errno(r, "Failed to enumerate tmpfiles.d files: %m");
2294 goto finish;
2295 }
2296
2297 STRV_FOREACH(f, files) {
2298 k = read_config_file(*f, true);
2299 if (k < 0 && r == 0)
2300 r = k;
2301 }
2302 }
2303
2304 /* The non-globbing ones usually create things, hence we apply
2305 * them first */
2306 ORDERED_HASHMAP_FOREACH(a, items, iterator) {
2307 k = process_item_array(a);
2308 if (k < 0 && r == 0)
2309 r = k;
2310 }
2311
2312 /* The globbing ones usually alter things, hence we apply them
2313 * second. */
2314 ORDERED_HASHMAP_FOREACH(a, globs, iterator) {
2315 k = process_item_array(a);
2316 if (k < 0 && r == 0)
2317 r = k;
2318 }
2319
2320 finish:
2321 while ((a = ordered_hashmap_steal_first(items)))
2322 item_array_free(a);
2323
2324 while ((a = ordered_hashmap_steal_first(globs)))
2325 item_array_free(a);
2326
2327 ordered_hashmap_free(items);
2328 ordered_hashmap_free(globs);
2329
2330 free(arg_include_prefixes);
2331 free(arg_exclude_prefixes);
2332 free(arg_root);
2333
2334 set_free_free(unix_sockets);
2335
2336 mac_selinux_finish();
2337
2338 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
2339 }
Unnamed repository; edit this file 'description' to name the repository.