]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/tmpfiles/tmpfiles.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
util-lib: split out user/group/uid/gid calls into user-util.[ch]
[thirdparty/systemd.git] / src / tmpfiles / tmpfiles.c
1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
2
3 /***
4 This file is part of systemd.
5
6 Copyright 2010 Lennart Poettering, Kay Sievers
7 Copyright 2015 Zbigniew Jędrzejewski-Szmek
8
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
13
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
18
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
21 ***/
22
23 #include <dirent.h>
24 #include <errno.h>
25 #include <fcntl.h>
26 #include <fnmatch.h>
27 #include <getopt.h>
28 #include <glob.h>
29 #include <limits.h>
30 #include <linux/fs.h>
31 #include <stdbool.h>
32 #include <stddef.h>
33 #include <stdio.h>
34 #include <stdlib.h>
35 #include <string.h>
36 #include <sys/stat.h>
37 #include <sys/xattr.h>
38 #include <time.h>
39 #include <unistd.h>
40
41 #include "acl-util.h"
42 #include "btrfs-util.h"
43 #include "capability.h"
44 #include "conf-files.h"
45 #include "copy.h"
46 #include "escape.h"
47 #include "fd-util.h"
48 #include "formats-util.h"
49 #include "io-util.h"
50 #include "label.h"
51 #include "log.h"
52 #include "macro.h"
53 #include "missing.h"
54 #include "mkdir.h"
55 #include "path-util.h"
56 #include "rm-rf.h"
57 #include "selinux-util.h"
58 #include "set.h"
59 #include "specifier.h"
60 #include "string-util.h"
61 #include "strv.h"
62 #include "user-util.h"
63 #include "util.h"
64
65 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
66 * them in the file system. This is intended to be used to create
67 * properly owned directories beneath /tmp, /var/tmp, /run, which are
68 * volatile and hence need to be recreated on bootup. */
69
70 typedef enum ItemType {
71 /* These ones take file names */
72 CREATE_FILE = 'f',
73 TRUNCATE_FILE = 'F',
74 CREATE_DIRECTORY = 'd',
75 TRUNCATE_DIRECTORY = 'D',
76 CREATE_SUBVOLUME = 'v',
77 CREATE_SUBVOLUME_INHERIT_QUOTA = 'q',
78 CREATE_SUBVOLUME_NEW_QUOTA = 'Q',
79 CREATE_FIFO = 'p',
80 CREATE_SYMLINK = 'L',
81 CREATE_CHAR_DEVICE = 'c',
82 CREATE_BLOCK_DEVICE = 'b',
83 COPY_FILES = 'C',
84
85 /* These ones take globs */
86 WRITE_FILE = 'w',
87 SET_XATTR = 't',
88 RECURSIVE_SET_XATTR = 'T',
89 SET_ACL = 'a',
90 RECURSIVE_SET_ACL = 'A',
91 SET_ATTRIBUTE = 'h',
92 RECURSIVE_SET_ATTRIBUTE = 'H',
93 IGNORE_PATH = 'x',
94 IGNORE_DIRECTORY_PATH = 'X',
95 REMOVE_PATH = 'r',
96 RECURSIVE_REMOVE_PATH = 'R',
97 RELABEL_PATH = 'z',
98 RECURSIVE_RELABEL_PATH = 'Z',
99 ADJUST_MODE = 'm', /* legacy, 'z' is identical to this */
100 } ItemType;
101
102 typedef struct Item {
103 ItemType type;
104
105 char *path;
106 char *argument;
107 char **xattrs;
108 #ifdef HAVE_ACL
109 acl_t acl_access;
110 acl_t acl_default;
111 #endif
112 uid_t uid;
113 gid_t gid;
114 mode_t mode;
115 usec_t age;
116
117 dev_t major_minor;
118 unsigned attribute_value;
119 unsigned attribute_mask;
120
121 bool uid_set:1;
122 bool gid_set:1;
123 bool mode_set:1;
124 bool age_set:1;
125 bool mask_perms:1;
126 bool attribute_set:1;
127
128 bool keep_first_level:1;
129
130 bool force:1;
131
132 bool done:1;
133 } Item;
134
135 typedef struct ItemArray {
136 Item *items;
137 size_t count;
138 size_t size;
139 } ItemArray;
140
141 static bool arg_create = false;
142 static bool arg_clean = false;
143 static bool arg_remove = false;
144 static bool arg_boot = false;
145
146 static char **arg_include_prefixes = NULL;
147 static char **arg_exclude_prefixes = NULL;
148 static char *arg_root = NULL;
149
150 static const char conf_file_dirs[] = CONF_DIRS_NULSTR("tmpfiles");
151
152 #define MAX_DEPTH 256
153
154 static OrderedHashmap *items = NULL, *globs = NULL;
155 static Set *unix_sockets = NULL;
156
157 static const Specifier specifier_table[] = {
158 { 'm', specifier_machine_id, NULL },
159 { 'b', specifier_boot_id, NULL },
160 { 'H', specifier_host_name, NULL },
161 { 'v', specifier_kernel_release, NULL },
162 {}
163 };
164
165 static bool needs_glob(ItemType t) {
166 return IN_SET(t,
167 WRITE_FILE,
168 IGNORE_PATH,
169 IGNORE_DIRECTORY_PATH,
170 REMOVE_PATH,
171 RECURSIVE_REMOVE_PATH,
172 ADJUST_MODE,
173 RELABEL_PATH,
174 RECURSIVE_RELABEL_PATH,
175 SET_XATTR,
176 RECURSIVE_SET_XATTR,
177 SET_ACL,
178 RECURSIVE_SET_ACL,
179 SET_ATTRIBUTE,
180 RECURSIVE_SET_ATTRIBUTE);
181 }
182
183 static bool takes_ownership(ItemType t) {
184 return IN_SET(t,
185 CREATE_FILE,
186 TRUNCATE_FILE,
187 CREATE_DIRECTORY,
188 TRUNCATE_DIRECTORY,
189 CREATE_SUBVOLUME,
190 CREATE_SUBVOLUME_INHERIT_QUOTA,
191 CREATE_SUBVOLUME_NEW_QUOTA,
192 CREATE_FIFO,
193 CREATE_SYMLINK,
194 CREATE_CHAR_DEVICE,
195 CREATE_BLOCK_DEVICE,
196 COPY_FILES,
197 WRITE_FILE,
198 IGNORE_PATH,
199 IGNORE_DIRECTORY_PATH,
200 REMOVE_PATH,
201 RECURSIVE_REMOVE_PATH);
202 }
203
204 static struct Item* find_glob(OrderedHashmap *h, const char *match) {
205 ItemArray *j;
206 Iterator i;
207
208 ORDERED_HASHMAP_FOREACH(j, h, i) {
209 unsigned n;
210
211 for (n = 0; n < j->count; n++) {
212 Item *item = j->items + n;
213
214 if (fnmatch(item->path, match, FNM_PATHNAME|FNM_PERIOD) == 0)
215 return item;
216 }
217 }
218
219 return NULL;
220 }
221
222 static void load_unix_sockets(void) {
223 _cleanup_fclose_ FILE *f = NULL;
224 char line[LINE_MAX];
225
226 if (unix_sockets)
227 return;
228
229 /* We maintain a cache of the sockets we found in
230 * /proc/net/unix to speed things up a little. */
231
232 unix_sockets = set_new(&string_hash_ops);
233 if (!unix_sockets)
234 return;
235
236 f = fopen("/proc/net/unix", "re");
237 if (!f)
238 return;
239
240 /* Skip header */
241 if (!fgets(line, sizeof(line), f))
242 goto fail;
243
244 for (;;) {
245 char *p, *s;
246 int k;
247
248 if (!fgets(line, sizeof(line), f))
249 break;
250
251 truncate_nl(line);
252
253 p = strchr(line, ':');
254 if (!p)
255 continue;
256
257 if (strlen(p) < 37)
258 continue;
259
260 p += 37;
261 p += strspn(p, WHITESPACE);
262 p += strcspn(p, WHITESPACE); /* skip one more word */
263 p += strspn(p, WHITESPACE);
264
265 if (*p != '/')
266 continue;
267
268 s = strdup(p);
269 if (!s)
270 goto fail;
271
272 path_kill_slashes(s);
273
274 k = set_consume(unix_sockets, s);
275 if (k < 0 && k != -EEXIST)
276 goto fail;
277 }
278
279 return;
280
281 fail:
282 set_free_free(unix_sockets);
283 unix_sockets = NULL;
284 }
285
286 static bool unix_socket_alive(const char *fn) {
287 assert(fn);
288
289 load_unix_sockets();
290
291 if (unix_sockets)
292 return !!set_get(unix_sockets, (char*) fn);
293
294 /* We don't know, so assume yes */
295 return true;
296 }
297
298 static int dir_is_mount_point(DIR *d, const char *subdir) {
299
300 union file_handle_union h = FILE_HANDLE_INIT;
301 int mount_id_parent, mount_id;
302 int r_p, r;
303
304 r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0);
305 if (r_p < 0)
306 r_p = -errno;
307
308 h.handle.handle_bytes = MAX_HANDLE_SZ;
309 r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0);
310 if (r < 0)
311 r = -errno;
312
313 /* got no handle; make no assumptions, return error */
314 if (r_p < 0 && r < 0)
315 return r_p;
316
317 /* got both handles; if they differ, it is a mount point */
318 if (r_p >= 0 && r >= 0)
319 return mount_id_parent != mount_id;
320
321 /* got only one handle; assume different mount points if one
322 * of both queries was not supported by the filesystem */
323 if (r_p == -ENOSYS || r_p == -EOPNOTSUPP || r == -ENOSYS || r == -EOPNOTSUPP)
324 return true;
325
326 /* return error */
327 if (r_p < 0)
328 return r_p;
329 return r;
330 }
331
332 static DIR* xopendirat_nomod(int dirfd, const char *path) {
333 DIR *dir;
334
335 dir = xopendirat(dirfd, path, O_NOFOLLOW|O_NOATIME);
336 if (dir)
337 return dir;
338
339 log_debug_errno(errno, "Cannot open %sdirectory \"%s\": %m", dirfd == AT_FDCWD ? "" : "sub", path);
340 if (errno != EPERM)
341 return NULL;
342
343 dir = xopendirat(dirfd, path, O_NOFOLLOW);
344 if (!dir)
345 log_debug_errno(errno, "Cannot open %sdirectory \"%s\": %m", dirfd == AT_FDCWD ? "" : "sub", path);
346
347 return dir;
348 }
349
350 static DIR* opendir_nomod(const char *path) {
351 return xopendirat_nomod(AT_FDCWD, path);
352 }
353
354 static int dir_cleanup(
355 Item *i,
356 const char *p,
357 DIR *d,
358 const struct stat *ds,
359 usec_t cutoff,
360 dev_t rootdev,
361 bool mountpoint,
362 int maxdepth,
363 bool keep_this_level) {
364
365 struct dirent *dent;
366 struct timespec times[2];
367 bool deleted = false;
368 int r = 0;
369
370 while ((dent = readdir(d))) {
371 struct stat s;
372 usec_t age;
373 _cleanup_free_ char *sub_path = NULL;
374
375 if (STR_IN_SET(dent->d_name, ".", ".."))
376 continue;
377
378 if (fstatat(dirfd(d), dent->d_name, &s, AT_SYMLINK_NOFOLLOW) < 0) {
379 if (errno == ENOENT)
380 continue;
381
382 /* FUSE, NFS mounts, SELinux might return EACCES */
383 if (errno == EACCES)
384 log_debug_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
385 else
386 log_error_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
387 r = -errno;
388 continue;
389 }
390
391 /* Stay on the same filesystem */
392 if (s.st_dev != rootdev) {
393 log_debug("Ignoring \"%s/%s\": different filesystem.", p, dent->d_name);
394 continue;
395 }
396
397 /* Try to detect bind mounts of the same filesystem instance; they
398 * do not differ in device major/minors. This type of query is not
399 * supported on all kernels or filesystem types though. */
400 if (S_ISDIR(s.st_mode) && dir_is_mount_point(d, dent->d_name) > 0) {
401 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
402 p, dent->d_name);
403 continue;
404 }
405
406 /* Do not delete read-only files owned by root */
407 if (s.st_uid == 0 && !(s.st_mode & S_IWUSR)) {
408 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p, dent->d_name);
409 continue;
410 }
411
412 sub_path = strjoin(p, "/", dent->d_name, NULL);
413 if (!sub_path) {
414 r = log_oom();
415 goto finish;
416 }
417
418 /* Is there an item configured for this path? */
419 if (ordered_hashmap_get(items, sub_path)) {
420 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path);
421 continue;
422 }
423
424 if (find_glob(globs, sub_path)) {
425 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path);
426 continue;
427 }
428
429 if (S_ISDIR(s.st_mode)) {
430
431 if (mountpoint &&
432 streq(dent->d_name, "lost+found") &&
433 s.st_uid == 0) {
434 log_debug("Ignoring \"%s\".", sub_path);
435 continue;
436 }
437
438 if (maxdepth <= 0)
439 log_warning("Reached max depth on \"%s\".", sub_path);
440 else {
441 _cleanup_closedir_ DIR *sub_dir;
442 int q;
443
444 sub_dir = xopendirat_nomod(dirfd(d), dent->d_name);
445 if (!sub_dir) {
446 if (errno != ENOENT)
447 r = log_error_errno(errno, "opendir(%s) failed: %m", sub_path);
448
449 continue;
450 }
451
452 q = dir_cleanup(i, sub_path, sub_dir, &s, cutoff, rootdev, false, maxdepth-1, false);
453 if (q < 0)
454 r = q;
455 }
456
457 /* Note: if you are wondering why we don't
458 * support the sticky bit for excluding
459 * directories from cleaning like we do it for
460 * other file system objects: well, the sticky
461 * bit already has a meaning for directories,
462 * so we don't want to overload that. */
463
464 if (keep_this_level) {
465 log_debug("Keeping \"%s\".", sub_path);
466 continue;
467 }
468
469 /* Ignore ctime, we change it when deleting */
470 age = timespec_load(&s.st_mtim);
471 if (age >= cutoff) {
472 char a[FORMAT_TIMESTAMP_MAX];
473 /* Follows spelling in stat(1). */
474 log_debug("Directory \"%s\": modify time %s is too new.",
475 sub_path,
476 format_timestamp_us(a, sizeof(a), age));
477 continue;
478 }
479
480 age = timespec_load(&s.st_atim);
481 if (age >= cutoff) {
482 char a[FORMAT_TIMESTAMP_MAX];
483 log_debug("Directory \"%s\": access time %s is too new.",
484 sub_path,
485 format_timestamp_us(a, sizeof(a), age));
486 continue;
487 }
488
489 log_debug("Removing directory \"%s\".", sub_path);
490 if (unlinkat(dirfd(d), dent->d_name, AT_REMOVEDIR) < 0)
491 if (errno != ENOENT && errno != ENOTEMPTY) {
492 log_error_errno(errno, "rmdir(%s): %m", sub_path);
493 r = -errno;
494 }
495
496 } else {
497 /* Skip files for which the sticky bit is
498 * set. These are semantics we define, and are
499 * unknown elsewhere. See XDG_RUNTIME_DIR
500 * specification for details. */
501 if (s.st_mode & S_ISVTX) {
502 log_debug("Skipping \"%s\": sticky bit set.", sub_path);
503 continue;
504 }
505
506 if (mountpoint && S_ISREG(s.st_mode))
507 if (s.st_uid == 0 && STR_IN_SET(dent->d_name,
508 ".journal",
509 "aquota.user",
510 "aquota.group")) {
511 log_debug("Skipping \"%s\".", sub_path);
512 continue;
513 }
514
515 /* Ignore sockets that are listed in /proc/net/unix */
516 if (S_ISSOCK(s.st_mode) && unix_socket_alive(sub_path)) {
517 log_debug("Skipping \"%s\": live socket.", sub_path);
518 continue;
519 }
520
521 /* Ignore device nodes */
522 if (S_ISCHR(s.st_mode) || S_ISBLK(s.st_mode)) {
523 log_debug("Skipping \"%s\": a device.", sub_path);
524 continue;
525 }
526
527 /* Keep files on this level around if this is
528 * requested */
529 if (keep_this_level) {
530 log_debug("Keeping \"%s\".", sub_path);
531 continue;
532 }
533
534 age = timespec_load(&s.st_mtim);
535 if (age >= cutoff) {
536 char a[FORMAT_TIMESTAMP_MAX];
537 /* Follows spelling in stat(1). */
538 log_debug("File \"%s\": modify time %s is too new.",
539 sub_path,
540 format_timestamp_us(a, sizeof(a), age));
541 continue;
542 }
543
544 age = timespec_load(&s.st_atim);
545 if (age >= cutoff) {
546 char a[FORMAT_TIMESTAMP_MAX];
547 log_debug("File \"%s\": access time %s is too new.",
548 sub_path,
549 format_timestamp_us(a, sizeof(a), age));
550 continue;
551 }
552
553 age = timespec_load(&s.st_ctim);
554 if (age >= cutoff) {
555 char a[FORMAT_TIMESTAMP_MAX];
556 log_debug("File \"%s\": change time %s is too new.",
557 sub_path,
558 format_timestamp_us(a, sizeof(a), age));
559 continue;
560 }
561
562 log_debug("unlink \"%s\"", sub_path);
563
564 if (unlinkat(dirfd(d), dent->d_name, 0) < 0)
565 if (errno != ENOENT)
566 r = log_error_errno(errno, "unlink(%s): %m", sub_path);
567
568 deleted = true;
569 }
570 }
571
572 finish:
573 if (deleted) {
574 usec_t age1, age2;
575 char a[FORMAT_TIMESTAMP_MAX], b[FORMAT_TIMESTAMP_MAX];
576
577 /* Restore original directory timestamps */
578 times[0] = ds->st_atim;
579 times[1] = ds->st_mtim;
580
581 age1 = timespec_load(&ds->st_atim);
582 age2 = timespec_load(&ds->st_mtim);
583 log_debug("Restoring access and modification time on \"%s\": %s, %s",
584 p,
585 format_timestamp_us(a, sizeof(a), age1),
586 format_timestamp_us(b, sizeof(b), age2));
587 if (futimens(dirfd(d), times) < 0)
588 log_error_errno(errno, "utimensat(%s): %m", p);
589 }
590
591 return r;
592 }
593
594 static int path_set_perms(Item *i, const char *path) {
595 _cleanup_close_ int fd = -1;
596 struct stat st;
597
598 assert(i);
599 assert(path);
600
601 /* We open the file with O_PATH here, to make the operation
602 * somewhat atomic. Also there's unfortunately no fchmodat()
603 * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via
604 * O_PATH. */
605
606 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|O_NOATIME);
607 if (fd < 0)
608 return log_error_errno(errno, "Adjusting owner and mode for %s failed: %m", path);
609
610 if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
611 return log_error_errno(errno, "Failed to fstat() file %s: %m", path);
612
613 if (S_ISLNK(st.st_mode))
614 log_debug("Skipping mode an owner fix for symlink %s.", path);
615 else {
616 char fn[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
617 xsprintf(fn, "/proc/self/fd/%i", fd);
618
619 /* not using i->path directly because it may be a glob */
620 if (i->mode_set) {
621 mode_t m = i->mode;
622
623 if (i->mask_perms) {
624 if (!(st.st_mode & 0111))
625 m &= ~0111;
626 if (!(st.st_mode & 0222))
627 m &= ~0222;
628 if (!(st.st_mode & 0444))
629 m &= ~0444;
630 if (!S_ISDIR(st.st_mode))
631 m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */
632 }
633
634 if (m == (st.st_mode & 07777))
635 log_debug("\"%s\" has right mode %o", path, st.st_mode);
636 else {
637 log_debug("chmod \"%s\" to mode %o", path, m);
638 if (chmod(fn, m) < 0)
639 return log_error_errno(errno, "chmod(%s) failed: %m", path);
640 }
641 }
642
643 if ((i->uid != st.st_uid || i->gid != st.st_gid) &&
644 (i->uid_set || i->gid_set)) {
645 log_debug("chown \"%s\" to "UID_FMT"."GID_FMT,
646 path,
647 i->uid_set ? i->uid : UID_INVALID,
648 i->gid_set ? i->gid : GID_INVALID);
649 if (chown(fn,
650 i->uid_set ? i->uid : UID_INVALID,
651 i->gid_set ? i->gid : GID_INVALID) < 0)
652 return log_error_errno(errno, "chown(%s) failed: %m", path);
653 }
654 }
655
656 fd = safe_close(fd);
657
658 return label_fix(path, false, false);
659 }
660
661 static int parse_xattrs_from_arg(Item *i) {
662 const char *p;
663 int r;
664
665 assert(i);
666 assert(i->argument);
667
668 p = i->argument;
669
670 for (;;) {
671 _cleanup_free_ char *name = NULL, *value = NULL, *xattr = NULL, *xattr_replaced = NULL;
672
673 r = extract_first_word(&p, &xattr, NULL, EXTRACT_QUOTES|EXTRACT_CUNESCAPE);
674 if (r < 0)
675 log_warning_errno(r, "Failed to parse extended attribute '%s', ignoring: %m", p);
676 if (r <= 0)
677 break;
678
679 r = specifier_printf(xattr, specifier_table, NULL, &xattr_replaced);
680 if (r < 0)
681 return log_error_errno(r, "Failed to replace specifiers in extended attribute '%s': %m", xattr);
682
683 r = split_pair(xattr_replaced, "=", &name, &value);
684 if (r < 0) {
685 log_warning_errno(r, "Failed to parse extended attribute, ignoring: %s", xattr);
686 continue;
687 }
688
689 if (isempty(name) || isempty(value)) {
690 log_warning("Malformed extended attribute found, ignoring: %s", xattr);
691 continue;
692 }
693
694 if (strv_push_pair(&i->xattrs, name, value) < 0)
695 return log_oom();
696
697 name = value = NULL;
698 }
699
700 return 0;
701 }
702
703 static int path_set_xattrs(Item *i, const char *path) {
704 char **name, **value;
705
706 assert(i);
707 assert(path);
708
709 STRV_FOREACH_PAIR(name, value, i->xattrs) {
710 int n;
711
712 n = strlen(*value);
713 log_debug("Setting extended attribute '%s=%s' on %s.", *name, *value, path);
714 if (lsetxattr(path, *name, *value, n, 0) < 0) {
715 log_error("Setting extended attribute %s=%s on %s failed: %m", *name, *value, path);
716 return -errno;
717 }
718 }
719 return 0;
720 }
721
722 static int parse_acls_from_arg(Item *item) {
723 #ifdef HAVE_ACL
724 int r;
725
726 assert(item);
727
728 /* If force (= modify) is set, we will not modify the acl
729 * afterwards, so the mask can be added now if necessary. */
730
731 r = parse_acl(item->argument, &item->acl_access, &item->acl_default, !item->force);
732 if (r < 0)
733 log_warning_errno(r, "Failed to parse ACL \"%s\": %m. Ignoring", item->argument);
734 #else
735 log_warning_errno(ENOSYS, "ACLs are not supported. Ignoring");
736 #endif
737
738 return 0;
739 }
740
741 #ifdef HAVE_ACL
742 static int path_set_acl(const char *path, const char *pretty, acl_type_t type, acl_t acl, bool modify) {
743 _cleanup_(acl_free_charpp) char *t = NULL;
744 _cleanup_(acl_freep) acl_t dup = NULL;
745 int r;
746
747 /* Returns 0 for success, positive error if already warned,
748 * negative error otherwise. */
749
750 if (modify) {
751 r = acls_for_file(path, type, acl, &dup);
752 if (r < 0)
753 return r;
754
755 r = calc_acl_mask_if_needed(&dup);
756 if (r < 0)
757 return r;
758 } else {
759 dup = acl_dup(acl);
760 if (!dup)
761 return -errno;
762
763 /* the mask was already added earlier if needed */
764 }
765
766 r = add_base_acls_if_needed(&dup, path);
767 if (r < 0)
768 return r;
769
770 t = acl_to_any_text(dup, NULL, ',', TEXT_ABBREVIATE);
771 log_debug("Setting %s ACL %s on %s.",
772 type == ACL_TYPE_ACCESS ? "access" : "default",
773 strna(t), pretty);
774
775 r = acl_set_file(path, type, dup);
776 if (r < 0)
777 /* Return positive to indicate we already warned */
778 return -log_error_errno(errno,
779 "Setting %s ACL \"%s\" on %s failed: %m",
780 type == ACL_TYPE_ACCESS ? "access" : "default",
781 strna(t), pretty);
782
783 return 0;
784 }
785 #endif
786
787 static int path_set_acls(Item *item, const char *path) {
788 int r = 0;
789 #ifdef HAVE_ACL
790 char fn[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
791 _cleanup_close_ int fd = -1;
792 struct stat st;
793
794 assert(item);
795 assert(path);
796
797 fd = open(path, O_RDONLY|O_NOFOLLOW|O_CLOEXEC|O_PATH|O_NOATIME);
798 if (fd < 0)
799 return log_error_errno(errno, "Adjusting ACL of %s failed: %m", path);
800
801 if (fstatat(fd, "", &st, AT_EMPTY_PATH) < 0)
802 return log_error_errno(errno, "Failed to fstat() file %s: %m", path);
803
804 if (S_ISLNK(st.st_mode)) {
805 log_debug("Skipping ACL fix for symlink %s.", path);
806 return 0;
807 }
808
809 xsprintf(fn, "/proc/self/fd/%i", fd);
810
811 if (item->acl_access)
812 r = path_set_acl(fn, path, ACL_TYPE_ACCESS, item->acl_access, item->force);
813
814 if (r == 0 && item->acl_default)
815 r = path_set_acl(fn, path, ACL_TYPE_DEFAULT, item->acl_default, item->force);
816
817 if (r > 0)
818 return -r; /* already warned */
819 else if (r == -EOPNOTSUPP) {
820 log_debug_errno(r, "ACLs not supported by file system at %s", path);
821 return 0;
822 } else if (r < 0)
823 log_error_errno(r, "ACL operation on \"%s\" failed: %m", path);
824 #endif
825 return r;
826 }
827
828 #define ATTRIBUTES_ALL \
829 (FS_NOATIME_FL | \
830 FS_SYNC_FL | \
831 FS_DIRSYNC_FL | \
832 FS_APPEND_FL | \
833 FS_COMPR_FL | \
834 FS_NODUMP_FL | \
835 FS_EXTENT_FL | \
836 FS_IMMUTABLE_FL | \
837 FS_JOURNAL_DATA_FL | \
838 FS_SECRM_FL | \
839 FS_UNRM_FL | \
840 FS_NOTAIL_FL | \
841 FS_TOPDIR_FL | \
842 FS_NOCOW_FL)
843
844 static int parse_attribute_from_arg(Item *item) {
845
846 static const struct {
847 char character;
848 unsigned value;
849 } attributes[] = {
850 { 'A', FS_NOATIME_FL }, /* do not update atime */
851 { 'S', FS_SYNC_FL }, /* Synchronous updates */
852 { 'D', FS_DIRSYNC_FL }, /* dirsync behaviour (directories only) */
853 { 'a', FS_APPEND_FL }, /* writes to file may only append */
854 { 'c', FS_COMPR_FL }, /* Compress file */
855 { 'd', FS_NODUMP_FL }, /* do not dump file */
856 { 'e', FS_EXTENT_FL }, /* Top of directory hierarchies*/
857 { 'i', FS_IMMUTABLE_FL }, /* Immutable file */
858 { 'j', FS_JOURNAL_DATA_FL }, /* Reserved for ext3 */
859 { 's', FS_SECRM_FL }, /* Secure deletion */
860 { 'u', FS_UNRM_FL }, /* Undelete */
861 { 't', FS_NOTAIL_FL }, /* file tail should not be merged */
862 { 'T', FS_TOPDIR_FL }, /* Top of directory hierarchies*/
863 { 'C', FS_NOCOW_FL }, /* Do not cow file */
864 };
865
866 enum {
867 MODE_ADD,
868 MODE_DEL,
869 MODE_SET
870 } mode = MODE_ADD;
871
872 unsigned value = 0, mask = 0;
873 const char *p;
874
875 assert(item);
876
877 p = item->argument;
878 if (p) {
879 if (*p == '+') {
880 mode = MODE_ADD;
881 p++;
882 } else if (*p == '-') {
883 mode = MODE_DEL;
884 p++;
885 } else if (*p == '=') {
886 mode = MODE_SET;
887 p++;
888 }
889 }
890
891 if (isempty(p) && mode != MODE_SET) {
892 log_error("Setting file attribute on '%s' needs an attribute specification.", item->path);
893 return -EINVAL;
894 }
895
896 for (; p && *p ; p++) {
897 unsigned i, v;
898
899 for (i = 0; i < ELEMENTSOF(attributes); i++)
900 if (*p == attributes[i].character)
901 break;
902
903 if (i >= ELEMENTSOF(attributes)) {
904 log_error("Unknown file attribute '%c' on '%s'.", *p, item->path);
905 return -EINVAL;
906 }
907
908 v = attributes[i].value;
909
910 if (mode == MODE_ADD || mode == MODE_SET)
911 value |= v;
912 else
913 value &= ~v;
914
915 mask |= v;
916 }
917
918 if (mode == MODE_SET)
919 mask |= ATTRIBUTES_ALL;
920
921 assert(mask != 0);
922
923 item->attribute_mask = mask;
924 item->attribute_value = value;
925 item->attribute_set = true;
926
927 return 0;
928 }
929
930 static int path_set_attribute(Item *item, const char *path) {
931 _cleanup_close_ int fd = -1;
932 struct stat st;
933 unsigned f;
934 int r;
935
936 if (!item->attribute_set || item->attribute_mask == 0)
937 return 0;
938
939 fd = open(path, O_RDONLY|O_NONBLOCK|O_CLOEXEC|O_NOATIME|O_NOFOLLOW);
940 if (fd < 0) {
941 if (errno == ELOOP)
942 return log_error_errno(errno, "Skipping file attributes adjustment on symlink %s.", path);
943
944 return log_error_errno(errno, "Cannot open '%s': %m", path);
945 }
946
947 if (fstat(fd, &st) < 0)
948 return log_error_errno(errno, "Cannot stat '%s': %m", path);
949
950 /* Issuing the file attribute ioctls on device nodes is not
951 * safe, as that will be delivered to the drivers, not the
952 * file system containing the device node. */
953 if (!S_ISREG(st.st_mode) && !S_ISDIR(st.st_mode)) {
954 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path);
955 return -EINVAL;
956 }
957
958 f = item->attribute_value & item->attribute_mask;
959
960 /* Mask away directory-specific flags */
961 if (!S_ISDIR(st.st_mode))
962 f &= ~FS_DIRSYNC_FL;
963
964 r = chattr_fd(fd, f, item->attribute_mask);
965 if (r < 0)
966 log_full_errno(r == -ENOTTY ? LOG_DEBUG : LOG_WARNING,
967 r,
968 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
969 path, item->attribute_value, item->attribute_mask);
970
971 return 0;
972 }
973
974 static int write_one_file(Item *i, const char *path) {
975 _cleanup_close_ int fd = -1;
976 int flags, r = 0;
977 struct stat st;
978
979 assert(i);
980 assert(path);
981
982 flags = i->type == CREATE_FILE ? O_CREAT|O_APPEND|O_NOFOLLOW :
983 i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC|O_NOFOLLOW : 0;
984
985 RUN_WITH_UMASK(0000) {
986 mac_selinux_create_file_prepare(path, S_IFREG);
987 fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode);
988 mac_selinux_create_file_clear();
989 }
990
991 if (fd < 0) {
992 if (i->type == WRITE_FILE && errno == ENOENT) {
993 log_debug_errno(errno, "Not writing \"%s\": %m", path);
994 return 0;
995 }
996
997 r = -errno;
998 if (!i->argument && errno == EROFS && stat(path, &st) == 0 &&
999 (i->type == CREATE_FILE || st.st_size == 0))
1000 goto check_mode;
1001
1002 return log_error_errno(r, "Failed to create file %s: %m", path);
1003 }
1004
1005 if (i->argument) {
1006 _cleanup_free_ char *unescaped = NULL, *replaced = NULL;
1007
1008 log_debug("%s to \"%s\".", i->type == CREATE_FILE ? "Appending" : "Writing", path);
1009
1010 r = cunescape(i->argument, 0, &unescaped);
1011 if (r < 0)
1012 return log_error_errno(r, "Failed to unescape parameter to write: %s", i->argument);
1013
1014 r = specifier_printf(unescaped, specifier_table, NULL, &replaced);
1015 if (r < 0)
1016 return log_error_errno(r, "Failed to replace specifiers in parameter to write '%s': %m", unescaped);
1017
1018 r = loop_write(fd, replaced, strlen(replaced), false);
1019 if (r < 0)
1020 return log_error_errno(r, "Failed to write file \"%s\": %m", path);
1021 } else
1022 log_debug("\"%s\" has been created.", path);
1023
1024 fd = safe_close(fd);
1025
1026 if (stat(path, &st) < 0)
1027 return log_error_errno(errno, "stat(%s) failed: %m", path);
1028
1029 check_mode:
1030 if (!S_ISREG(st.st_mode)) {
1031 log_error("%s is not a file.", path);
1032 return -EEXIST;
1033 }
1034
1035 r = path_set_perms(i, path);
1036 if (r < 0)
1037 return r;
1038
1039 return 0;
1040 }
1041
1042 typedef int (*action_t)(Item *, const char *);
1043
1044 static int item_do_children(Item *i, const char *path, action_t action) {
1045 _cleanup_closedir_ DIR *d;
1046 int r = 0;
1047
1048 assert(i);
1049 assert(path);
1050
1051 /* This returns the first error we run into, but nevertheless
1052 * tries to go on */
1053
1054 d = opendir_nomod(path);
1055 if (!d)
1056 return errno == ENOENT || errno == ENOTDIR ? 0 : -errno;
1057
1058 for (;;) {
1059 _cleanup_free_ char *p = NULL;
1060 struct dirent *de;
1061 int q;
1062
1063 errno = 0;
1064 de = readdir(d);
1065 if (!de) {
1066 if (errno != 0 && r == 0)
1067 r = -errno;
1068
1069 break;
1070 }
1071
1072 if (STR_IN_SET(de->d_name, ".", ".."))
1073 continue;
1074
1075 p = strjoin(path, "/", de->d_name, NULL);
1076 if (!p)
1077 return -ENOMEM;
1078
1079 q = action(i, p);
1080 if (q < 0 && q != -ENOENT && r == 0)
1081 r = q;
1082
1083 if (IN_SET(de->d_type, DT_UNKNOWN, DT_DIR)) {
1084 q = item_do_children(i, p, action);
1085 if (q < 0 && r == 0)
1086 r = q;
1087 }
1088 }
1089
1090 return r;
1091 }
1092
1093 static int glob_item(Item *i, action_t action, bool recursive) {
1094 _cleanup_globfree_ glob_t g = {
1095 .gl_closedir = (void (*)(void *)) closedir,
1096 .gl_readdir = (struct dirent *(*)(void *)) readdir,
1097 .gl_opendir = (void *(*)(const char *)) opendir_nomod,
1098 .gl_lstat = lstat,
1099 .gl_stat = stat,
1100 };
1101 int r = 0, k;
1102 char **fn;
1103
1104 errno = 0;
1105 k = glob(i->path, GLOB_NOSORT|GLOB_BRACE|GLOB_ALTDIRFUNC, NULL, &g);
1106 if (k != 0 && k != GLOB_NOMATCH)
1107 return log_error_errno(errno ?: EIO, "glob(%s) failed: %m", i->path);
1108
1109 STRV_FOREACH(fn, g.gl_pathv) {
1110 k = action(i, *fn);
1111 if (k < 0 && r == 0)
1112 r = k;
1113
1114 if (recursive) {
1115 k = item_do_children(i, *fn, action);
1116 if (k < 0 && r == 0)
1117 r = k;
1118 }
1119 }
1120
1121 return r;
1122 }
1123
1124 typedef enum {
1125 CREATION_NORMAL,
1126 CREATION_EXISTING,
1127 CREATION_FORCE,
1128 _CREATION_MODE_MAX,
1129 _CREATION_MODE_INVALID = -1
1130 } CreationMode;
1131
1132 static const char *creation_mode_verb_table[_CREATION_MODE_MAX] = {
1133 [CREATION_NORMAL] = "Created",
1134 [CREATION_EXISTING] = "Found existing",
1135 [CREATION_FORCE] = "Created replacement",
1136 };
1137
1138 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb, CreationMode);
1139
1140 static int create_item(Item *i) {
1141 _cleanup_free_ char *resolved = NULL;
1142 struct stat st;
1143 int r = 0;
1144 CreationMode creation;
1145
1146 assert(i);
1147
1148 log_debug("Running create action for entry %c %s", (char) i->type, i->path);
1149
1150 switch (i->type) {
1151
1152 case IGNORE_PATH:
1153 case IGNORE_DIRECTORY_PATH:
1154 case REMOVE_PATH:
1155 case RECURSIVE_REMOVE_PATH:
1156 return 0;
1157
1158 case CREATE_FILE:
1159 case TRUNCATE_FILE:
1160 r = write_one_file(i, i->path);
1161 if (r < 0)
1162 return r;
1163 break;
1164
1165 case COPY_FILES: {
1166 r = specifier_printf(i->argument, specifier_table, NULL, &resolved);
1167 if (r < 0)
1168 return log_error_errno(r, "Failed to substitute specifiers in copy source %s: %m", i->argument);
1169
1170 log_debug("Copying tree \"%s\" to \"%s\".", resolved, i->path);
1171 r = copy_tree(resolved, i->path, false);
1172
1173 if (r == -EROFS && stat(i->path, &st) == 0)
1174 r = -EEXIST;
1175
1176 if (r < 0) {
1177 struct stat a, b;
1178
1179 if (r != -EEXIST)
1180 return log_error_errno(r, "Failed to copy files to %s: %m", i->path);
1181
1182 if (stat(resolved, &a) < 0)
1183 return log_error_errno(errno, "stat(%s) failed: %m", resolved);
1184
1185 if (stat(i->path, &b) < 0)
1186 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1187
1188 if ((a.st_mode ^ b.st_mode) & S_IFMT) {
1189 log_debug("Can't copy to %s, file exists already and is of different type", i->path);
1190 return 0;
1191 }
1192 }
1193
1194 r = path_set_perms(i, i->path);
1195 if (r < 0)
1196 return r;
1197
1198 break;
1199
1200 case WRITE_FILE:
1201 r = glob_item(i, write_one_file, false);
1202 if (r < 0)
1203 return r;
1204
1205 break;
1206
1207 case CREATE_DIRECTORY:
1208 case TRUNCATE_DIRECTORY:
1209 case CREATE_SUBVOLUME:
1210 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1211 case CREATE_SUBVOLUME_NEW_QUOTA:
1212
1213 RUN_WITH_UMASK(0000)
1214 mkdir_parents_label(i->path, 0755);
1215
1216 if (IN_SET(i->type, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA)) {
1217 RUN_WITH_UMASK((~i->mode) & 0777)
1218 r = btrfs_subvol_make(i->path);
1219 } else
1220 r = 0;
1221
1222 if (IN_SET(i->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY) || r == -ENOTTY)
1223 RUN_WITH_UMASK(0000)
1224 r = mkdir_label(i->path, i->mode);
1225
1226 if (r < 0) {
1227 int k;
1228
1229 if (r != -EEXIST && r != -EROFS)
1230 return log_error_errno(r, "Failed to create directory or subvolume \"%s\": %m", i->path);
1231
1232 k = is_dir(i->path, false);
1233 if (k == -ENOENT && r == -EROFS)
1234 return log_error_errno(r, "%s does not exist and cannot be created as the file system is read-only.", i->path);
1235 if (k < 0)
1236 return log_error_errno(k, "Failed to check if %s exists: %m", i->path);
1237 if (!k) {
1238 log_warning("\"%s\" already exists and is not a directory.", i->path);
1239 return 0;
1240 }
1241
1242 creation = CREATION_EXISTING;
1243 } else
1244 creation = CREATION_NORMAL;
1245
1246 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation), i->path);
1247
1248 if (IN_SET(i->type, CREATE_SUBVOLUME_NEW_QUOTA, CREATE_SUBVOLUME_INHERIT_QUOTA)) {
1249 r = btrfs_subvol_auto_qgroup(i->path, 0, i->type == CREATE_SUBVOLUME_NEW_QUOTA);
1250 if (r == -ENOTTY) {
1251 log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" because of unsupported file system or because directory is not a subvolume: %m", i->path);
1252 return 0;
1253 }
1254 if (r == -EROFS) {
1255 log_debug_errno(r, "Couldn't adjust quota for subvolume \"%s\" because of read-only file system: %m", i->path);
1256 return 0;
1257 }
1258 if (r < 0)
1259 return log_error_errno(r, "Failed to adjust quota for subvolume \"%s\": %m", i->path);
1260 if (r > 0)
1261 log_debug("Adjusted quota for subvolume \"%s\".", i->path);
1262 if (r == 0)
1263 log_debug("Quota for subvolume \"%s\" already in place, no change made.", i->path);
1264 }
1265
1266 r = path_set_perms(i, i->path);
1267 if (r < 0)
1268 return r;
1269
1270 break;
1271
1272 case CREATE_FIFO:
1273
1274 RUN_WITH_UMASK(0000) {
1275 mac_selinux_create_file_prepare(i->path, S_IFIFO);
1276 r = mkfifo(i->path, i->mode);
1277 mac_selinux_create_file_clear();
1278 }
1279
1280 if (r < 0) {
1281 if (errno != EEXIST)
1282 return log_error_errno(errno, "Failed to create fifo %s: %m", i->path);
1283
1284 if (lstat(i->path, &st) < 0)
1285 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1286
1287 if (!S_ISFIFO(st.st_mode)) {
1288
1289 if (i->force) {
1290 RUN_WITH_UMASK(0000) {
1291 mac_selinux_create_file_prepare(i->path, S_IFIFO);
1292 r = mkfifo_atomic(i->path, i->mode);
1293 mac_selinux_create_file_clear();
1294 }
1295
1296 if (r < 0)
1297 return log_error_errno(r, "Failed to create fifo %s: %m", i->path);
1298 creation = CREATION_FORCE;
1299 } else {
1300 log_warning("\"%s\" already exists and is not a fifo.", i->path);
1301 return 0;
1302 }
1303 } else
1304 creation = CREATION_EXISTING;
1305 } else
1306 creation = CREATION_NORMAL;
1307 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation), i->path);
1308
1309 r = path_set_perms(i, i->path);
1310 if (r < 0)
1311 return r;
1312
1313 break;
1314 }
1315
1316 case CREATE_SYMLINK: {
1317 r = specifier_printf(i->argument, specifier_table, NULL, &resolved);
1318 if (r < 0)
1319 return log_error_errno(r, "Failed to substitute specifiers in symlink target %s: %m", i->argument);
1320
1321 mac_selinux_create_file_prepare(i->path, S_IFLNK);
1322 r = symlink(resolved, i->path);
1323 mac_selinux_create_file_clear();
1324
1325 if (r < 0) {
1326 _cleanup_free_ char *x = NULL;
1327
1328 if (errno != EEXIST)
1329 return log_error_errno(errno, "symlink(%s, %s) failed: %m", resolved, i->path);
1330
1331 r = readlink_malloc(i->path, &x);
1332 if (r < 0 || !streq(resolved, x)) {
1333
1334 if (i->force) {
1335 mac_selinux_create_file_prepare(i->path, S_IFLNK);
1336 r = symlink_atomic(resolved, i->path);
1337 mac_selinux_create_file_clear();
1338
1339 if (r < 0)
1340 return log_error_errno(r, "symlink(%s, %s) failed: %m", resolved, i->path);
1341
1342 creation = CREATION_FORCE;
1343 } else {
1344 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i->path);
1345 return 0;
1346 }
1347 } else
1348 creation = CREATION_EXISTING;
1349 } else
1350
1351 creation = CREATION_NORMAL;
1352 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation), i->path);
1353 break;
1354 }
1355
1356 case CREATE_BLOCK_DEVICE:
1357 case CREATE_CHAR_DEVICE: {
1358 mode_t file_type;
1359
1360 if (have_effective_cap(CAP_MKNOD) == 0) {
1361 /* In a container we lack CAP_MKNOD. We
1362 shouldn't attempt to create the device node in
1363 that case to avoid noise, and we don't support
1364 virtualized devices in containers anyway. */
1365
1366 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i->path);
1367 return 0;
1368 }
1369
1370 file_type = i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR;
1371
1372 RUN_WITH_UMASK(0000) {
1373 mac_selinux_create_file_prepare(i->path, file_type);
1374 r = mknod(i->path, i->mode | file_type, i->major_minor);
1375 mac_selinux_create_file_clear();
1376 }
1377
1378 if (r < 0) {
1379 if (errno == EPERM) {
1380 log_debug("We lack permissions, possibly because of cgroup configuration; "
1381 "skipping creation of device node %s.", i->path);
1382 return 0;
1383 }
1384
1385 if (errno != EEXIST)
1386 return log_error_errno(errno, "Failed to create device node %s: %m", i->path);
1387
1388 if (lstat(i->path, &st) < 0)
1389 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1390
1391 if ((st.st_mode & S_IFMT) != file_type) {
1392
1393 if (i->force) {
1394
1395 RUN_WITH_UMASK(0000) {
1396 mac_selinux_create_file_prepare(i->path, file_type);
1397 r = mknod_atomic(i->path, i->mode | file_type, i->major_minor);
1398 mac_selinux_create_file_clear();
1399 }
1400
1401 if (r < 0)
1402 return log_error_errno(r, "Failed to create device node \"%s\": %m", i->path);
1403 creation = CREATION_FORCE;
1404 } else {
1405 log_debug("%s is not a device node.", i->path);
1406 return 0;
1407 }
1408 } else
1409 creation = CREATION_EXISTING;
1410 } else
1411 creation = CREATION_NORMAL;
1412
1413 log_debug("%s %s device node \"%s\" %u:%u.",
1414 creation_mode_verb_to_string(creation),
1415 i->type == CREATE_BLOCK_DEVICE ? "block" : "char",
1416 i->path, major(i->mode), minor(i->mode));
1417
1418 r = path_set_perms(i, i->path);
1419 if (r < 0)
1420 return r;
1421
1422 break;
1423 }
1424
1425 case ADJUST_MODE:
1426 case RELABEL_PATH:
1427 r = glob_item(i, path_set_perms, false);
1428 if (r < 0)
1429 return r;
1430 break;
1431
1432 case RECURSIVE_RELABEL_PATH:
1433 r = glob_item(i, path_set_perms, true);
1434 if (r < 0)
1435 return r;
1436 break;
1437
1438 case SET_XATTR:
1439 r = glob_item(i, path_set_xattrs, false);
1440 if (r < 0)
1441 return r;
1442 break;
1443
1444 case RECURSIVE_SET_XATTR:
1445 r = glob_item(i, path_set_xattrs, true);
1446 if (r < 0)
1447 return r;
1448 break;
1449
1450 case SET_ACL:
1451 r = glob_item(i, path_set_acls, false);
1452 if (r < 0)
1453 return r;
1454 break;
1455
1456 case RECURSIVE_SET_ACL:
1457 r = glob_item(i, path_set_acls, true);
1458 if (r < 0)
1459 return r;
1460 break;
1461
1462 case SET_ATTRIBUTE:
1463 r = glob_item(i, path_set_attribute, false);
1464 if (r < 0)
1465 return r;
1466 break;
1467
1468 case RECURSIVE_SET_ATTRIBUTE:
1469 r = glob_item(i, path_set_attribute, true);
1470 if (r < 0)
1471 return r;
1472 break;
1473 }
1474
1475 return 0;
1476 }
1477
1478 static int remove_item_instance(Item *i, const char *instance) {
1479 int r;
1480
1481 assert(i);
1482
1483 switch (i->type) {
1484
1485 case REMOVE_PATH:
1486 if (remove(instance) < 0 && errno != ENOENT)
1487 return log_error_errno(errno, "rm(%s): %m", instance);
1488
1489 break;
1490
1491 case TRUNCATE_DIRECTORY:
1492 case RECURSIVE_REMOVE_PATH:
1493 /* FIXME: we probably should use dir_cleanup() here
1494 * instead of rm_rf() so that 'x' is honoured. */
1495 log_debug("rm -rf \"%s\"", instance);
1496 r = rm_rf(instance, (i->type == RECURSIVE_REMOVE_PATH ? REMOVE_ROOT|REMOVE_SUBVOLUME : 0) | REMOVE_PHYSICAL);
1497 if (r < 0 && r != -ENOENT)
1498 return log_error_errno(r, "rm_rf(%s): %m", instance);
1499
1500 break;
1501
1502 default:
1503 assert_not_reached("wut?");
1504 }
1505
1506 return 0;
1507 }
1508
1509 static int remove_item(Item *i) {
1510 int r = 0;
1511
1512 assert(i);
1513
1514 log_debug("Running remove action for entry %c %s", (char) i->type, i->path);
1515
1516 switch (i->type) {
1517
1518 case CREATE_FILE:
1519 case TRUNCATE_FILE:
1520 case CREATE_DIRECTORY:
1521 case CREATE_SUBVOLUME:
1522 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1523 case CREATE_SUBVOLUME_NEW_QUOTA:
1524 case CREATE_FIFO:
1525 case CREATE_SYMLINK:
1526 case CREATE_CHAR_DEVICE:
1527 case CREATE_BLOCK_DEVICE:
1528 case IGNORE_PATH:
1529 case IGNORE_DIRECTORY_PATH:
1530 case ADJUST_MODE:
1531 case RELABEL_PATH:
1532 case RECURSIVE_RELABEL_PATH:
1533 case WRITE_FILE:
1534 case COPY_FILES:
1535 case SET_XATTR:
1536 case RECURSIVE_SET_XATTR:
1537 case SET_ACL:
1538 case RECURSIVE_SET_ACL:
1539 case SET_ATTRIBUTE:
1540 case RECURSIVE_SET_ATTRIBUTE:
1541 break;
1542
1543 case REMOVE_PATH:
1544 case TRUNCATE_DIRECTORY:
1545 case RECURSIVE_REMOVE_PATH:
1546 r = glob_item(i, remove_item_instance, false);
1547 break;
1548 }
1549
1550 return r;
1551 }
1552
1553 static int clean_item_instance(Item *i, const char* instance) {
1554 _cleanup_closedir_ DIR *d = NULL;
1555 struct stat s, ps;
1556 bool mountpoint;
1557 usec_t cutoff, n;
1558 char timestamp[FORMAT_TIMESTAMP_MAX];
1559
1560 assert(i);
1561
1562 if (!i->age_set)
1563 return 0;
1564
1565 n = now(CLOCK_REALTIME);
1566 if (n < i->age)
1567 return 0;
1568
1569 cutoff = n - i->age;
1570
1571 d = opendir_nomod(instance);
1572 if (!d) {
1573 if (errno == ENOENT || errno == ENOTDIR) {
1574 log_debug_errno(errno, "Directory \"%s\": %m", instance);
1575 return 0;
1576 }
1577
1578 log_error_errno(errno, "Failed to open directory %s: %m", instance);
1579 return -errno;
1580 }
1581
1582 if (fstat(dirfd(d), &s) < 0)
1583 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
1584
1585 if (!S_ISDIR(s.st_mode)) {
1586 log_error("%s is not a directory.", i->path);
1587 return -ENOTDIR;
1588 }
1589
1590 if (fstatat(dirfd(d), "..", &ps, AT_SYMLINK_NOFOLLOW) != 0)
1591 return log_error_errno(errno, "stat(%s/..) failed: %m", i->path);
1592
1593 mountpoint = s.st_dev != ps.st_dev || s.st_ino == ps.st_ino;
1594
1595 log_debug("Cleanup threshold for %s \"%s\" is %s",
1596 mountpoint ? "mount point" : "directory",
1597 instance,
1598 format_timestamp_us(timestamp, sizeof(timestamp), cutoff));
1599
1600 return dir_cleanup(i, instance, d, &s, cutoff, s.st_dev, mountpoint,
1601 MAX_DEPTH, i->keep_first_level);
1602 }
1603
1604 static int clean_item(Item *i) {
1605 int r = 0;
1606
1607 assert(i);
1608
1609 log_debug("Running clean action for entry %c %s", (char) i->type, i->path);
1610
1611 switch (i->type) {
1612 case CREATE_DIRECTORY:
1613 case CREATE_SUBVOLUME:
1614 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1615 case CREATE_SUBVOLUME_NEW_QUOTA:
1616 case TRUNCATE_DIRECTORY:
1617 case IGNORE_PATH:
1618 case COPY_FILES:
1619 clean_item_instance(i, i->path);
1620 break;
1621 case IGNORE_DIRECTORY_PATH:
1622 r = glob_item(i, clean_item_instance, false);
1623 break;
1624 default:
1625 break;
1626 }
1627
1628 return r;
1629 }
1630
1631 static int process_item_array(ItemArray *array);
1632
1633 static int process_item(Item *i) {
1634 int r, q, p, t = 0;
1635 _cleanup_free_ char *prefix = NULL;
1636
1637 assert(i);
1638
1639 if (i->done)
1640 return 0;
1641
1642 i->done = true;
1643
1644 prefix = malloc(strlen(i->path) + 1);
1645 if (!prefix)
1646 return log_oom();
1647
1648 PATH_FOREACH_PREFIX(prefix, i->path) {
1649 ItemArray *j;
1650
1651 j = ordered_hashmap_get(items, prefix);
1652 if (j) {
1653 int s;
1654
1655 s = process_item_array(j);
1656 if (s < 0 && t == 0)
1657 t = s;
1658 }
1659 }
1660
1661 r = arg_create ? create_item(i) : 0;
1662 q = arg_remove ? remove_item(i) : 0;
1663 p = arg_clean ? clean_item(i) : 0;
1664
1665 return t < 0 ? t :
1666 r < 0 ? r :
1667 q < 0 ? q :
1668 p;
1669 }
1670
1671 static int process_item_array(ItemArray *array) {
1672 unsigned n;
1673 int r = 0, k;
1674
1675 assert(array);
1676
1677 for (n = 0; n < array->count; n++) {
1678 k = process_item(array->items + n);
1679 if (k < 0 && r == 0)
1680 r = k;
1681 }
1682
1683 return r;
1684 }
1685
1686 static void item_free_contents(Item *i) {
1687 assert(i);
1688 free(i->path);
1689 free(i->argument);
1690 strv_free(i->xattrs);
1691
1692 #ifdef HAVE_ACL
1693 acl_free(i->acl_access);
1694 acl_free(i->acl_default);
1695 #endif
1696 }
1697
1698 static void item_array_free(ItemArray *a) {
1699 unsigned n;
1700
1701 if (!a)
1702 return;
1703
1704 for (n = 0; n < a->count; n++)
1705 item_free_contents(a->items + n);
1706 free(a->items);
1707 free(a);
1708 }
1709
1710 static int item_compare(const void *a, const void *b) {
1711 const Item *x = a, *y = b;
1712
1713 /* Make sure that the ownership taking item is put first, so
1714 * that we first create the node, and then can adjust it */
1715
1716 if (takes_ownership(x->type) && !takes_ownership(y->type))
1717 return -1;
1718 if (!takes_ownership(x->type) && takes_ownership(y->type))
1719 return 1;
1720
1721 return (int) x->type - (int) y->type;
1722 }
1723
1724 static bool item_compatible(Item *a, Item *b) {
1725 assert(a);
1726 assert(b);
1727 assert(streq(a->path, b->path));
1728
1729 if (takes_ownership(a->type) && takes_ownership(b->type))
1730 /* check if the items are the same */
1731 return streq_ptr(a->argument, b->argument) &&
1732
1733 a->uid_set == b->uid_set &&
1734 a->uid == b->uid &&
1735
1736 a->gid_set == b->gid_set &&
1737 a->gid == b->gid &&
1738
1739 a->mode_set == b->mode_set &&
1740 a->mode == b->mode &&
1741
1742 a->age_set == b->age_set &&
1743 a->age == b->age &&
1744
1745 a->mask_perms == b->mask_perms &&
1746
1747 a->keep_first_level == b->keep_first_level &&
1748
1749 a->major_minor == b->major_minor;
1750
1751 return true;
1752 }
1753
1754 static bool should_include_path(const char *path) {
1755 char **prefix;
1756
1757 STRV_FOREACH(prefix, arg_exclude_prefixes)
1758 if (path_startswith(path, *prefix)) {
1759 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1760 path, *prefix);
1761 return false;
1762 }
1763
1764 STRV_FOREACH(prefix, arg_include_prefixes)
1765 if (path_startswith(path, *prefix)) {
1766 log_debug("Entry \"%s\" matches include prefix \"%s\".", path, *prefix);
1767 return true;
1768 }
1769
1770 /* no matches, so we should include this path only if we
1771 * have no whitelist at all */
1772 if (strv_length(arg_include_prefixes) == 0)
1773 return true;
1774
1775 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path);
1776 return false;
1777 }
1778
1779 static int parse_line(const char *fname, unsigned line, const char *buffer) {
1780
1781 _cleanup_free_ char *action = NULL, *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
1782 _cleanup_(item_free_contents) Item i = {};
1783 ItemArray *existing;
1784 OrderedHashmap *h;
1785 int r, pos;
1786 bool force = false, boot = false;
1787
1788 assert(fname);
1789 assert(line >= 1);
1790 assert(buffer);
1791
1792 r = extract_many_words(
1793 &buffer,
1794 NULL,
1795 EXTRACT_QUOTES,
1796 &action,
1797 &path,
1798 &mode,
1799 &user,
1800 &group,
1801 &age,
1802 NULL);
1803 if (r < 0)
1804 return log_error_errno(r, "[%s:%u] Failed to parse line: %m", fname, line);
1805 else if (r < 2) {
1806 log_error("[%s:%u] Syntax error.", fname, line);
1807 return -EIO;
1808 }
1809
1810 if (!isempty(buffer) && !streq(buffer, "-")) {
1811 i.argument = strdup(buffer);
1812 if (!i.argument)
1813 return log_oom();
1814 }
1815
1816 if (isempty(action)) {
1817 log_error("[%s:%u] Command too short '%s'.", fname, line, action);
1818 return -EINVAL;
1819 }
1820
1821 for (pos = 1; action[pos]; pos++) {
1822 if (action[pos] == '!' && !boot)
1823 boot = true;
1824 else if (action[pos] == '+' && !force)
1825 force = true;
1826 else {
1827 log_error("[%s:%u] Unknown modifiers in command '%s'",
1828 fname, line, action);
1829 return -EINVAL;
1830 }
1831 }
1832
1833 if (boot && !arg_boot) {
1834 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
1835 action, path);
1836 return 0;
1837 }
1838
1839 i.type = action[0];
1840 i.force = force;
1841
1842 r = specifier_printf(path, specifier_table, NULL, &i.path);
1843 if (r < 0) {
1844 log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, path);
1845 return r;
1846 }
1847
1848 switch (i.type) {
1849
1850 case CREATE_DIRECTORY:
1851 case CREATE_SUBVOLUME:
1852 case CREATE_SUBVOLUME_INHERIT_QUOTA:
1853 case CREATE_SUBVOLUME_NEW_QUOTA:
1854 case TRUNCATE_DIRECTORY:
1855 case CREATE_FIFO:
1856 case IGNORE_PATH:
1857 case IGNORE_DIRECTORY_PATH:
1858 case REMOVE_PATH:
1859 case RECURSIVE_REMOVE_PATH:
1860 case ADJUST_MODE:
1861 case RELABEL_PATH:
1862 case RECURSIVE_RELABEL_PATH:
1863 if (i.argument)
1864 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname, line, i.type);
1865
1866 break;
1867
1868 case CREATE_FILE:
1869 case TRUNCATE_FILE:
1870 break;
1871
1872 case CREATE_SYMLINK:
1873 if (!i.argument) {
1874 i.argument = strappend("/usr/share/factory/", i.path);
1875 if (!i.argument)
1876 return log_oom();
1877 }
1878 break;
1879
1880 case WRITE_FILE:
1881 if (!i.argument) {
1882 log_error("[%s:%u] Write file requires argument.", fname, line);
1883 return -EBADMSG;
1884 }
1885 break;
1886
1887 case COPY_FILES:
1888 if (!i.argument) {
1889 i.argument = strappend("/usr/share/factory/", i.path);
1890 if (!i.argument)
1891 return log_oom();
1892 } else if (!path_is_absolute(i.argument)) {
1893 log_error("[%s:%u] Source path is not absolute.", fname, line);
1894 return -EBADMSG;
1895 }
1896
1897 path_kill_slashes(i.argument);
1898 break;
1899
1900 case CREATE_CHAR_DEVICE:
1901 case CREATE_BLOCK_DEVICE: {
1902 unsigned major, minor;
1903
1904 if (!i.argument) {
1905 log_error("[%s:%u] Device file requires argument.", fname, line);
1906 return -EBADMSG;
1907 }
1908
1909 if (sscanf(i.argument, "%u:%u", &major, &minor) != 2) {
1910 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname, line, i.argument);
1911 return -EBADMSG;
1912 }
1913
1914 i.major_minor = makedev(major, minor);
1915 break;
1916 }
1917
1918 case SET_XATTR:
1919 case RECURSIVE_SET_XATTR:
1920 if (!i.argument) {
1921 log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
1922 return -EBADMSG;
1923 }
1924 r = parse_xattrs_from_arg(&i);
1925 if (r < 0)
1926 return r;
1927 break;
1928
1929 case SET_ACL:
1930 case RECURSIVE_SET_ACL:
1931 if (!i.argument) {
1932 log_error("[%s:%u] Set ACLs requires argument.", fname, line);
1933 return -EBADMSG;
1934 }
1935 r = parse_acls_from_arg(&i);
1936 if (r < 0)
1937 return r;
1938 break;
1939
1940 case SET_ATTRIBUTE:
1941 case RECURSIVE_SET_ATTRIBUTE:
1942 if (!i.argument) {
1943 log_error("[%s:%u] Set file attribute requires argument.", fname, line);
1944 return -EBADMSG;
1945 }
1946 r = parse_attribute_from_arg(&i);
1947 if (r < 0)
1948 return r;
1949 break;
1950
1951 default:
1952 log_error("[%s:%u] Unknown command type '%c'.", fname, line, (char) i.type);
1953 return -EBADMSG;
1954 }
1955
1956 if (!path_is_absolute(i.path)) {
1957 log_error("[%s:%u] Path '%s' not absolute.", fname, line, i.path);
1958 return -EBADMSG;
1959 }
1960
1961 path_kill_slashes(i.path);
1962
1963 if (!should_include_path(i.path))
1964 return 0;
1965
1966 if (arg_root) {
1967 char *p;
1968
1969 p = prefix_root(arg_root, i.path);
1970 if (!p)
1971 return log_oom();
1972
1973 free(i.path);
1974 i.path = p;
1975 }
1976
1977 if (!isempty(user) && !streq(user, "-")) {
1978 const char *u = user;
1979
1980 r = get_user_creds(&u, &i.uid, NULL, NULL, NULL);
1981 if (r < 0) {
1982 log_error("[%s:%u] Unknown user '%s'.", fname, line, user);
1983 return r;
1984 }
1985
1986 i.uid_set = true;
1987 }
1988
1989 if (!isempty(group) && !streq(group, "-")) {
1990 const char *g = group;
1991
1992 r = get_group_creds(&g, &i.gid);
1993 if (r < 0) {
1994 log_error("[%s:%u] Unknown group '%s'.", fname, line, group);
1995 return r;
1996 }
1997
1998 i.gid_set = true;
1999 }
2000
2001 if (!isempty(mode) && !streq(mode, "-")) {
2002 const char *mm = mode;
2003 unsigned m;
2004
2005 if (*mm == '~') {
2006 i.mask_perms = true;
2007 mm++;
2008 }
2009
2010 if (parse_mode(mm, &m) < 0) {
2011 log_error("[%s:%u] Invalid mode '%s'.", fname, line, mode);
2012 return -EBADMSG;
2013 }
2014
2015 i.mode = m;
2016 i.mode_set = true;
2017 } else
2018 i.mode = IN_SET(i.type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA) ? 0755 : 0644;
2019
2020 if (!isempty(age) && !streq(age, "-")) {
2021 const char *a = age;
2022
2023 if (*a == '~') {
2024 i.keep_first_level = true;
2025 a++;
2026 }
2027
2028 if (parse_sec(a, &i.age) < 0) {
2029 log_error("[%s:%u] Invalid age '%s'.", fname, line, age);
2030 return -EBADMSG;
2031 }
2032
2033 i.age_set = true;
2034 }
2035
2036 h = needs_glob(i.type) ? globs : items;
2037
2038 existing = ordered_hashmap_get(h, i.path);
2039 if (existing) {
2040 unsigned n;
2041
2042 for (n = 0; n < existing->count; n++) {
2043 if (!item_compatible(existing->items + n, &i)) {
2044 log_warning("[%s:%u] Duplicate line for path \"%s\", ignoring.",
2045 fname, line, i.path);
2046 return 0;
2047 }
2048 }
2049 } else {
2050 existing = new0(ItemArray, 1);
2051 r = ordered_hashmap_put(h, i.path, existing);
2052 if (r < 0)
2053 return log_oom();
2054 }
2055
2056 if (!GREEDY_REALLOC(existing->items, existing->size, existing->count + 1))
2057 return log_oom();
2058
2059 memcpy(existing->items + existing->count++, &i, sizeof(i));
2060
2061 /* Sort item array, to enforce stable ordering of application */
2062 qsort_safe(existing->items, existing->count, sizeof(Item), item_compare);
2063
2064 zero(i);
2065 return 0;
2066 }
2067
2068 static void help(void) {
2069 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
2070 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
2071 " -h --help Show this help\n"
2072 " --version Show package version\n"
2073 " --create Create marked files/directories\n"
2074 " --clean Clean up marked directories\n"
2075 " --remove Remove marked files/directories\n"
2076 " --boot Execute actions only safe at boot\n"
2077 " --prefix=PATH Only apply rules with the specified prefix\n"
2078 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2079 " --root=PATH Operate on an alternate filesystem root\n",
2080 program_invocation_short_name);
2081 }
2082
2083 static int parse_argv(int argc, char *argv[]) {
2084
2085 enum {
2086 ARG_VERSION = 0x100,
2087 ARG_CREATE,
2088 ARG_CLEAN,
2089 ARG_REMOVE,
2090 ARG_BOOT,
2091 ARG_PREFIX,
2092 ARG_EXCLUDE_PREFIX,
2093 ARG_ROOT,
2094 };
2095
2096 static const struct option options[] = {
2097 { "help", no_argument, NULL, 'h' },
2098 { "version", no_argument, NULL, ARG_VERSION },
2099 { "create", no_argument, NULL, ARG_CREATE },
2100 { "clean", no_argument, NULL, ARG_CLEAN },
2101 { "remove", no_argument, NULL, ARG_REMOVE },
2102 { "boot", no_argument, NULL, ARG_BOOT },
2103 { "prefix", required_argument, NULL, ARG_PREFIX },
2104 { "exclude-prefix", required_argument, NULL, ARG_EXCLUDE_PREFIX },
2105 { "root", required_argument, NULL, ARG_ROOT },
2106 {}
2107 };
2108
2109 int c, r;
2110
2111 assert(argc >= 0);
2112 assert(argv);
2113
2114 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
2115
2116 switch (c) {
2117
2118 case 'h':
2119 help();
2120 return 0;
2121
2122 case ARG_VERSION:
2123 return version();
2124
2125 case ARG_CREATE:
2126 arg_create = true;
2127 break;
2128
2129 case ARG_CLEAN:
2130 arg_clean = true;
2131 break;
2132
2133 case ARG_REMOVE:
2134 arg_remove = true;
2135 break;
2136
2137 case ARG_BOOT:
2138 arg_boot = true;
2139 break;
2140
2141 case ARG_PREFIX:
2142 if (strv_push(&arg_include_prefixes, optarg) < 0)
2143 return log_oom();
2144 break;
2145
2146 case ARG_EXCLUDE_PREFIX:
2147 if (strv_push(&arg_exclude_prefixes, optarg) < 0)
2148 return log_oom();
2149 break;
2150
2151 case ARG_ROOT:
2152 r = parse_path_argument_and_warn(optarg, true, &arg_root);
2153 if (r < 0)
2154 return r;
2155 break;
2156
2157 case '?':
2158 return -EINVAL;
2159
2160 default:
2161 assert_not_reached("Unhandled option");
2162 }
2163
2164 if (!arg_clean && !arg_create && !arg_remove) {
2165 log_error("You need to specify at least one of --clean, --create or --remove.");
2166 return -EINVAL;
2167 }
2168
2169 return 1;
2170 }
2171
2172 static int read_config_file(const char *fn, bool ignore_enoent) {
2173 _cleanup_fclose_ FILE *f = NULL;
2174 char line[LINE_MAX];
2175 Iterator iterator;
2176 unsigned v = 0;
2177 Item *i;
2178 int r;
2179
2180 assert(fn);
2181
2182 r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &f);
2183 if (r < 0) {
2184 if (ignore_enoent && r == -ENOENT) {
2185 log_debug_errno(r, "Failed to open \"%s\": %m", fn);
2186 return 0;
2187 }
2188
2189 return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
2190 }
2191 log_debug("Reading config file \"%s\".", fn);
2192
2193 FOREACH_LINE(line, f, break) {
2194 char *l;
2195 int k;
2196
2197 v++;
2198
2199 l = strstrip(line);
2200 if (*l == '#' || *l == 0)
2201 continue;
2202
2203 k = parse_line(fn, v, l);
2204 if (k < 0 && r == 0)
2205 r = k;
2206 }
2207
2208 /* we have to determine age parameter for each entry of type X */
2209 ORDERED_HASHMAP_FOREACH(i, globs, iterator) {
2210 Iterator iter;
2211 Item *j, *candidate_item = NULL;
2212
2213 if (i->type != IGNORE_DIRECTORY_PATH)
2214 continue;
2215
2216 ORDERED_HASHMAP_FOREACH(j, items, iter) {
2217 if (!IN_SET(j->type, CREATE_DIRECTORY, TRUNCATE_DIRECTORY, CREATE_SUBVOLUME, CREATE_SUBVOLUME_INHERIT_QUOTA, CREATE_SUBVOLUME_NEW_QUOTA))
2218 continue;
2219
2220 if (path_equal(j->path, i->path)) {
2221 candidate_item = j;
2222 break;
2223 }
2224
2225 if ((!candidate_item && path_startswith(i->path, j->path)) ||
2226 (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
2227 candidate_item = j;
2228 }
2229
2230 if (candidate_item && candidate_item->age_set) {
2231 i->age = candidate_item->age;
2232 i->age_set = true;
2233 }
2234 }
2235
2236 if (ferror(f)) {
2237 log_error_errno(errno, "Failed to read from file %s: %m", fn);
2238 if (r == 0)
2239 r = -EIO;
2240 }
2241
2242 return r;
2243 }
2244
2245 int main(int argc, char *argv[]) {
2246 int r, k;
2247 ItemArray *a;
2248 Iterator iterator;
2249
2250 r = parse_argv(argc, argv);
2251 if (r <= 0)
2252 goto finish;
2253
2254 log_set_target(LOG_TARGET_AUTO);
2255 log_parse_environment();
2256 log_open();
2257
2258 umask(0022);
2259
2260 mac_selinux_init(NULL);
2261
2262 items = ordered_hashmap_new(&string_hash_ops);
2263 globs = ordered_hashmap_new(&string_hash_ops);
2264
2265 if (!items || !globs) {
2266 r = log_oom();
2267 goto finish;
2268 }
2269
2270 r = 0;
2271
2272 if (optind < argc) {
2273 int j;
2274
2275 for (j = optind; j < argc; j++) {
2276 k = read_config_file(argv[j], false);
2277 if (k < 0 && r == 0)
2278 r = k;
2279 }
2280
2281 } else {
2282 _cleanup_strv_free_ char **files = NULL;
2283 char **f;
2284
2285 r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
2286 if (r < 0) {
2287 log_error_errno(r, "Failed to enumerate tmpfiles.d files: %m");
2288 goto finish;
2289 }
2290
2291 STRV_FOREACH(f, files) {
2292 k = read_config_file(*f, true);
2293 if (k < 0 && r == 0)
2294 r = k;
2295 }
2296 }
2297
2298 /* The non-globbing ones usually create things, hence we apply
2299 * them first */
2300 ORDERED_HASHMAP_FOREACH(a, items, iterator) {
2301 k = process_item_array(a);
2302 if (k < 0 && r == 0)
2303 r = k;
2304 }
2305
2306 /* The globbing ones usually alter things, hence we apply them
2307 * second. */
2308 ORDERED_HASHMAP_FOREACH(a, globs, iterator) {
2309 k = process_item_array(a);
2310 if (k < 0 && r == 0)
2311 r = k;
2312 }
2313
2314 finish:
2315 while ((a = ordered_hashmap_steal_first(items)))
2316 item_array_free(a);
2317
2318 while ((a = ordered_hashmap_steal_first(globs)))
2319 item_array_free(a);
2320
2321 ordered_hashmap_free(items);
2322 ordered_hashmap_free(globs);
2323
2324 free(arg_include_prefixes);
2325 free(arg_exclude_prefixes);
2326 free(arg_root);
2327
2328 set_free_free(unix_sockets);
2329
2330 mac_selinux_finish();
2331
2332 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
2333 }
Unnamed repository; edit this file 'description' to name the repository.