1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering, Kay Sievers
6 Copyright 2015 Zbigniew Jędrzejewski-Szmek
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include <sys/xattr.h>
43 #include "alloc-util.h"
44 #include "btrfs-util.h"
45 #include "capability-util.h"
46 #include "chattr-util.h"
47 #include "conf-files.h"
50 #include "dirent-util.h"
54 #include "format-util.h"
56 #include "glob-util.h"
63 #include "mount-util.h"
64 #include "parse-util.h"
65 #include "path-lookup.h"
66 #include "path-util.h"
68 #include "selinux-util.h"
70 #include "specifier.h"
71 #include "stat-util.h"
72 #include "stdio-util.h"
73 #include "string-table.h"
74 #include "string-util.h"
76 #include "umask-util.h"
77 #include "user-util.h"
80 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
81 * them in the file system. This is intended to be used to create
82 * properly owned directories beneath /tmp, /var/tmp, /run, which are
83 * volatile and hence need to be recreated on bootup. */
85 typedef enum ItemType
{
86 /* These ones take file names */
89 CREATE_DIRECTORY
= 'd',
90 TRUNCATE_DIRECTORY
= 'D',
91 CREATE_SUBVOLUME
= 'v',
92 CREATE_SUBVOLUME_INHERIT_QUOTA
= 'q',
93 CREATE_SUBVOLUME_NEW_QUOTA
= 'Q',
96 CREATE_CHAR_DEVICE
= 'c',
97 CREATE_BLOCK_DEVICE
= 'b',
100 /* These ones take globs */
102 EMPTY_DIRECTORY
= 'e',
104 RECURSIVE_SET_XATTR
= 'T',
106 RECURSIVE_SET_ACL
= 'A',
108 RECURSIVE_SET_ATTRIBUTE
= 'H',
110 IGNORE_DIRECTORY_PATH
= 'X',
112 RECURSIVE_REMOVE_PATH
= 'R',
114 RECURSIVE_RELABEL_PATH
= 'Z',
115 ADJUST_MODE
= 'm', /* legacy, 'z' is identical to this */
118 typedef struct Item
{
134 unsigned attribute_value
;
135 unsigned attribute_mask
;
142 bool attribute_set
:1;
144 bool keep_first_level
:1;
151 typedef struct ItemArray
{
157 typedef enum DirectoryType
{
158 DIRECTORY_RUNTIME
= 0,
165 static bool arg_user
= false;
166 static bool arg_create
= false;
167 static bool arg_clean
= false;
168 static bool arg_remove
= false;
169 static bool arg_boot
= false;
171 static char **arg_include_prefixes
= NULL
;
172 static char **arg_exclude_prefixes
= NULL
;
173 static char *arg_root
= NULL
;
175 #define MAX_DEPTH 256
177 static OrderedHashmap
*items
= NULL
, *globs
= NULL
;
178 static Set
*unix_sockets
= NULL
;
180 static int specifier_machine_id_safe(char specifier
, void *data
, void *userdata
, char **ret
);
181 static int specifier_directory(char specifier
, void *data
, void *userdata
, char **ret
);
183 static const Specifier specifier_table
[] = {
184 { 'm', specifier_machine_id_safe
, NULL
},
185 { 'b', specifier_boot_id
, NULL
},
186 { 'H', specifier_host_name
, NULL
},
187 { 'v', specifier_kernel_release
, NULL
},
189 { 'U', specifier_user_id
, NULL
},
190 { 'u', specifier_user_name
, NULL
},
191 { 'h', specifier_user_home
, NULL
},
192 { 't', specifier_directory
, UINT_TO_PTR(DIRECTORY_RUNTIME
) },
193 { 'S', specifier_directory
, UINT_TO_PTR(DIRECTORY_STATE
) },
194 { 'C', specifier_directory
, UINT_TO_PTR(DIRECTORY_CACHE
) },
195 { 'L', specifier_directory
, UINT_TO_PTR(DIRECTORY_LOGS
) },
199 static int specifier_machine_id_safe(char specifier
, void *data
, void *userdata
, char **ret
) {
202 /* If /etc/machine_id is missing or empty (e.g. in a chroot environment)
203 * return a recognizable error so that the caller can skip the rule
206 r
= specifier_machine_id(specifier
, data
, userdata
, ret
);
207 if (IN_SET(r
, -ENOENT
, -ENOMEDIUM
))
213 static int specifier_directory(char specifier
, void *data
, void *userdata
, char **ret
) {
219 static const struct table_entry paths_system
[] = {
220 [DIRECTORY_RUNTIME
] = { SD_PATH_SYSTEM_RUNTIME
},
221 [DIRECTORY_STATE
] = { SD_PATH_SYSTEM_STATE_PRIVATE
},
222 [DIRECTORY_CACHE
] = { SD_PATH_SYSTEM_STATE_CACHE
},
223 [DIRECTORY_LOGS
] = { SD_PATH_SYSTEM_STATE_LOGS
},
226 static const struct table_entry paths_user
[] = {
227 [DIRECTORY_RUNTIME
] = { SD_PATH_USER_RUNTIME
},
228 [DIRECTORY_STATE
] = { SD_PATH_USER_CONFIGURATION
},
229 [DIRECTORY_CACHE
] = { SD_PATH_USER_STATE_CACHE
},
230 [DIRECTORY_LOGS
] = { SD_PATH_USER_CONFIGURATION
, "log" },
234 const struct table_entry
*paths
;
236 assert_cc(ELEMENTSOF(paths_system
) == ELEMENTSOF(paths_user
));
237 paths
= arg_user
? paths_user
: paths_system
;
239 i
= PTR_TO_UINT(data
);
240 assert(i
< ELEMENTSOF(paths_system
));
242 return sd_path_home(paths
[i
].type
, paths
[i
].suffix
, ret
);
245 static int log_unresolvable_specifier(const char *filename
, unsigned line
) {
246 static bool notified
= false;
248 /* In system mode, this is called when /etc is not fully initialized (e.g.
249 * in a chroot environment) where some specifiers are unresolvable. In user
250 * mode, this is called when some variables are not defined. These cases are
251 * not considered as an error so log at LOG_NOTICE only for the first time
252 * and then downgrade this to LOG_DEBUG for the rest. */
254 log_full(notified
? LOG_DEBUG
: LOG_NOTICE
,
255 "[%s:%u] Failed to resolve specifier: %s, skipping",
257 arg_user
? "Required $XDG_... variable not defined" : "uninitialized /etc detected");
260 log_notice("All rules containing unresolvable specifiers will be skipped.");
266 static int user_config_paths(char*** ret
) {
267 _cleanup_strv_free_
char **config_dirs
= NULL
, **data_dirs
= NULL
;
268 _cleanup_free_
char *persistent_config
= NULL
, *runtime_config
= NULL
, *data_home
= NULL
;
269 _cleanup_strv_free_
char **res
= NULL
;
272 r
= xdg_user_dirs(&config_dirs
, &data_dirs
);
276 r
= xdg_user_config_dir(&persistent_config
, "/user-tmpfiles.d");
277 if (r
< 0 && r
!= -ENXIO
)
280 r
= xdg_user_runtime_dir(&runtime_config
, "/user-tmpfiles.d");
281 if (r
< 0 && r
!= -ENXIO
)
284 r
= xdg_user_data_dir(&data_home
, "/user-tmpfiles.d");
285 if (r
< 0 && r
!= -ENXIO
)
288 r
= strv_extend_strv_concat(&res
, config_dirs
, "/user-tmpfiles.d");
292 r
= strv_extend(&res
, persistent_config
);
296 r
= strv_extend(&res
, runtime_config
);
300 r
= strv_extend(&res
, data_home
);
304 r
= strv_extend_strv_concat(&res
, data_dirs
, "/user-tmpfiles.d");
308 r
= path_strv_make_absolute_cwd(res
);
317 static bool needs_glob(ItemType t
) {
321 IGNORE_DIRECTORY_PATH
,
323 RECURSIVE_REMOVE_PATH
,
327 RECURSIVE_RELABEL_PATH
,
333 RECURSIVE_SET_ATTRIBUTE
);
336 static bool takes_ownership(ItemType t
) {
344 CREATE_SUBVOLUME_INHERIT_QUOTA
,
345 CREATE_SUBVOLUME_NEW_QUOTA
,
353 IGNORE_DIRECTORY_PATH
,
355 RECURSIVE_REMOVE_PATH
);
358 static struct Item
* find_glob(OrderedHashmap
*h
, const char *match
) {
362 ORDERED_HASHMAP_FOREACH(j
, h
, i
) {
365 for (n
= 0; n
< j
->count
; n
++) {
366 Item
*item
= j
->items
+ n
;
368 if (fnmatch(item
->path
, match
, FNM_PATHNAME
|FNM_PERIOD
) == 0)
376 static void load_unix_sockets(void) {
377 _cleanup_fclose_
FILE *f
= NULL
;
383 /* We maintain a cache of the sockets we found in /proc/net/unix to speed things up a little. */
385 unix_sockets
= set_new(&string_hash_ops
);
389 f
= fopen("/proc/net/unix", "re");
391 log_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_WARNING
, errno
,
392 "Failed to open /proc/net/unix, ignoring: %m");
397 r
= read_line(f
, LONG_LINE_MAX
, NULL
);
399 log_warning_errno(r
, "Failed to skip /proc/net/unix header line: %m");
403 log_warning("Premature end of file reading /proc/net/unix.");
408 _cleanup_free_
char *line
= NULL
;
411 r
= read_line(f
, LONG_LINE_MAX
, &line
);
413 log_warning_errno(r
, "Failed to read /proc/net/unix line, ignoring: %m");
416 if (r
== 0) /* EOF */
419 p
= strchr(line
, ':');
427 p
+= strspn(p
, WHITESPACE
);
428 p
+= strcspn(p
, WHITESPACE
); /* skip one more word */
429 p
+= strspn(p
, WHITESPACE
);
440 path_kill_slashes(s
);
442 r
= set_consume(unix_sockets
, s
);
443 if (r
< 0 && r
!= -EEXIST
) {
444 log_warning_errno(r
, "Failed to add AF_UNIX socket to set, ignoring: %m");
452 unix_sockets
= set_free_free(unix_sockets
);
455 static bool unix_socket_alive(const char *fn
) {
461 return !!set_get(unix_sockets
, (char*) fn
);
463 /* We don't know, so assume yes */
467 static int dir_is_mount_point(DIR *d
, const char *subdir
) {
469 int mount_id_parent
, mount_id
;
472 r_p
= name_to_handle_at_loop(dirfd(d
), ".", NULL
, &mount_id_parent
, 0);
476 r
= name_to_handle_at_loop(dirfd(d
), subdir
, NULL
, &mount_id
, 0);
480 /* got no handle; make no assumptions, return error */
481 if (r_p
< 0 && r
< 0)
484 /* got both handles; if they differ, it is a mount point */
485 if (r_p
>= 0 && r
>= 0)
486 return mount_id_parent
!= mount_id
;
488 /* got only one handle; assume different mount points if one
489 * of both queries was not supported by the filesystem */
490 if (IN_SET(r_p
, -ENOSYS
, -EOPNOTSUPP
) || IN_SET(r
, -ENOSYS
, -EOPNOTSUPP
))
499 static DIR* xopendirat_nomod(int dirfd
, const char *path
) {
502 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
|O_NOATIME
);
506 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
510 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
);
512 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
517 static DIR* opendir_nomod(const char *path
) {
518 return xopendirat_nomod(AT_FDCWD
, path
);
521 static int dir_cleanup(
525 const struct stat
*ds
,
530 bool keep_this_level
) {
533 struct timespec times
[2];
534 bool deleted
= false;
537 FOREACH_DIRENT_ALL(dent
, d
, break) {
540 _cleanup_free_
char *sub_path
= NULL
;
542 if (dot_or_dot_dot(dent
->d_name
))
545 if (fstatat(dirfd(d
), dent
->d_name
, &s
, AT_SYMLINK_NOFOLLOW
) < 0) {
549 /* FUSE, NFS mounts, SELinux might return EACCES */
550 r
= log_full_errno(errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
551 "stat(%s/%s) failed: %m", p
, dent
->d_name
);
555 /* Stay on the same filesystem */
556 if (s
.st_dev
!= rootdev
) {
557 log_debug("Ignoring \"%s/%s\": different filesystem.", p
, dent
->d_name
);
561 /* Try to detect bind mounts of the same filesystem instance; they
562 * do not differ in device major/minors. This type of query is not
563 * supported on all kernels or filesystem types though. */
564 if (S_ISDIR(s
.st_mode
) && dir_is_mount_point(d
, dent
->d_name
) > 0) {
565 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
570 /* Do not delete read-only files owned by root */
571 if (s
.st_uid
== 0 && !(s
.st_mode
& S_IWUSR
)) {
572 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p
, dent
->d_name
);
576 sub_path
= strjoin(p
, "/", dent
->d_name
);
582 /* Is there an item configured for this path? */
583 if (ordered_hashmap_get(items
, sub_path
)) {
584 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path
);
588 if (find_glob(globs
, sub_path
)) {
589 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path
);
593 if (S_ISDIR(s
.st_mode
)) {
596 streq(dent
->d_name
, "lost+found") &&
598 log_debug("Ignoring \"%s\".", sub_path
);
603 log_warning("Reached max depth on \"%s\".", sub_path
);
605 _cleanup_closedir_
DIR *sub_dir
;
608 sub_dir
= xopendirat_nomod(dirfd(d
), dent
->d_name
);
611 r
= log_error_errno(errno
, "opendir(%s) failed: %m", sub_path
);
616 q
= dir_cleanup(i
, sub_path
, sub_dir
, &s
, cutoff
, rootdev
, false, maxdepth
-1, false);
621 /* Note: if you are wondering why we don't
622 * support the sticky bit for excluding
623 * directories from cleaning like we do it for
624 * other file system objects: well, the sticky
625 * bit already has a meaning for directories,
626 * so we don't want to overload that. */
628 if (keep_this_level
) {
629 log_debug("Keeping \"%s\".", sub_path
);
633 /* Ignore ctime, we change it when deleting */
634 age
= timespec_load(&s
.st_mtim
);
636 char a
[FORMAT_TIMESTAMP_MAX
];
637 /* Follows spelling in stat(1). */
638 log_debug("Directory \"%s\": modify time %s is too new.",
640 format_timestamp_us(a
, sizeof(a
), age
));
644 age
= timespec_load(&s
.st_atim
);
646 char a
[FORMAT_TIMESTAMP_MAX
];
647 log_debug("Directory \"%s\": access time %s is too new.",
649 format_timestamp_us(a
, sizeof(a
), age
));
653 log_debug("Removing directory \"%s\".", sub_path
);
654 if (unlinkat(dirfd(d
), dent
->d_name
, AT_REMOVEDIR
) < 0)
655 if (!IN_SET(errno
, ENOENT
, ENOTEMPTY
))
656 r
= log_error_errno(errno
, "rmdir(%s): %m", sub_path
);
659 /* Skip files for which the sticky bit is
660 * set. These are semantics we define, and are
661 * unknown elsewhere. See XDG_RUNTIME_DIR
662 * specification for details. */
663 if (s
.st_mode
& S_ISVTX
) {
664 log_debug("Skipping \"%s\": sticky bit set.", sub_path
);
668 if (mountpoint
&& S_ISREG(s
.st_mode
))
669 if (s
.st_uid
== 0 && STR_IN_SET(dent
->d_name
,
673 log_debug("Skipping \"%s\".", sub_path
);
677 /* Ignore sockets that are listed in /proc/net/unix */
678 if (S_ISSOCK(s
.st_mode
) && unix_socket_alive(sub_path
)) {
679 log_debug("Skipping \"%s\": live socket.", sub_path
);
683 /* Ignore device nodes */
684 if (S_ISCHR(s
.st_mode
) || S_ISBLK(s
.st_mode
)) {
685 log_debug("Skipping \"%s\": a device.", sub_path
);
689 /* Keep files on this level around if this is
691 if (keep_this_level
) {
692 log_debug("Keeping \"%s\".", sub_path
);
696 age
= timespec_load(&s
.st_mtim
);
698 char a
[FORMAT_TIMESTAMP_MAX
];
699 /* Follows spelling in stat(1). */
700 log_debug("File \"%s\": modify time %s is too new.",
702 format_timestamp_us(a
, sizeof(a
), age
));
706 age
= timespec_load(&s
.st_atim
);
708 char a
[FORMAT_TIMESTAMP_MAX
];
709 log_debug("File \"%s\": access time %s is too new.",
711 format_timestamp_us(a
, sizeof(a
), age
));
715 age
= timespec_load(&s
.st_ctim
);
717 char a
[FORMAT_TIMESTAMP_MAX
];
718 log_debug("File \"%s\": change time %s is too new.",
720 format_timestamp_us(a
, sizeof(a
), age
));
724 log_debug("unlink \"%s\"", sub_path
);
726 if (unlinkat(dirfd(d
), dent
->d_name
, 0) < 0)
728 r
= log_error_errno(errno
, "unlink(%s): %m", sub_path
);
737 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
739 /* Restore original directory timestamps */
740 times
[0] = ds
->st_atim
;
741 times
[1] = ds
->st_mtim
;
743 age1
= timespec_load(&ds
->st_atim
);
744 age2
= timespec_load(&ds
->st_mtim
);
745 log_debug("Restoring access and modification time on \"%s\": %s, %s",
747 format_timestamp_us(a
, sizeof(a
), age1
),
748 format_timestamp_us(b
, sizeof(b
), age2
));
749 if (futimens(dirfd(d
), times
) < 0)
750 log_error_errno(errno
, "utimensat(%s): %m", p
);
756 static int path_set_perms(Item
*i
, const char *path
) {
757 char fn
[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
758 _cleanup_close_
int fd
= -1;
764 /* We open the file with O_PATH here, to make the operation
765 * somewhat atomic. Also there's unfortunately no fchmodat()
766 * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via
769 fd
= open(path
, O_NOFOLLOW
|O_CLOEXEC
|O_PATH
);
771 int level
= LOG_ERR
, r
= -errno
;
773 /* Option "e" operates only on existing objects. Do not
774 * print errors about non-existent files or directories */
775 if (i
->type
== EMPTY_DIRECTORY
&& errno
== ENOENT
) {
780 log_full_errno(level
, errno
, "Adjusting owner and mode for %s failed: %m", path
);
785 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
786 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
788 xsprintf(fn
, "/proc/self/fd/%i", fd
);
791 if (S_ISLNK(st
.st_mode
))
792 log_debug("Skipping mode fix for symlink %s.", path
);
797 if (!(st
.st_mode
& 0111))
799 if (!(st
.st_mode
& 0222))
801 if (!(st
.st_mode
& 0444))
803 if (!S_ISDIR(st
.st_mode
))
804 m
&= ~07000; /* remove sticky/sgid/suid bit, unless directory */
807 if (m
== (st
.st_mode
& 07777))
808 log_debug("\"%s\" has correct mode %o already.", path
, st
.st_mode
);
810 log_debug("Changing \"%s\" to mode %o.", path
, m
);
812 if (chmod(fn
, m
) < 0)
813 return log_error_errno(errno
, "chmod() of %s via %s failed: %m", path
, fn
);
818 if ((i
->uid
!= st
.st_uid
|| i
->gid
!= st
.st_gid
) &&
819 (i
->uid_set
|| i
->gid_set
)) {
820 log_debug("Changing \"%s\" to owner "UID_FMT
":"GID_FMT
,
822 i
->uid_set
? i
->uid
: UID_INVALID
,
823 i
->gid_set
? i
->gid
: GID_INVALID
);
826 i
->uid_set
? i
->uid
: UID_INVALID
,
827 i
->gid_set
? i
->gid
: GID_INVALID
) < 0)
828 return log_error_errno(errno
, "chown() of %s via %s failed: %m", path
, fn
);
833 return label_fix(path
, false, false);
836 static int parse_xattrs_from_arg(Item
*i
) {
846 _cleanup_free_
char *name
= NULL
, *value
= NULL
, *xattr
= NULL
;
848 r
= extract_first_word(&p
, &xattr
, NULL
, EXTRACT_QUOTES
|EXTRACT_CUNESCAPE
);
850 log_warning_errno(r
, "Failed to parse extended attribute '%s', ignoring: %m", p
);
854 r
= split_pair(xattr
, "=", &name
, &value
);
856 log_warning_errno(r
, "Failed to parse extended attribute, ignoring: %s", xattr
);
860 if (isempty(name
) || isempty(value
)) {
861 log_warning("Malformed extended attribute found, ignoring: %s", xattr
);
865 if (strv_push_pair(&i
->xattrs
, name
, value
) < 0)
874 static int path_set_xattrs(Item
*i
, const char *path
) {
875 char **name
, **value
;
880 STRV_FOREACH_PAIR(name
, value
, i
->xattrs
) {
881 log_debug("Setting extended attribute '%s=%s' on %s.", *name
, *value
, path
);
882 if (lsetxattr(path
, *name
, *value
, strlen(*value
), 0) < 0)
883 return log_error_errno(errno
, "Setting extended attribute %s=%s on %s failed: %m",
884 *name
, *value
, path
);
889 static int parse_acls_from_arg(Item
*item
) {
895 /* If force (= modify) is set, we will not modify the acl
896 * afterwards, so the mask can be added now if necessary. */
898 r
= parse_acl(item
->argument
, &item
->acl_access
, &item
->acl_default
, !item
->force
);
900 log_warning_errno(r
, "Failed to parse ACL \"%s\": %m. Ignoring", item
->argument
);
902 log_warning_errno(ENOSYS
, "ACLs are not supported. Ignoring");
909 static int path_set_acl(const char *path
, const char *pretty
, acl_type_t type
, acl_t acl
, bool modify
) {
910 _cleanup_(acl_free_charpp
) char *t
= NULL
;
911 _cleanup_(acl_freep
) acl_t dup
= NULL
;
914 /* Returns 0 for success, positive error if already warned,
915 * negative error otherwise. */
918 r
= acls_for_file(path
, type
, acl
, &dup
);
922 r
= calc_acl_mask_if_needed(&dup
);
930 /* the mask was already added earlier if needed */
933 r
= add_base_acls_if_needed(&dup
, path
);
937 t
= acl_to_any_text(dup
, NULL
, ',', TEXT_ABBREVIATE
);
938 log_debug("Setting %s ACL %s on %s.",
939 type
== ACL_TYPE_ACCESS
? "access" : "default",
942 r
= acl_set_file(path
, type
, dup
);
944 /* Return positive to indicate we already warned */
945 return -log_error_errno(errno
,
946 "Setting %s ACL \"%s\" on %s failed: %m",
947 type
== ACL_TYPE_ACCESS
? "access" : "default",
954 static int path_set_acls(Item
*item
, const char *path
) {
957 char fn
[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
958 _cleanup_close_
int fd
= -1;
964 fd
= open(path
, O_NOFOLLOW
|O_CLOEXEC
|O_PATH
);
966 return log_error_errno(errno
, "Adjusting ACL of %s failed: %m", path
);
968 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
969 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
971 if (S_ISLNK(st
.st_mode
)) {
972 log_debug("Skipping ACL fix for symlink %s.", path
);
976 xsprintf(fn
, "/proc/self/fd/%i", fd
);
978 if (item
->acl_access
)
979 r
= path_set_acl(fn
, path
, ACL_TYPE_ACCESS
, item
->acl_access
, item
->force
);
981 if (r
== 0 && item
->acl_default
)
982 r
= path_set_acl(fn
, path
, ACL_TYPE_DEFAULT
, item
->acl_default
, item
->force
);
985 return -r
; /* already warned */
986 else if (r
== -EOPNOTSUPP
) {
987 log_debug_errno(r
, "ACLs not supported by file system at %s", path
);
990 log_error_errno(r
, "ACL operation on \"%s\" failed: %m", path
);
995 #define ATTRIBUTES_ALL \
1004 FS_JOURNAL_DATA_FL | \
1011 static int parse_attribute_from_arg(Item
*item
) {
1013 static const struct {
1017 { 'A', FS_NOATIME_FL
}, /* do not update atime */
1018 { 'S', FS_SYNC_FL
}, /* Synchronous updates */
1019 { 'D', FS_DIRSYNC_FL
}, /* dirsync behaviour (directories only) */
1020 { 'a', FS_APPEND_FL
}, /* writes to file may only append */
1021 { 'c', FS_COMPR_FL
}, /* Compress file */
1022 { 'd', FS_NODUMP_FL
}, /* do not dump file */
1023 { 'e', FS_EXTENT_FL
}, /* Extents */
1024 { 'i', FS_IMMUTABLE_FL
}, /* Immutable file */
1025 { 'j', FS_JOURNAL_DATA_FL
}, /* Reserved for ext3 */
1026 { 's', FS_SECRM_FL
}, /* Secure deletion */
1027 { 'u', FS_UNRM_FL
}, /* Undelete */
1028 { 't', FS_NOTAIL_FL
}, /* file tail should not be merged */
1029 { 'T', FS_TOPDIR_FL
}, /* Top of directory hierarchies */
1030 { 'C', FS_NOCOW_FL
}, /* Do not cow file */
1039 unsigned value
= 0, mask
= 0;
1049 } else if (*p
== '-') {
1052 } else if (*p
== '=') {
1058 if (isempty(p
) && mode
!= MODE_SET
) {
1059 log_error("Setting file attribute on '%s' needs an attribute specification.", item
->path
);
1063 for (; p
&& *p
; p
++) {
1066 for (i
= 0; i
< ELEMENTSOF(attributes
); i
++)
1067 if (*p
== attributes
[i
].character
)
1070 if (i
>= ELEMENTSOF(attributes
)) {
1071 log_error("Unknown file attribute '%c' on '%s'.", *p
, item
->path
);
1075 v
= attributes
[i
].value
;
1077 SET_FLAG(value
, v
, IN_SET(mode
, MODE_ADD
, MODE_SET
));
1082 if (mode
== MODE_SET
)
1083 mask
|= ATTRIBUTES_ALL
;
1087 item
->attribute_mask
= mask
;
1088 item
->attribute_value
= value
;
1089 item
->attribute_set
= true;
1094 static int path_set_attribute(Item
*item
, const char *path
) {
1095 _cleanup_close_
int fd
= -1;
1100 if (!item
->attribute_set
|| item
->attribute_mask
== 0)
1103 fd
= open(path
, O_RDONLY
|O_NONBLOCK
|O_CLOEXEC
|O_NOATIME
|O_NOFOLLOW
);
1106 return log_error_errno(errno
, "Skipping file attributes adjustment on symlink %s.", path
);
1108 return log_error_errno(errno
, "Cannot open '%s': %m", path
);
1111 if (fstat(fd
, &st
) < 0)
1112 return log_error_errno(errno
, "Cannot stat '%s': %m", path
);
1114 /* Issuing the file attribute ioctls on device nodes is not
1115 * safe, as that will be delivered to the drivers, not the
1116 * file system containing the device node. */
1117 if (!S_ISREG(st
.st_mode
) && !S_ISDIR(st
.st_mode
)) {
1118 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path
);
1122 f
= item
->attribute_value
& item
->attribute_mask
;
1124 /* Mask away directory-specific flags */
1125 if (!S_ISDIR(st
.st_mode
))
1126 f
&= ~FS_DIRSYNC_FL
;
1128 r
= chattr_fd(fd
, f
, item
->attribute_mask
);
1130 log_full_errno(IN_SET(r
, -ENOTTY
, -EOPNOTSUPP
) ? LOG_DEBUG
: LOG_WARNING
,
1132 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
1133 path
, item
->attribute_value
, item
->attribute_mask
);
1138 static int write_one_file(Item
*i
, const char *path
) {
1139 _cleanup_close_
int fd
= -1;
1146 flags
= i
->type
== CREATE_FILE
? O_CREAT
|O_APPEND
|O_NOFOLLOW
:
1147 i
->type
== TRUNCATE_FILE
? O_CREAT
|O_TRUNC
|O_NOFOLLOW
: 0;
1149 RUN_WITH_UMASK(0000) {
1150 mac_selinux_create_file_prepare(path
, S_IFREG
);
1151 fd
= open(path
, flags
|O_NDELAY
|O_CLOEXEC
|O_WRONLY
|O_NOCTTY
, i
->mode
);
1152 mac_selinux_create_file_clear();
1156 if (i
->type
== WRITE_FILE
&& errno
== ENOENT
) {
1157 log_debug_errno(errno
, "Not writing \"%s\": %m", path
);
1162 if (!i
->argument
&& errno
== EROFS
&& stat(path
, &st
) == 0 &&
1163 (i
->type
== CREATE_FILE
|| st
.st_size
== 0))
1166 return log_error_errno(r
, "Failed to create file %s: %m", path
);
1170 log_debug("%s to \"%s\".", i
->type
== CREATE_FILE
? "Appending" : "Writing", path
);
1172 r
= loop_write(fd
, i
->argument
, strlen(i
->argument
), false);
1174 return log_error_errno(r
, "Failed to write file \"%s\": %m", path
);
1176 log_debug("\"%s\" has been created.", path
);
1178 fd
= safe_close(fd
);
1180 if (stat(path
, &st
) < 0)
1181 return log_error_errno(errno
, "stat(%s) failed: %m", path
);
1184 if (!S_ISREG(st
.st_mode
)) {
1185 log_error("%s is not a file.", path
);
1189 r
= path_set_perms(i
, path
);
1196 typedef int (*action_t
)(Item
*, const char *);
1198 static int item_do_children(Item
*i
, const char *path
, action_t action
) {
1199 _cleanup_closedir_
DIR *d
;
1206 /* This returns the first error we run into, but nevertheless
1209 d
= opendir_nomod(path
);
1211 return IN_SET(errno
, ENOENT
, ENOTDIR
, ELOOP
) ? 0 : -errno
;
1213 FOREACH_DIRENT_ALL(de
, d
, r
= -errno
) {
1214 _cleanup_free_
char *p
= NULL
;
1217 if (dot_or_dot_dot(de
->d_name
))
1220 p
= strjoin(path
, "/", de
->d_name
);
1225 if (q
< 0 && q
!= -ENOENT
&& r
== 0)
1228 if (IN_SET(de
->d_type
, DT_UNKNOWN
, DT_DIR
)) {
1229 q
= item_do_children(i
, p
, action
);
1230 if (q
< 0 && r
== 0)
1238 static int glob_item(Item
*i
, action_t action
, bool recursive
) {
1239 _cleanup_globfree_ glob_t g
= {
1240 .gl_opendir
= (void *(*)(const char *)) opendir_nomod
,
1245 k
= safe_glob(i
->path
, GLOB_NOSORT
|GLOB_BRACE
, &g
);
1246 if (k
< 0 && k
!= -ENOENT
)
1247 return log_error_errno(k
, "glob(%s) failed: %m", i
->path
);
1249 STRV_FOREACH(fn
, g
.gl_pathv
) {
1251 if (k
< 0 && r
== 0)
1255 k
= item_do_children(i
, *fn
, action
);
1256 if (k
< 0 && r
== 0)
1269 _CREATION_MODE_INVALID
= -1
1272 static const char *creation_mode_verb_table
[_CREATION_MODE_MAX
] = {
1273 [CREATION_NORMAL
] = "Created",
1274 [CREATION_EXISTING
] = "Found existing",
1275 [CREATION_FORCE
] = "Created replacement",
1278 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb
, CreationMode
);
1280 static int create_item(Item
*i
) {
1284 CreationMode creation
;
1288 log_debug("Running create action for entry %c %s", (char) i
->type
, i
->path
);
1293 case IGNORE_DIRECTORY_PATH
:
1295 case RECURSIVE_REMOVE_PATH
:
1300 r
= write_one_file(i
, i
->path
);
1306 log_debug("Copying tree \"%s\" to \"%s\".", i
->argument
, i
->path
);
1307 r
= copy_tree(i
->argument
, i
->path
, i
->uid_set
? i
->uid
: UID_INVALID
, i
->gid_set
? i
->gid
: GID_INVALID
, COPY_REFLINK
);
1309 if (r
== -EROFS
&& stat(i
->path
, &st
) == 0)
1316 return log_error_errno(r
, "Failed to copy files to %s: %m", i
->path
);
1318 if (stat(i
->argument
, &a
) < 0)
1319 return log_error_errno(errno
, "stat(%s) failed: %m", i
->argument
);
1321 if (stat(i
->path
, &b
) < 0)
1322 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1324 if ((a
.st_mode
^ b
.st_mode
) & S_IFMT
) {
1325 log_debug("Can't copy to %s, file exists already and is of different type", i
->path
);
1330 r
= path_set_perms(i
, i
->path
);
1337 r
= glob_item(i
, write_one_file
, false);
1343 case CREATE_DIRECTORY
:
1344 case TRUNCATE_DIRECTORY
:
1345 case CREATE_SUBVOLUME
:
1346 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1347 case CREATE_SUBVOLUME_NEW_QUOTA
:
1348 RUN_WITH_UMASK(0000)
1349 mkdir_parents_label(i
->path
, 0755);
1351 if (IN_SET(i
->type
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
)) {
1353 if (btrfs_is_subvol(isempty(arg_root
) ? "/" : arg_root
) <= 0)
1355 /* Don't create a subvolume unless the
1356 * root directory is one, too. We do
1357 * this under the assumption that if
1358 * the root directory is just a plain
1359 * directory (i.e. very light-weight),
1360 * we shouldn't try to split it up
1361 * into subvolumes (i.e. more
1362 * heavy-weight). Thus, chroot()
1363 * environments and suchlike will get
1364 * a full brtfs subvolume set up below
1365 * their tree only if they
1366 * specifically set up a btrfs
1367 * subvolume for the root dir too. */
1371 RUN_WITH_UMASK((~i
->mode
) & 0777)
1372 r
= btrfs_subvol_make(i
->path
);
1377 if (IN_SET(i
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
) || r
== -ENOTTY
)
1378 RUN_WITH_UMASK(0000)
1379 r
= mkdir_label(i
->path
, i
->mode
);
1384 if (!IN_SET(r
, -EEXIST
, -EROFS
))
1385 return log_error_errno(r
, "Failed to create directory or subvolume \"%s\": %m", i
->path
);
1387 k
= is_dir(i
->path
, false);
1388 if (k
== -ENOENT
&& r
== -EROFS
)
1389 return log_error_errno(r
, "%s does not exist and cannot be created as the file system is read-only.", i
->path
);
1391 return log_error_errno(k
, "Failed to check if %s exists: %m", i
->path
);
1393 log_warning("\"%s\" already exists and is not a directory.", i
->path
);
1397 creation
= CREATION_EXISTING
;
1399 creation
= CREATION_NORMAL
;
1401 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1403 if (IN_SET(i
->type
, CREATE_SUBVOLUME_NEW_QUOTA
, CREATE_SUBVOLUME_INHERIT_QUOTA
)) {
1404 r
= btrfs_subvol_auto_qgroup(i
->path
, 0, i
->type
== CREATE_SUBVOLUME_NEW_QUOTA
);
1406 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" (unsupported fs or dir not a subvolume): %m", i
->path
);
1407 else if (r
== -EROFS
)
1408 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" (fs is read-only).", i
->path
);
1409 else if (r
== -ENOPROTOOPT
)
1410 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" (quota support is disabled).", i
->path
);
1412 q
= log_error_errno(r
, "Failed to adjust quota for subvolume \"%s\": %m", i
->path
);
1414 log_debug("Adjusted quota for subvolume \"%s\".", i
->path
);
1416 log_debug("Quota for subvolume \"%s\" already in place, no change made.", i
->path
);
1420 case EMPTY_DIRECTORY
:
1421 r
= path_set_perms(i
, i
->path
);
1430 RUN_WITH_UMASK(0000) {
1431 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1432 r
= mkfifo(i
->path
, i
->mode
);
1433 mac_selinux_create_file_clear();
1437 if (errno
!= EEXIST
)
1438 return log_error_errno(errno
, "Failed to create fifo %s: %m", i
->path
);
1440 if (lstat(i
->path
, &st
) < 0)
1441 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1443 if (!S_ISFIFO(st
.st_mode
)) {
1446 RUN_WITH_UMASK(0000) {
1447 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1448 r
= mkfifo_atomic(i
->path
, i
->mode
);
1449 mac_selinux_create_file_clear();
1453 return log_error_errno(r
, "Failed to create fifo %s: %m", i
->path
);
1454 creation
= CREATION_FORCE
;
1456 log_warning("\"%s\" already exists and is not a fifo.", i
->path
);
1460 creation
= CREATION_EXISTING
;
1462 creation
= CREATION_NORMAL
;
1463 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1465 r
= path_set_perms(i
, i
->path
);
1472 case CREATE_SYMLINK
: {
1473 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1474 r
= symlink(i
->argument
, i
->path
);
1475 mac_selinux_create_file_clear();
1478 _cleanup_free_
char *x
= NULL
;
1480 if (errno
!= EEXIST
)
1481 return log_error_errno(errno
, "symlink(%s, %s) failed: %m", i
->argument
, i
->path
);
1483 r
= readlink_malloc(i
->path
, &x
);
1484 if (r
< 0 || !streq(i
->argument
, x
)) {
1487 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1488 r
= symlink_atomic(i
->argument
, i
->path
);
1489 mac_selinux_create_file_clear();
1491 if (IN_SET(r
, -EEXIST
, -ENOTEMPTY
)) {
1492 r
= rm_rf(i
->path
, REMOVE_ROOT
|REMOVE_PHYSICAL
);
1494 return log_error_errno(r
, "rm -fr %s failed: %m", i
->path
);
1496 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1497 r
= symlink(i
->argument
, i
->path
) < 0 ? -errno
: 0;
1498 mac_selinux_create_file_clear();
1501 return log_error_errno(r
, "symlink(%s, %s) failed: %m", i
->argument
, i
->path
);
1503 creation
= CREATION_FORCE
;
1505 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i
->path
);
1509 creation
= CREATION_EXISTING
;
1512 creation
= CREATION_NORMAL
;
1513 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1517 case CREATE_BLOCK_DEVICE
:
1518 case CREATE_CHAR_DEVICE
: {
1521 if (have_effective_cap(CAP_MKNOD
) == 0) {
1522 /* In a container we lack CAP_MKNOD. We
1523 shouldn't attempt to create the device node in
1524 that case to avoid noise, and we don't support
1525 virtualized devices in containers anyway. */
1527 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i
->path
);
1531 file_type
= i
->type
== CREATE_BLOCK_DEVICE
? S_IFBLK
: S_IFCHR
;
1533 RUN_WITH_UMASK(0000) {
1534 mac_selinux_create_file_prepare(i
->path
, file_type
);
1535 r
= mknod(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1536 mac_selinux_create_file_clear();
1540 if (errno
== EPERM
) {
1541 log_debug("We lack permissions, possibly because of cgroup configuration; "
1542 "skipping creation of device node %s.", i
->path
);
1546 if (errno
!= EEXIST
)
1547 return log_error_errno(errno
, "Failed to create device node %s: %m", i
->path
);
1549 if (lstat(i
->path
, &st
) < 0)
1550 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1552 if ((st
.st_mode
& S_IFMT
) != file_type
) {
1556 RUN_WITH_UMASK(0000) {
1557 mac_selinux_create_file_prepare(i
->path
, file_type
);
1558 r
= mknod_atomic(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1559 mac_selinux_create_file_clear();
1563 return log_error_errno(r
, "Failed to create device node \"%s\": %m", i
->path
);
1564 creation
= CREATION_FORCE
;
1566 log_debug("%s is not a device node.", i
->path
);
1570 creation
= CREATION_EXISTING
;
1572 creation
= CREATION_NORMAL
;
1574 log_debug("%s %s device node \"%s\" %u:%u.",
1575 creation_mode_verb_to_string(creation
),
1576 i
->type
== CREATE_BLOCK_DEVICE
? "block" : "char",
1577 i
->path
, major(i
->mode
), minor(i
->mode
));
1579 r
= path_set_perms(i
, i
->path
);
1588 r
= glob_item(i
, path_set_perms
, false);
1593 case RECURSIVE_RELABEL_PATH
:
1594 r
= glob_item(i
, path_set_perms
, true);
1600 r
= glob_item(i
, path_set_xattrs
, false);
1605 case RECURSIVE_SET_XATTR
:
1606 r
= glob_item(i
, path_set_xattrs
, true);
1612 r
= glob_item(i
, path_set_acls
, false);
1617 case RECURSIVE_SET_ACL
:
1618 r
= glob_item(i
, path_set_acls
, true);
1624 r
= glob_item(i
, path_set_attribute
, false);
1629 case RECURSIVE_SET_ATTRIBUTE
:
1630 r
= glob_item(i
, path_set_attribute
, true);
1639 static int remove_item_instance(Item
*i
, const char *instance
) {
1647 if (remove(instance
) < 0 && errno
!= ENOENT
)
1648 return log_error_errno(errno
, "rm(%s): %m", instance
);
1652 case TRUNCATE_DIRECTORY
:
1653 case RECURSIVE_REMOVE_PATH
:
1654 /* FIXME: we probably should use dir_cleanup() here
1655 * instead of rm_rf() so that 'x' is honoured. */
1656 log_debug("rm -rf \"%s\"", instance
);
1657 r
= rm_rf(instance
, (i
->type
== RECURSIVE_REMOVE_PATH
? REMOVE_ROOT
|REMOVE_SUBVOLUME
: 0) | REMOVE_PHYSICAL
);
1658 if (r
< 0 && r
!= -ENOENT
)
1659 return log_error_errno(r
, "rm_rf(%s): %m", instance
);
1664 assert_not_reached("wut?");
1670 static int remove_item(Item
*i
) {
1673 log_debug("Running remove action for entry %c %s", (char) i
->type
, i
->path
);
1678 case TRUNCATE_DIRECTORY
:
1679 case RECURSIVE_REMOVE_PATH
:
1680 return glob_item(i
, remove_item_instance
, false);
1687 static int clean_item_instance(Item
*i
, const char* instance
) {
1688 _cleanup_closedir_
DIR *d
= NULL
;
1692 char timestamp
[FORMAT_TIMESTAMP_MAX
];
1699 n
= now(CLOCK_REALTIME
);
1703 cutoff
= n
- i
->age
;
1705 d
= opendir_nomod(instance
);
1707 if (IN_SET(errno
, ENOENT
, ENOTDIR
)) {
1708 log_debug_errno(errno
, "Directory \"%s\": %m", instance
);
1712 return log_error_errno(errno
, "Failed to open directory %s: %m", instance
);
1715 if (fstat(dirfd(d
), &s
) < 0)
1716 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1718 if (!S_ISDIR(s
.st_mode
)) {
1719 log_error("%s is not a directory.", i
->path
);
1723 if (fstatat(dirfd(d
), "..", &ps
, AT_SYMLINK_NOFOLLOW
) != 0)
1724 return log_error_errno(errno
, "stat(%s/..) failed: %m", i
->path
);
1726 mountpoint
= s
.st_dev
!= ps
.st_dev
|| s
.st_ino
== ps
.st_ino
;
1728 log_debug("Cleanup threshold for %s \"%s\" is %s",
1729 mountpoint
? "mount point" : "directory",
1731 format_timestamp_us(timestamp
, sizeof(timestamp
), cutoff
));
1733 return dir_cleanup(i
, instance
, d
, &s
, cutoff
, s
.st_dev
, mountpoint
,
1734 MAX_DEPTH
, i
->keep_first_level
);
1737 static int clean_item(Item
*i
) {
1740 log_debug("Running clean action for entry %c %s", (char) i
->type
, i
->path
);
1743 case CREATE_DIRECTORY
:
1744 case CREATE_SUBVOLUME
:
1745 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1746 case CREATE_SUBVOLUME_NEW_QUOTA
:
1747 case TRUNCATE_DIRECTORY
:
1750 clean_item_instance(i
, i
->path
);
1752 case EMPTY_DIRECTORY
:
1753 case IGNORE_DIRECTORY_PATH
:
1754 return glob_item(i
, clean_item_instance
, false);
1760 static int process_item_array(ItemArray
*array
);
1762 static int process_item(Item
*i
) {
1764 _cleanup_free_
char *prefix
= NULL
;
1773 prefix
= malloc(strlen(i
->path
) + 1);
1777 PATH_FOREACH_PREFIX(prefix
, i
->path
) {
1780 j
= ordered_hashmap_get(items
, prefix
);
1784 s
= process_item_array(j
);
1785 if (s
< 0 && t
== 0)
1790 if (chase_symlinks(i
->path
, NULL
, CHASE_NO_AUTOFS
, NULL
) == -EREMOTE
)
1793 r
= arg_create
? create_item(i
) : 0;
1794 q
= arg_remove
? remove_item(i
) : 0;
1795 p
= arg_clean
? clean_item(i
) : 0;
1803 static int process_item_array(ItemArray
*array
) {
1809 for (n
= 0; n
< array
->count
; n
++) {
1810 k
= process_item(array
->items
+ n
);
1811 if (k
< 0 && r
== 0)
1818 static void item_free_contents(Item
*i
) {
1822 strv_free(i
->xattrs
);
1825 acl_free(i
->acl_access
);
1826 acl_free(i
->acl_default
);
1830 static void item_array_free(ItemArray
*a
) {
1836 for (n
= 0; n
< a
->count
; n
++)
1837 item_free_contents(a
->items
+ n
);
1842 static int item_compare(const void *a
, const void *b
) {
1843 const Item
*x
= a
, *y
= b
;
1845 /* Make sure that the ownership taking item is put first, so
1846 * that we first create the node, and then can adjust it */
1848 if (takes_ownership(x
->type
) && !takes_ownership(y
->type
))
1850 if (!takes_ownership(x
->type
) && takes_ownership(y
->type
))
1853 return (int) x
->type
- (int) y
->type
;
1856 static bool item_compatible(Item
*a
, Item
*b
) {
1859 assert(streq(a
->path
, b
->path
));
1861 if (takes_ownership(a
->type
) && takes_ownership(b
->type
))
1862 /* check if the items are the same */
1863 return streq_ptr(a
->argument
, b
->argument
) &&
1865 a
->uid_set
== b
->uid_set
&&
1868 a
->gid_set
== b
->gid_set
&&
1871 a
->mode_set
== b
->mode_set
&&
1872 a
->mode
== b
->mode
&&
1874 a
->age_set
== b
->age_set
&&
1877 a
->mask_perms
== b
->mask_perms
&&
1879 a
->keep_first_level
== b
->keep_first_level
&&
1881 a
->major_minor
== b
->major_minor
;
1886 static bool should_include_path(const char *path
) {
1889 STRV_FOREACH(prefix
, arg_exclude_prefixes
)
1890 if (path_startswith(path
, *prefix
)) {
1891 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1896 STRV_FOREACH(prefix
, arg_include_prefixes
)
1897 if (path_startswith(path
, *prefix
)) {
1898 log_debug("Entry \"%s\" matches include prefix \"%s\".", path
, *prefix
);
1902 /* no matches, so we should include this path only if we
1903 * have no whitelist at all */
1904 if (strv_isempty(arg_include_prefixes
))
1907 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path
);
1911 static int specifier_expansion_from_arg(Item
*i
) {
1912 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1918 if (i
->argument
== NULL
)
1923 case CREATE_SYMLINK
:
1927 r
= cunescape(i
->argument
, 0, &unescaped
);
1929 return log_error_errno(r
, "Failed to unescape parameter to write: %s", i
->argument
);
1931 r
= specifier_printf(unescaped
, specifier_table
, NULL
, &resolved
);
1935 free_and_replace(i
->argument
, resolved
);
1939 case RECURSIVE_SET_XATTR
:
1942 STRV_FOREACH (xattr
, i
->xattrs
) {
1943 r
= specifier_printf(*xattr
, specifier_table
, NULL
, &resolved
);
1947 free_and_replace(*xattr
, resolved
);
1957 static int parse_line(const char *fname
, unsigned line
, const char *buffer
, bool *invalid_config
) {
1959 _cleanup_free_
char *action
= NULL
, *mode
= NULL
, *user
= NULL
, *group
= NULL
, *age
= NULL
, *path
= NULL
;
1960 _cleanup_(item_free_contents
) Item i
= {};
1961 ItemArray
*existing
;
1964 bool force
= false, boot
= false;
1970 r
= extract_many_words(
1982 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
1983 /* invalid quoting and such or an unknown specifier */
1984 *invalid_config
= true;
1985 return log_error_errno(r
, "[%s:%u] Failed to parse line: %m", fname
, line
);
1989 *invalid_config
= true;
1990 log_error("[%s:%u] Syntax error.", fname
, line
);
1994 if (!isempty(buffer
) && !streq(buffer
, "-")) {
1995 i
.argument
= strdup(buffer
);
2000 if (isempty(action
)) {
2001 *invalid_config
= true;
2002 log_error("[%s:%u] Command too short '%s'.", fname
, line
, action
);
2006 for (pos
= 1; action
[pos
]; pos
++) {
2007 if (action
[pos
] == '!' && !boot
)
2009 else if (action
[pos
] == '+' && !force
)
2012 *invalid_config
= true;
2013 log_error("[%s:%u] Unknown modifiers in command '%s'",
2014 fname
, line
, action
);
2019 if (boot
&& !arg_boot
) {
2020 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
2028 r
= specifier_printf(path
, specifier_table
, NULL
, &i
.path
);
2030 return log_unresolvable_specifier(fname
, line
);
2032 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
2033 *invalid_config
= true;
2034 return log_error_errno(r
, "[%s:%u] Failed to replace specifiers: %s", fname
, line
, path
);
2039 case CREATE_DIRECTORY
:
2040 case CREATE_SUBVOLUME
:
2041 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
2042 case CREATE_SUBVOLUME_NEW_QUOTA
:
2043 case EMPTY_DIRECTORY
:
2044 case TRUNCATE_DIRECTORY
:
2047 case IGNORE_DIRECTORY_PATH
:
2049 case RECURSIVE_REMOVE_PATH
:
2052 case RECURSIVE_RELABEL_PATH
:
2054 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname
, line
, i
.type
);
2062 case CREATE_SYMLINK
:
2064 i
.argument
= strappend("/usr/share/factory/", i
.path
);
2072 *invalid_config
= true;
2073 log_error("[%s:%u] Write file requires argument.", fname
, line
);
2080 i
.argument
= strappend("/usr/share/factory/", i
.path
);
2083 } else if (!path_is_absolute(i
.argument
)) {
2084 *invalid_config
= true;
2085 log_error("[%s:%u] Source path is not absolute.", fname
, line
);
2089 path_kill_slashes(i
.argument
);
2092 case CREATE_CHAR_DEVICE
:
2093 case CREATE_BLOCK_DEVICE
: {
2094 unsigned major
, minor
;
2097 *invalid_config
= true;
2098 log_error("[%s:%u] Device file requires argument.", fname
, line
);
2102 if (sscanf(i
.argument
, "%u:%u", &major
, &minor
) != 2) {
2103 *invalid_config
= true;
2104 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname
, line
, i
.argument
);
2108 i
.major_minor
= makedev(major
, minor
);
2113 case RECURSIVE_SET_XATTR
:
2115 *invalid_config
= true;
2116 log_error("[%s:%u] Set extended attribute requires argument.", fname
, line
);
2119 r
= parse_xattrs_from_arg(&i
);
2125 case RECURSIVE_SET_ACL
:
2127 *invalid_config
= true;
2128 log_error("[%s:%u] Set ACLs requires argument.", fname
, line
);
2131 r
= parse_acls_from_arg(&i
);
2137 case RECURSIVE_SET_ATTRIBUTE
:
2139 *invalid_config
= true;
2140 log_error("[%s:%u] Set file attribute requires argument.", fname
, line
);
2143 r
= parse_attribute_from_arg(&i
);
2144 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
2145 *invalid_config
= true;
2151 log_error("[%s:%u] Unknown command type '%c'.", fname
, line
, (char) i
.type
);
2152 *invalid_config
= true;
2156 if (!path_is_absolute(i
.path
)) {
2157 log_error("[%s:%u] Path '%s' not absolute.", fname
, line
, i
.path
);
2158 *invalid_config
= true;
2162 path_kill_slashes(i
.path
);
2164 if (!should_include_path(i
.path
))
2167 r
= specifier_expansion_from_arg(&i
);
2169 return log_unresolvable_specifier(fname
, line
);
2171 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
2172 *invalid_config
= true;
2173 return log_error_errno(r
, "[%s:%u] Failed to substitute specifiers in argument: %m",
2180 p
= prefix_root(arg_root
, i
.path
);
2188 if (!isempty(user
) && !streq(user
, "-")) {
2189 const char *u
= user
;
2191 r
= get_user_creds(&u
, &i
.uid
, NULL
, NULL
, NULL
);
2193 *invalid_config
= true;
2194 return log_error_errno(r
, "[%s:%u] Unknown user '%s'.", fname
, line
, user
);
2200 if (!isempty(group
) && !streq(group
, "-")) {
2201 const char *g
= group
;
2203 r
= get_group_creds(&g
, &i
.gid
);
2205 *invalid_config
= true;
2206 log_error("[%s:%u] Unknown group '%s'.", fname
, line
, group
);
2213 if (!isempty(mode
) && !streq(mode
, "-")) {
2214 const char *mm
= mode
;
2218 i
.mask_perms
= true;
2222 if (parse_mode(mm
, &m
) < 0) {
2223 *invalid_config
= true;
2224 log_error("[%s:%u] Invalid mode '%s'.", fname
, line
, mode
);
2231 i
.mode
= IN_SET(i
.type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
) ? 0755 : 0644;
2233 if (!isempty(age
) && !streq(age
, "-")) {
2234 const char *a
= age
;
2237 i
.keep_first_level
= true;
2241 if (parse_sec(a
, &i
.age
) < 0) {
2242 *invalid_config
= true;
2243 log_error("[%s:%u] Invalid age '%s'.", fname
, line
, age
);
2250 h
= needs_glob(i
.type
) ? globs
: items
;
2252 existing
= ordered_hashmap_get(h
, i
.path
);
2256 for (n
= 0; n
< existing
->count
; n
++) {
2257 if (!item_compatible(existing
->items
+ n
, &i
)) {
2258 log_notice("[%s:%u] Duplicate line for path \"%s\", ignoring.",
2259 fname
, line
, i
.path
);
2264 existing
= new0(ItemArray
, 1);
2268 r
= ordered_hashmap_put(h
, i
.path
, existing
);
2273 if (!GREEDY_REALLOC(existing
->items
, existing
->size
, existing
->count
+ 1))
2276 memcpy(existing
->items
+ existing
->count
++, &i
, sizeof(i
));
2278 /* Sort item array, to enforce stable ordering of application */
2279 qsort_safe(existing
->items
, existing
->count
, sizeof(Item
), item_compare
);
2285 static void help(void) {
2286 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
2287 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
2288 " -h --help Show this help\n"
2289 " --user Execute user configuration\n"
2290 " --version Show package version\n"
2291 " --create Create marked files/directories\n"
2292 " --clean Clean up marked directories\n"
2293 " --remove Remove marked files/directories\n"
2294 " --boot Execute actions only safe at boot\n"
2295 " --prefix=PATH Only apply rules with the specified prefix\n"
2296 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2297 " --root=PATH Operate on an alternate filesystem root\n"
2298 , program_invocation_short_name
);
2301 static int parse_argv(int argc
, char *argv
[]) {
2304 ARG_VERSION
= 0x100,
2315 static const struct option options
[] = {
2316 { "help", no_argument
, NULL
, 'h' },
2317 { "user", no_argument
, NULL
, ARG_USER
},
2318 { "version", no_argument
, NULL
, ARG_VERSION
},
2319 { "create", no_argument
, NULL
, ARG_CREATE
},
2320 { "clean", no_argument
, NULL
, ARG_CLEAN
},
2321 { "remove", no_argument
, NULL
, ARG_REMOVE
},
2322 { "boot", no_argument
, NULL
, ARG_BOOT
},
2323 { "prefix", required_argument
, NULL
, ARG_PREFIX
},
2324 { "exclude-prefix", required_argument
, NULL
, ARG_EXCLUDE_PREFIX
},
2325 { "root", required_argument
, NULL
, ARG_ROOT
},
2334 while ((c
= getopt_long(argc
, argv
, "h", options
, NULL
)) >= 0)
2366 if (strv_push(&arg_include_prefixes
, optarg
) < 0)
2370 case ARG_EXCLUDE_PREFIX
:
2371 if (strv_push(&arg_exclude_prefixes
, optarg
) < 0)
2376 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
2385 assert_not_reached("Unhandled option");
2388 if (!arg_clean
&& !arg_create
&& !arg_remove
) {
2389 log_error("You need to specify at least one of --clean, --create or --remove.");
2396 static int read_config_file(const char **config_dirs
, const char *fn
, bool ignore_enoent
, bool *invalid_config
) {
2397 _cleanup_fclose_
FILE *_f
= NULL
;
2399 char line
[LINE_MAX
];
2407 if (streq(fn
, "-")) {
2408 log_debug("Reading config from stdin.");
2412 r
= search_and_fopen(fn
, "re", arg_root
, config_dirs
, &_f
);
2414 if (ignore_enoent
&& r
== -ENOENT
) {
2415 log_debug_errno(r
, "Failed to open \"%s\", ignoring: %m", fn
);
2419 return log_error_errno(r
, "Failed to open '%s': %m", fn
);
2421 log_debug("Reading config file \"%s\".", fn
);
2425 FOREACH_LINE(line
, f
, break) {
2428 bool invalid_line
= false;
2433 if (IN_SET(*l
, 0, '#'))
2436 k
= parse_line(fn
, v
, l
, &invalid_line
);
2439 /* Allow reporting with a special code if the caller requested this */
2440 *invalid_config
= true;
2442 /* The first error becomes our return value */
2447 /* we have to determine age parameter for each entry of type X */
2448 ORDERED_HASHMAP_FOREACH(i
, globs
, iterator
) {
2450 Item
*j
, *candidate_item
= NULL
;
2452 if (i
->type
!= IGNORE_DIRECTORY_PATH
)
2455 ORDERED_HASHMAP_FOREACH(j
, items
, iter
) {
2456 if (!IN_SET(j
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
))
2459 if (path_equal(j
->path
, i
->path
)) {
2464 if ((!candidate_item
&& path_startswith(i
->path
, j
->path
)) ||
2465 (candidate_item
&& path_startswith(j
->path
, candidate_item
->path
) && (fnmatch(i
->path
, j
->path
, FNM_PATHNAME
| FNM_PERIOD
) == 0)))
2469 if (candidate_item
&& candidate_item
->age_set
) {
2470 i
->age
= candidate_item
->age
;
2476 log_error_errno(errno
, "Failed to read from file %s: %m", fn
);
2484 int main(int argc
, char *argv
[]) {
2488 _cleanup_strv_free_
char **config_dirs
= NULL
;
2489 bool invalid_config
= false;
2492 r
= parse_argv(argc
, argv
);
2496 log_set_target(LOG_TARGET_AUTO
);
2497 log_parse_environment();
2504 items
= ordered_hashmap_new(&string_hash_ops
);
2505 globs
= ordered_hashmap_new(&string_hash_ops
);
2507 if (!items
|| !globs
) {
2515 r
= user_config_paths(&config_dirs
);
2517 log_error_errno(r
, "Failed to initialize configuration directory list: %m");
2521 config_dirs
= strv_split_nulstr(CONF_PATHS_NULSTR("tmpfiles.d"));
2528 if (DEBUG_LOGGING
) {
2529 _cleanup_free_
char *t
= NULL
;
2531 t
= strv_join(config_dirs
, "\n\t");
2533 log_debug("Looking for configuration files in (higher priority first:\n\t%s", t
);
2536 if (optind
< argc
) {
2539 for (j
= optind
; j
< argc
; j
++) {
2540 k
= read_config_file((const char**) config_dirs
, argv
[j
], false, &invalid_config
);
2541 if (k
< 0 && r
== 0)
2546 _cleanup_strv_free_
char **files
= NULL
;
2548 r
= conf_files_list_strv(&files
, ".conf", arg_root
, 0, (const char* const*) config_dirs
);
2550 log_error_errno(r
, "Failed to enumerate tmpfiles.d files: %m");
2554 STRV_FOREACH(f
, files
) {
2555 k
= read_config_file((const char**) config_dirs
, *f
, true, &invalid_config
);
2556 if (k
< 0 && r
== 0)
2561 /* The non-globbing ones usually create things, hence we apply
2563 ORDERED_HASHMAP_FOREACH(a
, items
, iterator
) {
2564 k
= process_item_array(a
);
2565 if (k
< 0 && r
== 0)
2569 /* The globbing ones usually alter things, hence we apply them
2571 ORDERED_HASHMAP_FOREACH(a
, globs
, iterator
) {
2572 k
= process_item_array(a
);
2573 if (k
< 0 && r
== 0)
2578 ordered_hashmap_free_with_destructor(items
, item_array_free
);
2579 ordered_hashmap_free_with_destructor(globs
, item_array_free
);
2581 free(arg_include_prefixes
);
2582 free(arg_exclude_prefixes
);
2585 set_free_free(unix_sockets
);
2587 mac_selinux_finish();
2590 return EXIT_FAILURE
;
2591 else if (invalid_config
)
2594 return EXIT_SUCCESS
;