1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering, Kay Sievers
7 Copyright 2015 Zbigniew Jędrzejewski-Szmek
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
37 #include <sys/xattr.h>
42 #include "btrfs-util.h"
43 #include "capability.h"
44 #include "conf-files.h"
48 #include "formats-util.h"
55 #include "path-util.h"
57 #include "selinux-util.h"
59 #include "specifier.h"
60 #include "string-util.h"
64 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
65 * them in the file system. This is intended to be used to create
66 * properly owned directories beneath /tmp, /var/tmp, /run, which are
67 * volatile and hence need to be recreated on bootup. */
69 typedef enum ItemType
{
70 /* These ones take file names */
73 CREATE_DIRECTORY
= 'd',
74 TRUNCATE_DIRECTORY
= 'D',
75 CREATE_SUBVOLUME
= 'v',
76 CREATE_SUBVOLUME_INHERIT_QUOTA
= 'q',
77 CREATE_SUBVOLUME_NEW_QUOTA
= 'Q',
80 CREATE_CHAR_DEVICE
= 'c',
81 CREATE_BLOCK_DEVICE
= 'b',
84 /* These ones take globs */
87 RECURSIVE_SET_XATTR
= 'T',
89 RECURSIVE_SET_ACL
= 'A',
91 RECURSIVE_SET_ATTRIBUTE
= 'H',
93 IGNORE_DIRECTORY_PATH
= 'X',
95 RECURSIVE_REMOVE_PATH
= 'R',
97 RECURSIVE_RELABEL_PATH
= 'Z',
98 ADJUST_MODE
= 'm', /* legacy, 'z' is identical to this */
101 typedef struct Item
{
117 unsigned attribute_value
;
118 unsigned attribute_mask
;
125 bool attribute_set
:1;
127 bool keep_first_level
:1;
134 typedef struct ItemArray
{
140 static bool arg_create
= false;
141 static bool arg_clean
= false;
142 static bool arg_remove
= false;
143 static bool arg_boot
= false;
145 static char **arg_include_prefixes
= NULL
;
146 static char **arg_exclude_prefixes
= NULL
;
147 static char *arg_root
= NULL
;
149 static const char conf_file_dirs
[] = CONF_DIRS_NULSTR("tmpfiles");
151 #define MAX_DEPTH 256
153 static OrderedHashmap
*items
= NULL
, *globs
= NULL
;
154 static Set
*unix_sockets
= NULL
;
156 static const Specifier specifier_table
[] = {
157 { 'm', specifier_machine_id
, NULL
},
158 { 'b', specifier_boot_id
, NULL
},
159 { 'H', specifier_host_name
, NULL
},
160 { 'v', specifier_kernel_release
, NULL
},
164 static bool needs_glob(ItemType t
) {
168 IGNORE_DIRECTORY_PATH
,
170 RECURSIVE_REMOVE_PATH
,
173 RECURSIVE_RELABEL_PATH
,
179 RECURSIVE_SET_ATTRIBUTE
);
182 static bool takes_ownership(ItemType t
) {
189 CREATE_SUBVOLUME_INHERIT_QUOTA
,
190 CREATE_SUBVOLUME_NEW_QUOTA
,
198 IGNORE_DIRECTORY_PATH
,
200 RECURSIVE_REMOVE_PATH
);
203 static struct Item
* find_glob(OrderedHashmap
*h
, const char *match
) {
207 ORDERED_HASHMAP_FOREACH(j
, h
, i
) {
210 for (n
= 0; n
< j
->count
; n
++) {
211 Item
*item
= j
->items
+ n
;
213 if (fnmatch(item
->path
, match
, FNM_PATHNAME
|FNM_PERIOD
) == 0)
221 static void load_unix_sockets(void) {
222 _cleanup_fclose_
FILE *f
= NULL
;
228 /* We maintain a cache of the sockets we found in
229 * /proc/net/unix to speed things up a little. */
231 unix_sockets
= set_new(&string_hash_ops
);
235 f
= fopen("/proc/net/unix", "re");
240 if (!fgets(line
, sizeof(line
), f
))
247 if (!fgets(line
, sizeof(line
), f
))
252 p
= strchr(line
, ':');
260 p
+= strspn(p
, WHITESPACE
);
261 p
+= strcspn(p
, WHITESPACE
); /* skip one more word */
262 p
+= strspn(p
, WHITESPACE
);
271 path_kill_slashes(s
);
273 k
= set_consume(unix_sockets
, s
);
274 if (k
< 0 && k
!= -EEXIST
)
281 set_free_free(unix_sockets
);
285 static bool unix_socket_alive(const char *fn
) {
291 return !!set_get(unix_sockets
, (char*) fn
);
293 /* We don't know, so assume yes */
297 static int dir_is_mount_point(DIR *d
, const char *subdir
) {
299 union file_handle_union h
= FILE_HANDLE_INIT
;
300 int mount_id_parent
, mount_id
;
303 r_p
= name_to_handle_at(dirfd(d
), ".", &h
.handle
, &mount_id_parent
, 0);
307 h
.handle
.handle_bytes
= MAX_HANDLE_SZ
;
308 r
= name_to_handle_at(dirfd(d
), subdir
, &h
.handle
, &mount_id
, 0);
312 /* got no handle; make no assumptions, return error */
313 if (r_p
< 0 && r
< 0)
316 /* got both handles; if they differ, it is a mount point */
317 if (r_p
>= 0 && r
>= 0)
318 return mount_id_parent
!= mount_id
;
320 /* got only one handle; assume different mount points if one
321 * of both queries was not supported by the filesystem */
322 if (r_p
== -ENOSYS
|| r_p
== -EOPNOTSUPP
|| r
== -ENOSYS
|| r
== -EOPNOTSUPP
)
331 static DIR* xopendirat_nomod(int dirfd
, const char *path
) {
334 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
|O_NOATIME
);
338 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
342 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
);
344 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
349 static DIR* opendir_nomod(const char *path
) {
350 return xopendirat_nomod(AT_FDCWD
, path
);
353 static int dir_cleanup(
357 const struct stat
*ds
,
362 bool keep_this_level
) {
365 struct timespec times
[2];
366 bool deleted
= false;
369 while ((dent
= readdir(d
))) {
372 _cleanup_free_
char *sub_path
= NULL
;
374 if (STR_IN_SET(dent
->d_name
, ".", ".."))
377 if (fstatat(dirfd(d
), dent
->d_name
, &s
, AT_SYMLINK_NOFOLLOW
) < 0) {
381 /* FUSE, NFS mounts, SELinux might return EACCES */
383 log_debug_errno(errno
, "stat(%s/%s) failed: %m", p
, dent
->d_name
);
385 log_error_errno(errno
, "stat(%s/%s) failed: %m", p
, dent
->d_name
);
390 /* Stay on the same filesystem */
391 if (s
.st_dev
!= rootdev
) {
392 log_debug("Ignoring \"%s/%s\": different filesystem.", p
, dent
->d_name
);
396 /* Try to detect bind mounts of the same filesystem instance; they
397 * do not differ in device major/minors. This type of query is not
398 * supported on all kernels or filesystem types though. */
399 if (S_ISDIR(s
.st_mode
) && dir_is_mount_point(d
, dent
->d_name
) > 0) {
400 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
405 /* Do not delete read-only files owned by root */
406 if (s
.st_uid
== 0 && !(s
.st_mode
& S_IWUSR
)) {
407 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p
, dent
->d_name
);
411 sub_path
= strjoin(p
, "/", dent
->d_name
, NULL
);
417 /* Is there an item configured for this path? */
418 if (ordered_hashmap_get(items
, sub_path
)) {
419 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path
);
423 if (find_glob(globs
, sub_path
)) {
424 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path
);
428 if (S_ISDIR(s
.st_mode
)) {
431 streq(dent
->d_name
, "lost+found") &&
433 log_debug("Ignoring \"%s\".", sub_path
);
438 log_warning("Reached max depth on \"%s\".", sub_path
);
440 _cleanup_closedir_
DIR *sub_dir
;
443 sub_dir
= xopendirat_nomod(dirfd(d
), dent
->d_name
);
446 r
= log_error_errno(errno
, "opendir(%s) failed: %m", sub_path
);
451 q
= dir_cleanup(i
, sub_path
, sub_dir
, &s
, cutoff
, rootdev
, false, maxdepth
-1, false);
456 /* Note: if you are wondering why we don't
457 * support the sticky bit for excluding
458 * directories from cleaning like we do it for
459 * other file system objects: well, the sticky
460 * bit already has a meaning for directories,
461 * so we don't want to overload that. */
463 if (keep_this_level
) {
464 log_debug("Keeping \"%s\".", sub_path
);
468 /* Ignore ctime, we change it when deleting */
469 age
= timespec_load(&s
.st_mtim
);
471 char a
[FORMAT_TIMESTAMP_MAX
];
472 /* Follows spelling in stat(1). */
473 log_debug("Directory \"%s\": modify time %s is too new.",
475 format_timestamp_us(a
, sizeof(a
), age
));
479 age
= timespec_load(&s
.st_atim
);
481 char a
[FORMAT_TIMESTAMP_MAX
];
482 log_debug("Directory \"%s\": access time %s is too new.",
484 format_timestamp_us(a
, sizeof(a
), age
));
488 log_debug("Removing directory \"%s\".", sub_path
);
489 if (unlinkat(dirfd(d
), dent
->d_name
, AT_REMOVEDIR
) < 0)
490 if (errno
!= ENOENT
&& errno
!= ENOTEMPTY
) {
491 log_error_errno(errno
, "rmdir(%s): %m", sub_path
);
496 /* Skip files for which the sticky bit is
497 * set. These are semantics we define, and are
498 * unknown elsewhere. See XDG_RUNTIME_DIR
499 * specification for details. */
500 if (s
.st_mode
& S_ISVTX
) {
501 log_debug("Skipping \"%s\": sticky bit set.", sub_path
);
505 if (mountpoint
&& S_ISREG(s
.st_mode
))
506 if (s
.st_uid
== 0 && STR_IN_SET(dent
->d_name
,
510 log_debug("Skipping \"%s\".", sub_path
);
514 /* Ignore sockets that are listed in /proc/net/unix */
515 if (S_ISSOCK(s
.st_mode
) && unix_socket_alive(sub_path
)) {
516 log_debug("Skipping \"%s\": live socket.", sub_path
);
520 /* Ignore device nodes */
521 if (S_ISCHR(s
.st_mode
) || S_ISBLK(s
.st_mode
)) {
522 log_debug("Skipping \"%s\": a device.", sub_path
);
526 /* Keep files on this level around if this is
528 if (keep_this_level
) {
529 log_debug("Keeping \"%s\".", sub_path
);
533 age
= timespec_load(&s
.st_mtim
);
535 char a
[FORMAT_TIMESTAMP_MAX
];
536 /* Follows spelling in stat(1). */
537 log_debug("File \"%s\": modify time %s is too new.",
539 format_timestamp_us(a
, sizeof(a
), age
));
543 age
= timespec_load(&s
.st_atim
);
545 char a
[FORMAT_TIMESTAMP_MAX
];
546 log_debug("File \"%s\": access time %s is too new.",
548 format_timestamp_us(a
, sizeof(a
), age
));
552 age
= timespec_load(&s
.st_ctim
);
554 char a
[FORMAT_TIMESTAMP_MAX
];
555 log_debug("File \"%s\": change time %s is too new.",
557 format_timestamp_us(a
, sizeof(a
), age
));
561 log_debug("unlink \"%s\"", sub_path
);
563 if (unlinkat(dirfd(d
), dent
->d_name
, 0) < 0)
565 r
= log_error_errno(errno
, "unlink(%s): %m", sub_path
);
574 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
576 /* Restore original directory timestamps */
577 times
[0] = ds
->st_atim
;
578 times
[1] = ds
->st_mtim
;
580 age1
= timespec_load(&ds
->st_atim
);
581 age2
= timespec_load(&ds
->st_mtim
);
582 log_debug("Restoring access and modification time on \"%s\": %s, %s",
584 format_timestamp_us(a
, sizeof(a
), age1
),
585 format_timestamp_us(b
, sizeof(b
), age2
));
586 if (futimens(dirfd(d
), times
) < 0)
587 log_error_errno(errno
, "utimensat(%s): %m", p
);
593 static int path_set_perms(Item
*i
, const char *path
) {
594 _cleanup_close_
int fd
= -1;
600 /* We open the file with O_PATH here, to make the operation
601 * somewhat atomic. Also there's unfortunately no fchmodat()
602 * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via
605 fd
= open(path
, O_RDONLY
|O_NOFOLLOW
|O_CLOEXEC
|O_PATH
|O_NOATIME
);
607 return log_error_errno(errno
, "Adjusting owner and mode for %s failed: %m", path
);
609 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
610 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
612 if (S_ISLNK(st
.st_mode
))
613 log_debug("Skipping mode an owner fix for symlink %s.", path
);
615 char fn
[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
616 xsprintf(fn
, "/proc/self/fd/%i", fd
);
618 /* not using i->path directly because it may be a glob */
623 if (!(st
.st_mode
& 0111))
625 if (!(st
.st_mode
& 0222))
627 if (!(st
.st_mode
& 0444))
629 if (!S_ISDIR(st
.st_mode
))
630 m
&= ~07000; /* remove sticky/sgid/suid bit, unless directory */
633 if (m
== (st
.st_mode
& 07777))
634 log_debug("\"%s\" has right mode %o", path
, st
.st_mode
);
636 log_debug("chmod \"%s\" to mode %o", path
, m
);
637 if (chmod(fn
, m
) < 0)
638 return log_error_errno(errno
, "chmod(%s) failed: %m", path
);
642 if ((i
->uid
!= st
.st_uid
|| i
->gid
!= st
.st_gid
) &&
643 (i
->uid_set
|| i
->gid_set
)) {
644 log_debug("chown \"%s\" to "UID_FMT
"."GID_FMT
,
646 i
->uid_set
? i
->uid
: UID_INVALID
,
647 i
->gid_set
? i
->gid
: GID_INVALID
);
649 i
->uid_set
? i
->uid
: UID_INVALID
,
650 i
->gid_set
? i
->gid
: GID_INVALID
) < 0)
651 return log_error_errno(errno
, "chown(%s) failed: %m", path
);
657 return label_fix(path
, false, false);
660 static int parse_xattrs_from_arg(Item
*i
) {
670 _cleanup_free_
char *name
= NULL
, *value
= NULL
, *xattr
= NULL
, *xattr_replaced
= NULL
;
672 r
= extract_first_word(&p
, &xattr
, NULL
, EXTRACT_QUOTES
|EXTRACT_CUNESCAPE
);
674 log_warning_errno(r
, "Failed to parse extended attribute '%s', ignoring: %m", p
);
678 r
= specifier_printf(xattr
, specifier_table
, NULL
, &xattr_replaced
);
680 return log_error_errno(r
, "Failed to replace specifiers in extended attribute '%s': %m", xattr
);
682 r
= split_pair(xattr_replaced
, "=", &name
, &value
);
684 log_warning_errno(r
, "Failed to parse extended attribute, ignoring: %s", xattr
);
688 if (isempty(name
) || isempty(value
)) {
689 log_warning("Malformed extended attribute found, ignoring: %s", xattr
);
693 if (strv_push_pair(&i
->xattrs
, name
, value
) < 0)
702 static int path_set_xattrs(Item
*i
, const char *path
) {
703 char **name
, **value
;
708 STRV_FOREACH_PAIR(name
, value
, i
->xattrs
) {
712 log_debug("Setting extended attribute '%s=%s' on %s.", *name
, *value
, path
);
713 if (lsetxattr(path
, *name
, *value
, n
, 0) < 0) {
714 log_error("Setting extended attribute %s=%s on %s failed: %m", *name
, *value
, path
);
721 static int parse_acls_from_arg(Item
*item
) {
727 /* If force (= modify) is set, we will not modify the acl
728 * afterwards, so the mask can be added now if necessary. */
730 r
= parse_acl(item
->argument
, &item
->acl_access
, &item
->acl_default
, !item
->force
);
732 log_warning_errno(r
, "Failed to parse ACL \"%s\": %m. Ignoring", item
->argument
);
734 log_warning_errno(ENOSYS
, "ACLs are not supported. Ignoring");
741 static int path_set_acl(const char *path
, const char *pretty
, acl_type_t type
, acl_t acl
, bool modify
) {
742 _cleanup_(acl_free_charpp
) char *t
= NULL
;
743 _cleanup_(acl_freep
) acl_t dup
= NULL
;
746 /* Returns 0 for success, positive error if already warned,
747 * negative error otherwise. */
750 r
= acls_for_file(path
, type
, acl
, &dup
);
754 r
= calc_acl_mask_if_needed(&dup
);
762 /* the mask was already added earlier if needed */
765 r
= add_base_acls_if_needed(&dup
, path
);
769 t
= acl_to_any_text(dup
, NULL
, ',', TEXT_ABBREVIATE
);
770 log_debug("Setting %s ACL %s on %s.",
771 type
== ACL_TYPE_ACCESS
? "access" : "default",
774 r
= acl_set_file(path
, type
, dup
);
776 /* Return positive to indicate we already warned */
777 return -log_error_errno(errno
,
778 "Setting %s ACL \"%s\" on %s failed: %m",
779 type
== ACL_TYPE_ACCESS
? "access" : "default",
786 static int path_set_acls(Item
*item
, const char *path
) {
789 char fn
[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
790 _cleanup_close_
int fd
= -1;
796 fd
= open(path
, O_RDONLY
|O_NOFOLLOW
|O_CLOEXEC
|O_PATH
|O_NOATIME
);
798 return log_error_errno(errno
, "Adjusting ACL of %s failed: %m", path
);
800 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
801 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
803 if (S_ISLNK(st
.st_mode
)) {
804 log_debug("Skipping ACL fix for symlink %s.", path
);
808 xsprintf(fn
, "/proc/self/fd/%i", fd
);
810 if (item
->acl_access
)
811 r
= path_set_acl(fn
, path
, ACL_TYPE_ACCESS
, item
->acl_access
, item
->force
);
813 if (r
== 0 && item
->acl_default
)
814 r
= path_set_acl(fn
, path
, ACL_TYPE_DEFAULT
, item
->acl_default
, item
->force
);
817 return -r
; /* already warned */
818 else if (r
== -EOPNOTSUPP
) {
819 log_debug_errno(r
, "ACLs not supported by file system at %s", path
);
822 log_error_errno(r
, "ACL operation on \"%s\" failed: %m", path
);
827 #define ATTRIBUTES_ALL \
836 FS_JOURNAL_DATA_FL | \
843 static int parse_attribute_from_arg(Item
*item
) {
845 static const struct {
849 { 'A', FS_NOATIME_FL
}, /* do not update atime */
850 { 'S', FS_SYNC_FL
}, /* Synchronous updates */
851 { 'D', FS_DIRSYNC_FL
}, /* dirsync behaviour (directories only) */
852 { 'a', FS_APPEND_FL
}, /* writes to file may only append */
853 { 'c', FS_COMPR_FL
}, /* Compress file */
854 { 'd', FS_NODUMP_FL
}, /* do not dump file */
855 { 'e', FS_EXTENT_FL
}, /* Top of directory hierarchies*/
856 { 'i', FS_IMMUTABLE_FL
}, /* Immutable file */
857 { 'j', FS_JOURNAL_DATA_FL
}, /* Reserved for ext3 */
858 { 's', FS_SECRM_FL
}, /* Secure deletion */
859 { 'u', FS_UNRM_FL
}, /* Undelete */
860 { 't', FS_NOTAIL_FL
}, /* file tail should not be merged */
861 { 'T', FS_TOPDIR_FL
}, /* Top of directory hierarchies*/
862 { 'C', FS_NOCOW_FL
}, /* Do not cow file */
871 unsigned value
= 0, mask
= 0;
881 } else if (*p
== '-') {
884 } else if (*p
== '=') {
890 if (isempty(p
) && mode
!= MODE_SET
) {
891 log_error("Setting file attribute on '%s' needs an attribute specification.", item
->path
);
895 for (; p
&& *p
; p
++) {
898 for (i
= 0; i
< ELEMENTSOF(attributes
); i
++)
899 if (*p
== attributes
[i
].character
)
902 if (i
>= ELEMENTSOF(attributes
)) {
903 log_error("Unknown file attribute '%c' on '%s'.", *p
, item
->path
);
907 v
= attributes
[i
].value
;
909 if (mode
== MODE_ADD
|| mode
== MODE_SET
)
917 if (mode
== MODE_SET
)
918 mask
|= ATTRIBUTES_ALL
;
922 item
->attribute_mask
= mask
;
923 item
->attribute_value
= value
;
924 item
->attribute_set
= true;
929 static int path_set_attribute(Item
*item
, const char *path
) {
930 _cleanup_close_
int fd
= -1;
935 if (!item
->attribute_set
|| item
->attribute_mask
== 0)
938 fd
= open(path
, O_RDONLY
|O_NONBLOCK
|O_CLOEXEC
|O_NOATIME
|O_NOFOLLOW
);
941 return log_error_errno(errno
, "Skipping file attributes adjustment on symlink %s.", path
);
943 return log_error_errno(errno
, "Cannot open '%s': %m", path
);
946 if (fstat(fd
, &st
) < 0)
947 return log_error_errno(errno
, "Cannot stat '%s': %m", path
);
949 /* Issuing the file attribute ioctls on device nodes is not
950 * safe, as that will be delivered to the drivers, not the
951 * file system containing the device node. */
952 if (!S_ISREG(st
.st_mode
) && !S_ISDIR(st
.st_mode
)) {
953 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path
);
957 f
= item
->attribute_value
& item
->attribute_mask
;
959 /* Mask away directory-specific flags */
960 if (!S_ISDIR(st
.st_mode
))
963 r
= chattr_fd(fd
, f
, item
->attribute_mask
);
965 log_full_errno(r
== -ENOTTY
? LOG_DEBUG
: LOG_WARNING
,
967 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
968 path
, item
->attribute_value
, item
->attribute_mask
);
973 static int write_one_file(Item
*i
, const char *path
) {
974 _cleanup_close_
int fd
= -1;
981 flags
= i
->type
== CREATE_FILE
? O_CREAT
|O_APPEND
|O_NOFOLLOW
:
982 i
->type
== TRUNCATE_FILE
? O_CREAT
|O_TRUNC
|O_NOFOLLOW
: 0;
984 RUN_WITH_UMASK(0000) {
985 mac_selinux_create_file_prepare(path
, S_IFREG
);
986 fd
= open(path
, flags
|O_NDELAY
|O_CLOEXEC
|O_WRONLY
|O_NOCTTY
, i
->mode
);
987 mac_selinux_create_file_clear();
991 if (i
->type
== WRITE_FILE
&& errno
== ENOENT
) {
992 log_debug_errno(errno
, "Not writing \"%s\": %m", path
);
997 if (!i
->argument
&& errno
== EROFS
&& stat(path
, &st
) == 0 &&
998 (i
->type
== CREATE_FILE
|| st
.st_size
== 0))
1001 return log_error_errno(r
, "Failed to create file %s: %m", path
);
1005 _cleanup_free_
char *unescaped
= NULL
, *replaced
= NULL
;
1007 log_debug("%s to \"%s\".", i
->type
== CREATE_FILE
? "Appending" : "Writing", path
);
1009 r
= cunescape(i
->argument
, 0, &unescaped
);
1011 return log_error_errno(r
, "Failed to unescape parameter to write: %s", i
->argument
);
1013 r
= specifier_printf(unescaped
, specifier_table
, NULL
, &replaced
);
1015 return log_error_errno(r
, "Failed to replace specifiers in parameter to write '%s': %m", unescaped
);
1017 r
= loop_write(fd
, replaced
, strlen(replaced
), false);
1019 return log_error_errno(r
, "Failed to write file \"%s\": %m", path
);
1021 log_debug("\"%s\" has been created.", path
);
1023 fd
= safe_close(fd
);
1025 if (stat(path
, &st
) < 0)
1026 return log_error_errno(errno
, "stat(%s) failed: %m", path
);
1029 if (!S_ISREG(st
.st_mode
)) {
1030 log_error("%s is not a file.", path
);
1034 r
= path_set_perms(i
, path
);
1041 typedef int (*action_t
)(Item
*, const char *);
1043 static int item_do_children(Item
*i
, const char *path
, action_t action
) {
1044 _cleanup_closedir_
DIR *d
;
1050 /* This returns the first error we run into, but nevertheless
1053 d
= opendir_nomod(path
);
1055 return errno
== ENOENT
|| errno
== ENOTDIR
? 0 : -errno
;
1058 _cleanup_free_
char *p
= NULL
;
1065 if (errno
!= 0 && r
== 0)
1071 if (STR_IN_SET(de
->d_name
, ".", ".."))
1074 p
= strjoin(path
, "/", de
->d_name
, NULL
);
1079 if (q
< 0 && q
!= -ENOENT
&& r
== 0)
1082 if (IN_SET(de
->d_type
, DT_UNKNOWN
, DT_DIR
)) {
1083 q
= item_do_children(i
, p
, action
);
1084 if (q
< 0 && r
== 0)
1092 static int glob_item(Item
*i
, action_t action
, bool recursive
) {
1093 _cleanup_globfree_ glob_t g
= {
1094 .gl_closedir
= (void (*)(void *)) closedir
,
1095 .gl_readdir
= (struct dirent
*(*)(void *)) readdir
,
1096 .gl_opendir
= (void *(*)(const char *)) opendir_nomod
,
1104 k
= glob(i
->path
, GLOB_NOSORT
|GLOB_BRACE
|GLOB_ALTDIRFUNC
, NULL
, &g
);
1105 if (k
!= 0 && k
!= GLOB_NOMATCH
)
1106 return log_error_errno(errno
?: EIO
, "glob(%s) failed: %m", i
->path
);
1108 STRV_FOREACH(fn
, g
.gl_pathv
) {
1110 if (k
< 0 && r
== 0)
1114 k
= item_do_children(i
, *fn
, action
);
1115 if (k
< 0 && r
== 0)
1128 _CREATION_MODE_INVALID
= -1
1131 static const char *creation_mode_verb_table
[_CREATION_MODE_MAX
] = {
1132 [CREATION_NORMAL
] = "Created",
1133 [CREATION_EXISTING
] = "Found existing",
1134 [CREATION_FORCE
] = "Created replacement",
1137 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb
, CreationMode
);
1139 static int create_item(Item
*i
) {
1140 _cleanup_free_
char *resolved
= NULL
;
1143 CreationMode creation
;
1147 log_debug("Running create action for entry %c %s", (char) i
->type
, i
->path
);
1152 case IGNORE_DIRECTORY_PATH
:
1154 case RECURSIVE_REMOVE_PATH
:
1159 r
= write_one_file(i
, i
->path
);
1165 r
= specifier_printf(i
->argument
, specifier_table
, NULL
, &resolved
);
1167 return log_error_errno(r
, "Failed to substitute specifiers in copy source %s: %m", i
->argument
);
1169 log_debug("Copying tree \"%s\" to \"%s\".", resolved
, i
->path
);
1170 r
= copy_tree(resolved
, i
->path
, false);
1172 if (r
== -EROFS
&& stat(i
->path
, &st
) == 0)
1179 return log_error_errno(r
, "Failed to copy files to %s: %m", i
->path
);
1181 if (stat(resolved
, &a
) < 0)
1182 return log_error_errno(errno
, "stat(%s) failed: %m", resolved
);
1184 if (stat(i
->path
, &b
) < 0)
1185 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1187 if ((a
.st_mode
^ b
.st_mode
) & S_IFMT
) {
1188 log_debug("Can't copy to %s, file exists already and is of different type", i
->path
);
1193 r
= path_set_perms(i
, i
->path
);
1200 r
= glob_item(i
, write_one_file
, false);
1206 case CREATE_DIRECTORY
:
1207 case TRUNCATE_DIRECTORY
:
1208 case CREATE_SUBVOLUME
:
1209 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1210 case CREATE_SUBVOLUME_NEW_QUOTA
:
1212 RUN_WITH_UMASK(0000)
1213 mkdir_parents_label(i
->path
, 0755);
1215 if (IN_SET(i
->type
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
)) {
1216 RUN_WITH_UMASK((~i
->mode
) & 0777)
1217 r
= btrfs_subvol_make(i
->path
);
1221 if (IN_SET(i
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
) || r
== -ENOTTY
)
1222 RUN_WITH_UMASK(0000)
1223 r
= mkdir_label(i
->path
, i
->mode
);
1228 if (r
!= -EEXIST
&& r
!= -EROFS
)
1229 return log_error_errno(r
, "Failed to create directory or subvolume \"%s\": %m", i
->path
);
1231 k
= is_dir(i
->path
, false);
1232 if (k
== -ENOENT
&& r
== -EROFS
)
1233 return log_error_errno(r
, "%s does not exist and cannot be created as the file system is read-only.", i
->path
);
1235 return log_error_errno(k
, "Failed to check if %s exists: %m", i
->path
);
1237 log_warning("\"%s\" already exists and is not a directory.", i
->path
);
1241 creation
= CREATION_EXISTING
;
1243 creation
= CREATION_NORMAL
;
1245 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1247 if (IN_SET(i
->type
, CREATE_SUBVOLUME_NEW_QUOTA
, CREATE_SUBVOLUME_INHERIT_QUOTA
)) {
1248 r
= btrfs_subvol_auto_qgroup(i
->path
, 0, i
->type
== CREATE_SUBVOLUME_NEW_QUOTA
);
1250 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" because of unsupported file system or because directory is not a subvolume: %m", i
->path
);
1254 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" because of read-only file system: %m", i
->path
);
1258 return log_error_errno(r
, "Failed to adjust quota for subvolume \"%s\": %m", i
->path
);
1260 log_debug("Adjusted quota for subvolume \"%s\".", i
->path
);
1262 log_debug("Quota for subvolume \"%s\" already in place, no change made.", i
->path
);
1265 r
= path_set_perms(i
, i
->path
);
1273 RUN_WITH_UMASK(0000) {
1274 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1275 r
= mkfifo(i
->path
, i
->mode
);
1276 mac_selinux_create_file_clear();
1280 if (errno
!= EEXIST
)
1281 return log_error_errno(errno
, "Failed to create fifo %s: %m", i
->path
);
1283 if (lstat(i
->path
, &st
) < 0)
1284 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1286 if (!S_ISFIFO(st
.st_mode
)) {
1289 RUN_WITH_UMASK(0000) {
1290 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1291 r
= mkfifo_atomic(i
->path
, i
->mode
);
1292 mac_selinux_create_file_clear();
1296 return log_error_errno(r
, "Failed to create fifo %s: %m", i
->path
);
1297 creation
= CREATION_FORCE
;
1299 log_warning("\"%s\" already exists and is not a fifo.", i
->path
);
1303 creation
= CREATION_EXISTING
;
1305 creation
= CREATION_NORMAL
;
1306 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1308 r
= path_set_perms(i
, i
->path
);
1315 case CREATE_SYMLINK
: {
1316 r
= specifier_printf(i
->argument
, specifier_table
, NULL
, &resolved
);
1318 return log_error_errno(r
, "Failed to substitute specifiers in symlink target %s: %m", i
->argument
);
1320 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1321 r
= symlink(resolved
, i
->path
);
1322 mac_selinux_create_file_clear();
1325 _cleanup_free_
char *x
= NULL
;
1327 if (errno
!= EEXIST
)
1328 return log_error_errno(errno
, "symlink(%s, %s) failed: %m", resolved
, i
->path
);
1330 r
= readlink_malloc(i
->path
, &x
);
1331 if (r
< 0 || !streq(resolved
, x
)) {
1334 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1335 r
= symlink_atomic(resolved
, i
->path
);
1336 mac_selinux_create_file_clear();
1339 return log_error_errno(r
, "symlink(%s, %s) failed: %m", resolved
, i
->path
);
1341 creation
= CREATION_FORCE
;
1343 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i
->path
);
1347 creation
= CREATION_EXISTING
;
1350 creation
= CREATION_NORMAL
;
1351 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1355 case CREATE_BLOCK_DEVICE
:
1356 case CREATE_CHAR_DEVICE
: {
1359 if (have_effective_cap(CAP_MKNOD
) == 0) {
1360 /* In a container we lack CAP_MKNOD. We
1361 shouldn't attempt to create the device node in
1362 that case to avoid noise, and we don't support
1363 virtualized devices in containers anyway. */
1365 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i
->path
);
1369 file_type
= i
->type
== CREATE_BLOCK_DEVICE
? S_IFBLK
: S_IFCHR
;
1371 RUN_WITH_UMASK(0000) {
1372 mac_selinux_create_file_prepare(i
->path
, file_type
);
1373 r
= mknod(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1374 mac_selinux_create_file_clear();
1378 if (errno
== EPERM
) {
1379 log_debug("We lack permissions, possibly because of cgroup configuration; "
1380 "skipping creation of device node %s.", i
->path
);
1384 if (errno
!= EEXIST
)
1385 return log_error_errno(errno
, "Failed to create device node %s: %m", i
->path
);
1387 if (lstat(i
->path
, &st
) < 0)
1388 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1390 if ((st
.st_mode
& S_IFMT
) != file_type
) {
1394 RUN_WITH_UMASK(0000) {
1395 mac_selinux_create_file_prepare(i
->path
, file_type
);
1396 r
= mknod_atomic(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1397 mac_selinux_create_file_clear();
1401 return log_error_errno(r
, "Failed to create device node \"%s\": %m", i
->path
);
1402 creation
= CREATION_FORCE
;
1404 log_debug("%s is not a device node.", i
->path
);
1408 creation
= CREATION_EXISTING
;
1410 creation
= CREATION_NORMAL
;
1412 log_debug("%s %s device node \"%s\" %u:%u.",
1413 creation_mode_verb_to_string(creation
),
1414 i
->type
== CREATE_BLOCK_DEVICE
? "block" : "char",
1415 i
->path
, major(i
->mode
), minor(i
->mode
));
1417 r
= path_set_perms(i
, i
->path
);
1426 r
= glob_item(i
, path_set_perms
, false);
1431 case RECURSIVE_RELABEL_PATH
:
1432 r
= glob_item(i
, path_set_perms
, true);
1438 r
= glob_item(i
, path_set_xattrs
, false);
1443 case RECURSIVE_SET_XATTR
:
1444 r
= glob_item(i
, path_set_xattrs
, true);
1450 r
= glob_item(i
, path_set_acls
, false);
1455 case RECURSIVE_SET_ACL
:
1456 r
= glob_item(i
, path_set_acls
, true);
1462 r
= glob_item(i
, path_set_attribute
, false);
1467 case RECURSIVE_SET_ATTRIBUTE
:
1468 r
= glob_item(i
, path_set_attribute
, true);
1477 static int remove_item_instance(Item
*i
, const char *instance
) {
1485 if (remove(instance
) < 0 && errno
!= ENOENT
)
1486 return log_error_errno(errno
, "rm(%s): %m", instance
);
1490 case TRUNCATE_DIRECTORY
:
1491 case RECURSIVE_REMOVE_PATH
:
1492 /* FIXME: we probably should use dir_cleanup() here
1493 * instead of rm_rf() so that 'x' is honoured. */
1494 log_debug("rm -rf \"%s\"", instance
);
1495 r
= rm_rf(instance
, (i
->type
== RECURSIVE_REMOVE_PATH
? REMOVE_ROOT
|REMOVE_SUBVOLUME
: 0) | REMOVE_PHYSICAL
);
1496 if (r
< 0 && r
!= -ENOENT
)
1497 return log_error_errno(r
, "rm_rf(%s): %m", instance
);
1502 assert_not_reached("wut?");
1508 static int remove_item(Item
*i
) {
1513 log_debug("Running remove action for entry %c %s", (char) i
->type
, i
->path
);
1519 case CREATE_DIRECTORY
:
1520 case CREATE_SUBVOLUME
:
1521 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1522 case CREATE_SUBVOLUME_NEW_QUOTA
:
1524 case CREATE_SYMLINK
:
1525 case CREATE_CHAR_DEVICE
:
1526 case CREATE_BLOCK_DEVICE
:
1528 case IGNORE_DIRECTORY_PATH
:
1531 case RECURSIVE_RELABEL_PATH
:
1535 case RECURSIVE_SET_XATTR
:
1537 case RECURSIVE_SET_ACL
:
1539 case RECURSIVE_SET_ATTRIBUTE
:
1543 case TRUNCATE_DIRECTORY
:
1544 case RECURSIVE_REMOVE_PATH
:
1545 r
= glob_item(i
, remove_item_instance
, false);
1552 static int clean_item_instance(Item
*i
, const char* instance
) {
1553 _cleanup_closedir_
DIR *d
= NULL
;
1557 char timestamp
[FORMAT_TIMESTAMP_MAX
];
1564 n
= now(CLOCK_REALTIME
);
1568 cutoff
= n
- i
->age
;
1570 d
= opendir_nomod(instance
);
1572 if (errno
== ENOENT
|| errno
== ENOTDIR
) {
1573 log_debug_errno(errno
, "Directory \"%s\": %m", instance
);
1577 log_error_errno(errno
, "Failed to open directory %s: %m", instance
);
1581 if (fstat(dirfd(d
), &s
) < 0)
1582 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1584 if (!S_ISDIR(s
.st_mode
)) {
1585 log_error("%s is not a directory.", i
->path
);
1589 if (fstatat(dirfd(d
), "..", &ps
, AT_SYMLINK_NOFOLLOW
) != 0)
1590 return log_error_errno(errno
, "stat(%s/..) failed: %m", i
->path
);
1592 mountpoint
= s
.st_dev
!= ps
.st_dev
|| s
.st_ino
== ps
.st_ino
;
1594 log_debug("Cleanup threshold for %s \"%s\" is %s",
1595 mountpoint
? "mount point" : "directory",
1597 format_timestamp_us(timestamp
, sizeof(timestamp
), cutoff
));
1599 return dir_cleanup(i
, instance
, d
, &s
, cutoff
, s
.st_dev
, mountpoint
,
1600 MAX_DEPTH
, i
->keep_first_level
);
1603 static int clean_item(Item
*i
) {
1608 log_debug("Running clean action for entry %c %s", (char) i
->type
, i
->path
);
1611 case CREATE_DIRECTORY
:
1612 case CREATE_SUBVOLUME
:
1613 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1614 case CREATE_SUBVOLUME_NEW_QUOTA
:
1615 case TRUNCATE_DIRECTORY
:
1618 clean_item_instance(i
, i
->path
);
1620 case IGNORE_DIRECTORY_PATH
:
1621 r
= glob_item(i
, clean_item_instance
, false);
1630 static int process_item_array(ItemArray
*array
);
1632 static int process_item(Item
*i
) {
1634 _cleanup_free_
char *prefix
= NULL
;
1643 prefix
= malloc(strlen(i
->path
) + 1);
1647 PATH_FOREACH_PREFIX(prefix
, i
->path
) {
1650 j
= ordered_hashmap_get(items
, prefix
);
1654 s
= process_item_array(j
);
1655 if (s
< 0 && t
== 0)
1660 r
= arg_create
? create_item(i
) : 0;
1661 q
= arg_remove
? remove_item(i
) : 0;
1662 p
= arg_clean
? clean_item(i
) : 0;
1670 static int process_item_array(ItemArray
*array
) {
1676 for (n
= 0; n
< array
->count
; n
++) {
1677 k
= process_item(array
->items
+ n
);
1678 if (k
< 0 && r
== 0)
1685 static void item_free_contents(Item
*i
) {
1689 strv_free(i
->xattrs
);
1692 acl_free(i
->acl_access
);
1693 acl_free(i
->acl_default
);
1697 static void item_array_free(ItemArray
*a
) {
1703 for (n
= 0; n
< a
->count
; n
++)
1704 item_free_contents(a
->items
+ n
);
1709 static int item_compare(const void *a
, const void *b
) {
1710 const Item
*x
= a
, *y
= b
;
1712 /* Make sure that the ownership taking item is put first, so
1713 * that we first create the node, and then can adjust it */
1715 if (takes_ownership(x
->type
) && !takes_ownership(y
->type
))
1717 if (!takes_ownership(x
->type
) && takes_ownership(y
->type
))
1720 return (int) x
->type
- (int) y
->type
;
1723 static bool item_compatible(Item
*a
, Item
*b
) {
1726 assert(streq(a
->path
, b
->path
));
1728 if (takes_ownership(a
->type
) && takes_ownership(b
->type
))
1729 /* check if the items are the same */
1730 return streq_ptr(a
->argument
, b
->argument
) &&
1732 a
->uid_set
== b
->uid_set
&&
1735 a
->gid_set
== b
->gid_set
&&
1738 a
->mode_set
== b
->mode_set
&&
1739 a
->mode
== b
->mode
&&
1741 a
->age_set
== b
->age_set
&&
1744 a
->mask_perms
== b
->mask_perms
&&
1746 a
->keep_first_level
== b
->keep_first_level
&&
1748 a
->major_minor
== b
->major_minor
;
1753 static bool should_include_path(const char *path
) {
1756 STRV_FOREACH(prefix
, arg_exclude_prefixes
)
1757 if (path_startswith(path
, *prefix
)) {
1758 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1763 STRV_FOREACH(prefix
, arg_include_prefixes
)
1764 if (path_startswith(path
, *prefix
)) {
1765 log_debug("Entry \"%s\" matches include prefix \"%s\".", path
, *prefix
);
1769 /* no matches, so we should include this path only if we
1770 * have no whitelist at all */
1771 if (strv_length(arg_include_prefixes
) == 0)
1774 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path
);
1778 static int parse_line(const char *fname
, unsigned line
, const char *buffer
) {
1780 _cleanup_free_
char *action
= NULL
, *mode
= NULL
, *user
= NULL
, *group
= NULL
, *age
= NULL
, *path
= NULL
;
1781 _cleanup_(item_free_contents
) Item i
= {};
1782 ItemArray
*existing
;
1785 bool force
= false, boot
= false;
1791 r
= extract_many_words(
1803 return log_error_errno(r
, "[%s:%u] Failed to parse line: %m", fname
, line
);
1805 log_error("[%s:%u] Syntax error.", fname
, line
);
1809 if (!isempty(buffer
) && !streq(buffer
, "-")) {
1810 i
.argument
= strdup(buffer
);
1815 if (isempty(action
)) {
1816 log_error("[%s:%u] Command too short '%s'.", fname
, line
, action
);
1820 for (pos
= 1; action
[pos
]; pos
++) {
1821 if (action
[pos
] == '!' && !boot
)
1823 else if (action
[pos
] == '+' && !force
)
1826 log_error("[%s:%u] Unknown modifiers in command '%s'",
1827 fname
, line
, action
);
1832 if (boot
&& !arg_boot
) {
1833 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
1841 r
= specifier_printf(path
, specifier_table
, NULL
, &i
.path
);
1843 log_error("[%s:%u] Failed to replace specifiers: %s", fname
, line
, path
);
1849 case CREATE_DIRECTORY
:
1850 case CREATE_SUBVOLUME
:
1851 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1852 case CREATE_SUBVOLUME_NEW_QUOTA
:
1853 case TRUNCATE_DIRECTORY
:
1856 case IGNORE_DIRECTORY_PATH
:
1858 case RECURSIVE_REMOVE_PATH
:
1861 case RECURSIVE_RELABEL_PATH
:
1863 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname
, line
, i
.type
);
1871 case CREATE_SYMLINK
:
1873 i
.argument
= strappend("/usr/share/factory/", i
.path
);
1881 log_error("[%s:%u] Write file requires argument.", fname
, line
);
1888 i
.argument
= strappend("/usr/share/factory/", i
.path
);
1891 } else if (!path_is_absolute(i
.argument
)) {
1892 log_error("[%s:%u] Source path is not absolute.", fname
, line
);
1896 path_kill_slashes(i
.argument
);
1899 case CREATE_CHAR_DEVICE
:
1900 case CREATE_BLOCK_DEVICE
: {
1901 unsigned major
, minor
;
1904 log_error("[%s:%u] Device file requires argument.", fname
, line
);
1908 if (sscanf(i
.argument
, "%u:%u", &major
, &minor
) != 2) {
1909 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname
, line
, i
.argument
);
1913 i
.major_minor
= makedev(major
, minor
);
1918 case RECURSIVE_SET_XATTR
:
1920 log_error("[%s:%u] Set extended attribute requires argument.", fname
, line
);
1923 r
= parse_xattrs_from_arg(&i
);
1929 case RECURSIVE_SET_ACL
:
1931 log_error("[%s:%u] Set ACLs requires argument.", fname
, line
);
1934 r
= parse_acls_from_arg(&i
);
1940 case RECURSIVE_SET_ATTRIBUTE
:
1942 log_error("[%s:%u] Set file attribute requires argument.", fname
, line
);
1945 r
= parse_attribute_from_arg(&i
);
1951 log_error("[%s:%u] Unknown command type '%c'.", fname
, line
, (char) i
.type
);
1955 if (!path_is_absolute(i
.path
)) {
1956 log_error("[%s:%u] Path '%s' not absolute.", fname
, line
, i
.path
);
1960 path_kill_slashes(i
.path
);
1962 if (!should_include_path(i
.path
))
1968 p
= prefix_root(arg_root
, i
.path
);
1976 if (!isempty(user
) && !streq(user
, "-")) {
1977 const char *u
= user
;
1979 r
= get_user_creds(&u
, &i
.uid
, NULL
, NULL
, NULL
);
1981 log_error("[%s:%u] Unknown user '%s'.", fname
, line
, user
);
1988 if (!isempty(group
) && !streq(group
, "-")) {
1989 const char *g
= group
;
1991 r
= get_group_creds(&g
, &i
.gid
);
1993 log_error("[%s:%u] Unknown group '%s'.", fname
, line
, group
);
2000 if (!isempty(mode
) && !streq(mode
, "-")) {
2001 const char *mm
= mode
;
2005 i
.mask_perms
= true;
2009 if (parse_mode(mm
, &m
) < 0) {
2010 log_error("[%s:%u] Invalid mode '%s'.", fname
, line
, mode
);
2017 i
.mode
= IN_SET(i
.type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
) ? 0755 : 0644;
2019 if (!isempty(age
) && !streq(age
, "-")) {
2020 const char *a
= age
;
2023 i
.keep_first_level
= true;
2027 if (parse_sec(a
, &i
.age
) < 0) {
2028 log_error("[%s:%u] Invalid age '%s'.", fname
, line
, age
);
2035 h
= needs_glob(i
.type
) ? globs
: items
;
2037 existing
= ordered_hashmap_get(h
, i
.path
);
2041 for (n
= 0; n
< existing
->count
; n
++) {
2042 if (!item_compatible(existing
->items
+ n
, &i
)) {
2043 log_warning("[%s:%u] Duplicate line for path \"%s\", ignoring.",
2044 fname
, line
, i
.path
);
2049 existing
= new0(ItemArray
, 1);
2050 r
= ordered_hashmap_put(h
, i
.path
, existing
);
2055 if (!GREEDY_REALLOC(existing
->items
, existing
->size
, existing
->count
+ 1))
2058 memcpy(existing
->items
+ existing
->count
++, &i
, sizeof(i
));
2060 /* Sort item array, to enforce stable ordering of application */
2061 qsort_safe(existing
->items
, existing
->count
, sizeof(Item
), item_compare
);
2067 static void help(void) {
2068 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
2069 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
2070 " -h --help Show this help\n"
2071 " --version Show package version\n"
2072 " --create Create marked files/directories\n"
2073 " --clean Clean up marked directories\n"
2074 " --remove Remove marked files/directories\n"
2075 " --boot Execute actions only safe at boot\n"
2076 " --prefix=PATH Only apply rules with the specified prefix\n"
2077 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2078 " --root=PATH Operate on an alternate filesystem root\n",
2079 program_invocation_short_name
);
2082 static int parse_argv(int argc
, char *argv
[]) {
2085 ARG_VERSION
= 0x100,
2095 static const struct option options
[] = {
2096 { "help", no_argument
, NULL
, 'h' },
2097 { "version", no_argument
, NULL
, ARG_VERSION
},
2098 { "create", no_argument
, NULL
, ARG_CREATE
},
2099 { "clean", no_argument
, NULL
, ARG_CLEAN
},
2100 { "remove", no_argument
, NULL
, ARG_REMOVE
},
2101 { "boot", no_argument
, NULL
, ARG_BOOT
},
2102 { "prefix", required_argument
, NULL
, ARG_PREFIX
},
2103 { "exclude-prefix", required_argument
, NULL
, ARG_EXCLUDE_PREFIX
},
2104 { "root", required_argument
, NULL
, ARG_ROOT
},
2113 while ((c
= getopt_long(argc
, argv
, "h", options
, NULL
)) >= 0)
2141 if (strv_push(&arg_include_prefixes
, optarg
) < 0)
2145 case ARG_EXCLUDE_PREFIX
:
2146 if (strv_push(&arg_exclude_prefixes
, optarg
) < 0)
2151 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
2160 assert_not_reached("Unhandled option");
2163 if (!arg_clean
&& !arg_create
&& !arg_remove
) {
2164 log_error("You need to specify at least one of --clean, --create or --remove.");
2171 static int read_config_file(const char *fn
, bool ignore_enoent
) {
2172 _cleanup_fclose_
FILE *f
= NULL
;
2173 char line
[LINE_MAX
];
2181 r
= search_and_fopen_nulstr(fn
, "re", arg_root
, conf_file_dirs
, &f
);
2183 if (ignore_enoent
&& r
== -ENOENT
) {
2184 log_debug_errno(r
, "Failed to open \"%s\": %m", fn
);
2188 return log_error_errno(r
, "Failed to open '%s', ignoring: %m", fn
);
2190 log_debug("Reading config file \"%s\".", fn
);
2192 FOREACH_LINE(line
, f
, break) {
2199 if (*l
== '#' || *l
== 0)
2202 k
= parse_line(fn
, v
, l
);
2203 if (k
< 0 && r
== 0)
2207 /* we have to determine age parameter for each entry of type X */
2208 ORDERED_HASHMAP_FOREACH(i
, globs
, iterator
) {
2210 Item
*j
, *candidate_item
= NULL
;
2212 if (i
->type
!= IGNORE_DIRECTORY_PATH
)
2215 ORDERED_HASHMAP_FOREACH(j
, items
, iter
) {
2216 if (!IN_SET(j
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
))
2219 if (path_equal(j
->path
, i
->path
)) {
2224 if ((!candidate_item
&& path_startswith(i
->path
, j
->path
)) ||
2225 (candidate_item
&& path_startswith(j
->path
, candidate_item
->path
) && (fnmatch(i
->path
, j
->path
, FNM_PATHNAME
| FNM_PERIOD
) == 0)))
2229 if (candidate_item
&& candidate_item
->age_set
) {
2230 i
->age
= candidate_item
->age
;
2236 log_error_errno(errno
, "Failed to read from file %s: %m", fn
);
2244 int main(int argc
, char *argv
[]) {
2249 r
= parse_argv(argc
, argv
);
2253 log_set_target(LOG_TARGET_AUTO
);
2254 log_parse_environment();
2259 mac_selinux_init(NULL
);
2261 items
= ordered_hashmap_new(&string_hash_ops
);
2262 globs
= ordered_hashmap_new(&string_hash_ops
);
2264 if (!items
|| !globs
) {
2271 if (optind
< argc
) {
2274 for (j
= optind
; j
< argc
; j
++) {
2275 k
= read_config_file(argv
[j
], false);
2276 if (k
< 0 && r
== 0)
2281 _cleanup_strv_free_
char **files
= NULL
;
2284 r
= conf_files_list_nulstr(&files
, ".conf", arg_root
, conf_file_dirs
);
2286 log_error_errno(r
, "Failed to enumerate tmpfiles.d files: %m");
2290 STRV_FOREACH(f
, files
) {
2291 k
= read_config_file(*f
, true);
2292 if (k
< 0 && r
== 0)
2297 /* The non-globbing ones usually create things, hence we apply
2299 ORDERED_HASHMAP_FOREACH(a
, items
, iterator
) {
2300 k
= process_item_array(a
);
2301 if (k
< 0 && r
== 0)
2305 /* The globbing ones usually alter things, hence we apply them
2307 ORDERED_HASHMAP_FOREACH(a
, globs
, iterator
) {
2308 k
= process_item_array(a
);
2309 if (k
< 0 && r
== 0)
2314 while ((a
= ordered_hashmap_steal_first(items
)))
2317 while ((a
= ordered_hashmap_steal_first(globs
)))
2320 ordered_hashmap_free(items
);
2321 ordered_hashmap_free(globs
);
2323 free(arg_include_prefixes
);
2324 free(arg_exclude_prefixes
);
2327 set_free_free(unix_sockets
);
2329 mac_selinux_finish();
2331 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;