timesync: move stamp file to /var/lib/systemd/timesync/clock

author Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 30 Aug 2017 06:59:57 +0000 (15:59 +0900)

committer Yu Watanabe <watanabe.yu+github@gmail.com>

Wed, 30 Aug 2017 06:59:57 +0000 (15:59 +0900)
author Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 30 Aug 2017 06:59:57 +0000 (15:59 +0900)
committer Yu Watanabe <watanabe.yu+github@gmail.com>
Wed, 30 Aug 2017 06:59:57 +0000 (15:59 +0900)
diff --git a/man/systemd-timesyncd.service.xml b/man/systemd-timesyncd.service.xml

index 3edcaf1b4e68995b4fe68f4e703e73b727049855..7860c0d4e452623c6e4e3dc5a19100240f6acf34 100644 (file)
--- a/man/systemd-timesyncd.service.xml
+++ b/man/systemd-timesyncd.service.xml
@@ -88,7 +88,7 @@
  
      <variablelist>
        <varlistentry>
-        <term><filename>/var/lib/systemd/clock</filename></term>
+        <term><filename>/var/lib/systemd/timesync/clock</filename></term>
  
          <listitem>
            <para>This file contains the timestamp of the last successful
diff --git a/src/timesync/timesyncd-manager.c b/src/timesync/timesyncd-manager.c

index 4458f98ebf2852bde21783184ba9a94d7b0c7c38..eacb10f1c0cdde2805ef62ef75500d0934c007f6 100644 (file)
--- a/src/timesync/timesyncd-manager.c
+++ b/src/timesync/timesyncd-manager.c
@@ -373,7 +373,7 @@ static int manager_adjust_clock(Manager *m, double offset, int leap_sec) {
                  return -errno;
  
          /* If touch fails, there isn't much we can do. Maybe it'll work next time. */
-        (void) touch("/var/lib/systemd/clock");
+        (void) touch("/var/lib/systemd/timesync/clock");
  
          m->drift_ppm = tmx.freq / 65536;
  
diff --git a/src/timesync/timesyncd.c b/src/timesync/timesyncd.c

index 31e84b1aed3eb02320441b2b2bc549b70e685c91..6b802c607cbc1f6aedaf20f21f3fa003b3795186 100644 (file)
--- a/src/timesync/timesyncd.c
+++ b/src/timesync/timesyncd.c
@@ -24,6 +24,7 @@
  #include "clock-util.h"
  #include "fd-util.h"
  #include "fs-util.h"
+#include "mkdir.h"
  #include "network-util.h"
  #include "process-util.h"
  #include "signal-util.h"
@@ -44,7 +45,7 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
           * systems lacking a battery backed RTC. We also will adjust
           * the time to at least the build time of systemd. */
  
-        fd = open("/var/lib/systemd/clock", O_RDWR|O_CLOEXEC, 0644);
+        fd = open("/var/lib/systemd/timesync/clock", O_RDWR|O_CLOEXEC, 0644);
          if (fd >= 0) {
                  struct stat st;
                  usec_t stamp;
@@ -57,14 +58,24 @@ static int load_clock_timestamp(uid_t uid, gid_t gid) {
                                  min = stamp;
                  }
  
-                /* Try to fix the access mode, so that we can still
-                   touch the file after dropping priviliges */
-                (void) fchmod(fd, 0644);
-                (void) fchown(fd, uid, gid);
+                if (geteuid() == 0) {
+                        /* Try to fix the access mode, so that we can still
+                           touch the file after dropping priviliges */
+                        r = fchmod(fd, 0644);
+                        if (r < 0)
+                                return log_error_errno(errno, "Failed to change file access mode: %m");
+                        r = fchown(fd, uid, gid);
+                                return log_error_errno(errno, "Failed to change file owner: %m");
+                }
+
+        } else {
+                r = mkdir_safe_label("/var/lib/systemd/timesync", 0755, uid, gid);
+                if (r < 0)
+                        return log_error_errno(r, "Failed to create state directory: %m");
  
-        } else
                  /* create stamp file with the compiled-in date */
-                (void) touch_file("/var/lib/systemd/clock", true, min, uid, gid, 0644);
+                (void) touch_file("/var/lib/systemd/timesync/clock", false, min, uid, gid, 0644);
+        }
  
          ct = now(CLOCK_REALTIME);
          if (ct < min) {
@@ -162,7 +173,7 @@ int main(int argc, char *argv[]) {
  
          /* if we got an authoritative time, store it in the file system */
          if (m->sync)
-                (void) touch("/var/lib/systemd/clock");
+                (void) touch("/var/lib/systemd/timesync/clock");
  
          sd_event_get_exit_code(m->event, &r);
  
diff --git a/units/systemd-timesyncd.service.in b/units/systemd-timesyncd.service.in

index e25d86d655b2d993846b1cadb56c5e7f6acf24f9..14557a5661566457bb70c93a233d881631805929 100644 (file)
--- a/units/systemd-timesyncd.service.in
+++ b/units/systemd-timesyncd.service.in
@@ -11,7 +11,7 @@ Documentation=man:systemd-timesyncd.service(8)
  ConditionCapability=CAP_SYS_TIME
  ConditionVirtualization=!container
  DefaultDependencies=no
-RequiresMountsFor=/var/lib/systemd/clock
+RequiresMountsFor=/var/lib/systemd/timesync/clock
  After=systemd-remount-fs.service systemd-sysusers.service
  Before=time-sync.target sysinit.target shutdown.target
  Conflicts=shutdown.target
@@ -39,7 +39,7 @@ RestrictNamespaces=yes
  RestrictAddressFamilies=AF_UNIX AF_INET AF_INET6
  SystemCallFilter=~@cpu-emulation @debug @keyring @module @mount @obsolete @raw-io @reboot @swap
  SystemCallArchitectures=native
-ReadWritePaths=/var/lib/systemd
+StateDirectory=systemd/timesync
  
  [Install]
  WantedBy=sysinit.target
author	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 30 Aug 2017 06:59:57 +0000 (15:59 +0900)
committer	Yu Watanabe <watanabe.yu+github@gmail.com>
	Wed, 30 Aug 2017 06:59:57 +0000 (15:59 +0900)
man/systemd-timesyncd.service.xml		patch \| blob \| blame \| history
src/timesync/timesyncd-manager.c		patch \| blob \| blame \| history
src/timesync/timesyncd.c		patch \| blob \| blame \| history
units/systemd-timesyncd.service.in		patch \| blob \| blame \| history