1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering, Kay Sievers
7 Copyright 2015 Zbigniew Jędrzejewski-Szmek
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
37 #include <sys/xattr.h>
42 #include "btrfs-util.h"
43 #include "capability.h"
44 #include "conf-files.h"
48 #include "formats-util.h"
55 #include "parse-util.h"
56 #include "path-util.h"
58 #include "selinux-util.h"
60 #include "specifier.h"
61 #include "string-util.h"
63 #include "user-util.h"
66 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
67 * them in the file system. This is intended to be used to create
68 * properly owned directories beneath /tmp, /var/tmp, /run, which are
69 * volatile and hence need to be recreated on bootup. */
71 typedef enum ItemType
{
72 /* These ones take file names */
75 CREATE_DIRECTORY
= 'd',
76 TRUNCATE_DIRECTORY
= 'D',
77 CREATE_SUBVOLUME
= 'v',
78 CREATE_SUBVOLUME_INHERIT_QUOTA
= 'q',
79 CREATE_SUBVOLUME_NEW_QUOTA
= 'Q',
82 CREATE_CHAR_DEVICE
= 'c',
83 CREATE_BLOCK_DEVICE
= 'b',
86 /* These ones take globs */
89 RECURSIVE_SET_XATTR
= 'T',
91 RECURSIVE_SET_ACL
= 'A',
93 RECURSIVE_SET_ATTRIBUTE
= 'H',
95 IGNORE_DIRECTORY_PATH
= 'X',
97 RECURSIVE_REMOVE_PATH
= 'R',
99 RECURSIVE_RELABEL_PATH
= 'Z',
100 ADJUST_MODE
= 'm', /* legacy, 'z' is identical to this */
103 typedef struct Item
{
119 unsigned attribute_value
;
120 unsigned attribute_mask
;
127 bool attribute_set
:1;
129 bool keep_first_level
:1;
136 typedef struct ItemArray
{
142 static bool arg_create
= false;
143 static bool arg_clean
= false;
144 static bool arg_remove
= false;
145 static bool arg_boot
= false;
147 static char **arg_include_prefixes
= NULL
;
148 static char **arg_exclude_prefixes
= NULL
;
149 static char *arg_root
= NULL
;
151 static const char conf_file_dirs
[] = CONF_DIRS_NULSTR("tmpfiles");
153 #define MAX_DEPTH 256
155 static OrderedHashmap
*items
= NULL
, *globs
= NULL
;
156 static Set
*unix_sockets
= NULL
;
158 static const Specifier specifier_table
[] = {
159 { 'm', specifier_machine_id
, NULL
},
160 { 'b', specifier_boot_id
, NULL
},
161 { 'H', specifier_host_name
, NULL
},
162 { 'v', specifier_kernel_release
, NULL
},
166 static bool needs_glob(ItemType t
) {
170 IGNORE_DIRECTORY_PATH
,
172 RECURSIVE_REMOVE_PATH
,
175 RECURSIVE_RELABEL_PATH
,
181 RECURSIVE_SET_ATTRIBUTE
);
184 static bool takes_ownership(ItemType t
) {
191 CREATE_SUBVOLUME_INHERIT_QUOTA
,
192 CREATE_SUBVOLUME_NEW_QUOTA
,
200 IGNORE_DIRECTORY_PATH
,
202 RECURSIVE_REMOVE_PATH
);
205 static struct Item
* find_glob(OrderedHashmap
*h
, const char *match
) {
209 ORDERED_HASHMAP_FOREACH(j
, h
, i
) {
212 for (n
= 0; n
< j
->count
; n
++) {
213 Item
*item
= j
->items
+ n
;
215 if (fnmatch(item
->path
, match
, FNM_PATHNAME
|FNM_PERIOD
) == 0)
223 static void load_unix_sockets(void) {
224 _cleanup_fclose_
FILE *f
= NULL
;
230 /* We maintain a cache of the sockets we found in
231 * /proc/net/unix to speed things up a little. */
233 unix_sockets
= set_new(&string_hash_ops
);
237 f
= fopen("/proc/net/unix", "re");
242 if (!fgets(line
, sizeof(line
), f
))
249 if (!fgets(line
, sizeof(line
), f
))
254 p
= strchr(line
, ':');
262 p
+= strspn(p
, WHITESPACE
);
263 p
+= strcspn(p
, WHITESPACE
); /* skip one more word */
264 p
+= strspn(p
, WHITESPACE
);
273 path_kill_slashes(s
);
275 k
= set_consume(unix_sockets
, s
);
276 if (k
< 0 && k
!= -EEXIST
)
283 set_free_free(unix_sockets
);
287 static bool unix_socket_alive(const char *fn
) {
293 return !!set_get(unix_sockets
, (char*) fn
);
295 /* We don't know, so assume yes */
299 static int dir_is_mount_point(DIR *d
, const char *subdir
) {
301 union file_handle_union h
= FILE_HANDLE_INIT
;
302 int mount_id_parent
, mount_id
;
305 r_p
= name_to_handle_at(dirfd(d
), ".", &h
.handle
, &mount_id_parent
, 0);
309 h
.handle
.handle_bytes
= MAX_HANDLE_SZ
;
310 r
= name_to_handle_at(dirfd(d
), subdir
, &h
.handle
, &mount_id
, 0);
314 /* got no handle; make no assumptions, return error */
315 if (r_p
< 0 && r
< 0)
318 /* got both handles; if they differ, it is a mount point */
319 if (r_p
>= 0 && r
>= 0)
320 return mount_id_parent
!= mount_id
;
322 /* got only one handle; assume different mount points if one
323 * of both queries was not supported by the filesystem */
324 if (r_p
== -ENOSYS
|| r_p
== -EOPNOTSUPP
|| r
== -ENOSYS
|| r
== -EOPNOTSUPP
)
333 static DIR* xopendirat_nomod(int dirfd
, const char *path
) {
336 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
|O_NOATIME
);
340 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
344 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
);
346 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
351 static DIR* opendir_nomod(const char *path
) {
352 return xopendirat_nomod(AT_FDCWD
, path
);
355 static int dir_cleanup(
359 const struct stat
*ds
,
364 bool keep_this_level
) {
367 struct timespec times
[2];
368 bool deleted
= false;
371 while ((dent
= readdir(d
))) {
374 _cleanup_free_
char *sub_path
= NULL
;
376 if (STR_IN_SET(dent
->d_name
, ".", ".."))
379 if (fstatat(dirfd(d
), dent
->d_name
, &s
, AT_SYMLINK_NOFOLLOW
) < 0) {
383 /* FUSE, NFS mounts, SELinux might return EACCES */
385 log_debug_errno(errno
, "stat(%s/%s) failed: %m", p
, dent
->d_name
);
387 log_error_errno(errno
, "stat(%s/%s) failed: %m", p
, dent
->d_name
);
392 /* Stay on the same filesystem */
393 if (s
.st_dev
!= rootdev
) {
394 log_debug("Ignoring \"%s/%s\": different filesystem.", p
, dent
->d_name
);
398 /* Try to detect bind mounts of the same filesystem instance; they
399 * do not differ in device major/minors. This type of query is not
400 * supported on all kernels or filesystem types though. */
401 if (S_ISDIR(s
.st_mode
) && dir_is_mount_point(d
, dent
->d_name
) > 0) {
402 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
407 /* Do not delete read-only files owned by root */
408 if (s
.st_uid
== 0 && !(s
.st_mode
& S_IWUSR
)) {
409 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p
, dent
->d_name
);
413 sub_path
= strjoin(p
, "/", dent
->d_name
, NULL
);
419 /* Is there an item configured for this path? */
420 if (ordered_hashmap_get(items
, sub_path
)) {
421 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path
);
425 if (find_glob(globs
, sub_path
)) {
426 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path
);
430 if (S_ISDIR(s
.st_mode
)) {
433 streq(dent
->d_name
, "lost+found") &&
435 log_debug("Ignoring \"%s\".", sub_path
);
440 log_warning("Reached max depth on \"%s\".", sub_path
);
442 _cleanup_closedir_
DIR *sub_dir
;
445 sub_dir
= xopendirat_nomod(dirfd(d
), dent
->d_name
);
448 r
= log_error_errno(errno
, "opendir(%s) failed: %m", sub_path
);
453 q
= dir_cleanup(i
, sub_path
, sub_dir
, &s
, cutoff
, rootdev
, false, maxdepth
-1, false);
458 /* Note: if you are wondering why we don't
459 * support the sticky bit for excluding
460 * directories from cleaning like we do it for
461 * other file system objects: well, the sticky
462 * bit already has a meaning for directories,
463 * so we don't want to overload that. */
465 if (keep_this_level
) {
466 log_debug("Keeping \"%s\".", sub_path
);
470 /* Ignore ctime, we change it when deleting */
471 age
= timespec_load(&s
.st_mtim
);
473 char a
[FORMAT_TIMESTAMP_MAX
];
474 /* Follows spelling in stat(1). */
475 log_debug("Directory \"%s\": modify time %s is too new.",
477 format_timestamp_us(a
, sizeof(a
), age
));
481 age
= timespec_load(&s
.st_atim
);
483 char a
[FORMAT_TIMESTAMP_MAX
];
484 log_debug("Directory \"%s\": access time %s is too new.",
486 format_timestamp_us(a
, sizeof(a
), age
));
490 log_debug("Removing directory \"%s\".", sub_path
);
491 if (unlinkat(dirfd(d
), dent
->d_name
, AT_REMOVEDIR
) < 0)
492 if (errno
!= ENOENT
&& errno
!= ENOTEMPTY
) {
493 log_error_errno(errno
, "rmdir(%s): %m", sub_path
);
498 /* Skip files for which the sticky bit is
499 * set. These are semantics we define, and are
500 * unknown elsewhere. See XDG_RUNTIME_DIR
501 * specification for details. */
502 if (s
.st_mode
& S_ISVTX
) {
503 log_debug("Skipping \"%s\": sticky bit set.", sub_path
);
507 if (mountpoint
&& S_ISREG(s
.st_mode
))
508 if (s
.st_uid
== 0 && STR_IN_SET(dent
->d_name
,
512 log_debug("Skipping \"%s\".", sub_path
);
516 /* Ignore sockets that are listed in /proc/net/unix */
517 if (S_ISSOCK(s
.st_mode
) && unix_socket_alive(sub_path
)) {
518 log_debug("Skipping \"%s\": live socket.", sub_path
);
522 /* Ignore device nodes */
523 if (S_ISCHR(s
.st_mode
) || S_ISBLK(s
.st_mode
)) {
524 log_debug("Skipping \"%s\": a device.", sub_path
);
528 /* Keep files on this level around if this is
530 if (keep_this_level
) {
531 log_debug("Keeping \"%s\".", sub_path
);
535 age
= timespec_load(&s
.st_mtim
);
537 char a
[FORMAT_TIMESTAMP_MAX
];
538 /* Follows spelling in stat(1). */
539 log_debug("File \"%s\": modify time %s is too new.",
541 format_timestamp_us(a
, sizeof(a
), age
));
545 age
= timespec_load(&s
.st_atim
);
547 char a
[FORMAT_TIMESTAMP_MAX
];
548 log_debug("File \"%s\": access time %s is too new.",
550 format_timestamp_us(a
, sizeof(a
), age
));
554 age
= timespec_load(&s
.st_ctim
);
556 char a
[FORMAT_TIMESTAMP_MAX
];
557 log_debug("File \"%s\": change time %s is too new.",
559 format_timestamp_us(a
, sizeof(a
), age
));
563 log_debug("unlink \"%s\"", sub_path
);
565 if (unlinkat(dirfd(d
), dent
->d_name
, 0) < 0)
567 r
= log_error_errno(errno
, "unlink(%s): %m", sub_path
);
576 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
578 /* Restore original directory timestamps */
579 times
[0] = ds
->st_atim
;
580 times
[1] = ds
->st_mtim
;
582 age1
= timespec_load(&ds
->st_atim
);
583 age2
= timespec_load(&ds
->st_mtim
);
584 log_debug("Restoring access and modification time on \"%s\": %s, %s",
586 format_timestamp_us(a
, sizeof(a
), age1
),
587 format_timestamp_us(b
, sizeof(b
), age2
));
588 if (futimens(dirfd(d
), times
) < 0)
589 log_error_errno(errno
, "utimensat(%s): %m", p
);
595 static int path_set_perms(Item
*i
, const char *path
) {
596 _cleanup_close_
int fd
= -1;
602 /* We open the file with O_PATH here, to make the operation
603 * somewhat atomic. Also there's unfortunately no fchmodat()
604 * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via
607 fd
= open(path
, O_RDONLY
|O_NOFOLLOW
|O_CLOEXEC
|O_PATH
|O_NOATIME
);
609 return log_error_errno(errno
, "Adjusting owner and mode for %s failed: %m", path
);
611 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
612 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
614 if (S_ISLNK(st
.st_mode
))
615 log_debug("Skipping mode an owner fix for symlink %s.", path
);
617 char fn
[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
618 xsprintf(fn
, "/proc/self/fd/%i", fd
);
620 /* not using i->path directly because it may be a glob */
625 if (!(st
.st_mode
& 0111))
627 if (!(st
.st_mode
& 0222))
629 if (!(st
.st_mode
& 0444))
631 if (!S_ISDIR(st
.st_mode
))
632 m
&= ~07000; /* remove sticky/sgid/suid bit, unless directory */
635 if (m
== (st
.st_mode
& 07777))
636 log_debug("\"%s\" has right mode %o", path
, st
.st_mode
);
638 log_debug("chmod \"%s\" to mode %o", path
, m
);
639 if (chmod(fn
, m
) < 0)
640 return log_error_errno(errno
, "chmod(%s) failed: %m", path
);
644 if ((i
->uid
!= st
.st_uid
|| i
->gid
!= st
.st_gid
) &&
645 (i
->uid_set
|| i
->gid_set
)) {
646 log_debug("chown \"%s\" to "UID_FMT
"."GID_FMT
,
648 i
->uid_set
? i
->uid
: UID_INVALID
,
649 i
->gid_set
? i
->gid
: GID_INVALID
);
651 i
->uid_set
? i
->uid
: UID_INVALID
,
652 i
->gid_set
? i
->gid
: GID_INVALID
) < 0)
653 return log_error_errno(errno
, "chown(%s) failed: %m", path
);
659 return label_fix(path
, false, false);
662 static int parse_xattrs_from_arg(Item
*i
) {
672 _cleanup_free_
char *name
= NULL
, *value
= NULL
, *xattr
= NULL
, *xattr_replaced
= NULL
;
674 r
= extract_first_word(&p
, &xattr
, NULL
, EXTRACT_QUOTES
|EXTRACT_CUNESCAPE
);
676 log_warning_errno(r
, "Failed to parse extended attribute '%s', ignoring: %m", p
);
680 r
= specifier_printf(xattr
, specifier_table
, NULL
, &xattr_replaced
);
682 return log_error_errno(r
, "Failed to replace specifiers in extended attribute '%s': %m", xattr
);
684 r
= split_pair(xattr_replaced
, "=", &name
, &value
);
686 log_warning_errno(r
, "Failed to parse extended attribute, ignoring: %s", xattr
);
690 if (isempty(name
) || isempty(value
)) {
691 log_warning("Malformed extended attribute found, ignoring: %s", xattr
);
695 if (strv_push_pair(&i
->xattrs
, name
, value
) < 0)
704 static int path_set_xattrs(Item
*i
, const char *path
) {
705 char **name
, **value
;
710 STRV_FOREACH_PAIR(name
, value
, i
->xattrs
) {
714 log_debug("Setting extended attribute '%s=%s' on %s.", *name
, *value
, path
);
715 if (lsetxattr(path
, *name
, *value
, n
, 0) < 0) {
716 log_error("Setting extended attribute %s=%s on %s failed: %m", *name
, *value
, path
);
723 static int parse_acls_from_arg(Item
*item
) {
729 /* If force (= modify) is set, we will not modify the acl
730 * afterwards, so the mask can be added now if necessary. */
732 r
= parse_acl(item
->argument
, &item
->acl_access
, &item
->acl_default
, !item
->force
);
734 log_warning_errno(r
, "Failed to parse ACL \"%s\": %m. Ignoring", item
->argument
);
736 log_warning_errno(ENOSYS
, "ACLs are not supported. Ignoring");
743 static int path_set_acl(const char *path
, const char *pretty
, acl_type_t type
, acl_t acl
, bool modify
) {
744 _cleanup_(acl_free_charpp
) char *t
= NULL
;
745 _cleanup_(acl_freep
) acl_t dup
= NULL
;
748 /* Returns 0 for success, positive error if already warned,
749 * negative error otherwise. */
752 r
= acls_for_file(path
, type
, acl
, &dup
);
756 r
= calc_acl_mask_if_needed(&dup
);
764 /* the mask was already added earlier if needed */
767 r
= add_base_acls_if_needed(&dup
, path
);
771 t
= acl_to_any_text(dup
, NULL
, ',', TEXT_ABBREVIATE
);
772 log_debug("Setting %s ACL %s on %s.",
773 type
== ACL_TYPE_ACCESS
? "access" : "default",
776 r
= acl_set_file(path
, type
, dup
);
778 /* Return positive to indicate we already warned */
779 return -log_error_errno(errno
,
780 "Setting %s ACL \"%s\" on %s failed: %m",
781 type
== ACL_TYPE_ACCESS
? "access" : "default",
788 static int path_set_acls(Item
*item
, const char *path
) {
791 char fn
[strlen("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
792 _cleanup_close_
int fd
= -1;
798 fd
= open(path
, O_RDONLY
|O_NOFOLLOW
|O_CLOEXEC
|O_PATH
|O_NOATIME
);
800 return log_error_errno(errno
, "Adjusting ACL of %s failed: %m", path
);
802 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
803 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
805 if (S_ISLNK(st
.st_mode
)) {
806 log_debug("Skipping ACL fix for symlink %s.", path
);
810 xsprintf(fn
, "/proc/self/fd/%i", fd
);
812 if (item
->acl_access
)
813 r
= path_set_acl(fn
, path
, ACL_TYPE_ACCESS
, item
->acl_access
, item
->force
);
815 if (r
== 0 && item
->acl_default
)
816 r
= path_set_acl(fn
, path
, ACL_TYPE_DEFAULT
, item
->acl_default
, item
->force
);
819 return -r
; /* already warned */
820 else if (r
== -EOPNOTSUPP
) {
821 log_debug_errno(r
, "ACLs not supported by file system at %s", path
);
824 log_error_errno(r
, "ACL operation on \"%s\" failed: %m", path
);
829 #define ATTRIBUTES_ALL \
838 FS_JOURNAL_DATA_FL | \
845 static int parse_attribute_from_arg(Item
*item
) {
847 static const struct {
851 { 'A', FS_NOATIME_FL
}, /* do not update atime */
852 { 'S', FS_SYNC_FL
}, /* Synchronous updates */
853 { 'D', FS_DIRSYNC_FL
}, /* dirsync behaviour (directories only) */
854 { 'a', FS_APPEND_FL
}, /* writes to file may only append */
855 { 'c', FS_COMPR_FL
}, /* Compress file */
856 { 'd', FS_NODUMP_FL
}, /* do not dump file */
857 { 'e', FS_EXTENT_FL
}, /* Top of directory hierarchies*/
858 { 'i', FS_IMMUTABLE_FL
}, /* Immutable file */
859 { 'j', FS_JOURNAL_DATA_FL
}, /* Reserved for ext3 */
860 { 's', FS_SECRM_FL
}, /* Secure deletion */
861 { 'u', FS_UNRM_FL
}, /* Undelete */
862 { 't', FS_NOTAIL_FL
}, /* file tail should not be merged */
863 { 'T', FS_TOPDIR_FL
}, /* Top of directory hierarchies*/
864 { 'C', FS_NOCOW_FL
}, /* Do not cow file */
873 unsigned value
= 0, mask
= 0;
883 } else if (*p
== '-') {
886 } else if (*p
== '=') {
892 if (isempty(p
) && mode
!= MODE_SET
) {
893 log_error("Setting file attribute on '%s' needs an attribute specification.", item
->path
);
897 for (; p
&& *p
; p
++) {
900 for (i
= 0; i
< ELEMENTSOF(attributes
); i
++)
901 if (*p
== attributes
[i
].character
)
904 if (i
>= ELEMENTSOF(attributes
)) {
905 log_error("Unknown file attribute '%c' on '%s'.", *p
, item
->path
);
909 v
= attributes
[i
].value
;
911 if (mode
== MODE_ADD
|| mode
== MODE_SET
)
919 if (mode
== MODE_SET
)
920 mask
|= ATTRIBUTES_ALL
;
924 item
->attribute_mask
= mask
;
925 item
->attribute_value
= value
;
926 item
->attribute_set
= true;
931 static int path_set_attribute(Item
*item
, const char *path
) {
932 _cleanup_close_
int fd
= -1;
937 if (!item
->attribute_set
|| item
->attribute_mask
== 0)
940 fd
= open(path
, O_RDONLY
|O_NONBLOCK
|O_CLOEXEC
|O_NOATIME
|O_NOFOLLOW
);
943 return log_error_errno(errno
, "Skipping file attributes adjustment on symlink %s.", path
);
945 return log_error_errno(errno
, "Cannot open '%s': %m", path
);
948 if (fstat(fd
, &st
) < 0)
949 return log_error_errno(errno
, "Cannot stat '%s': %m", path
);
951 /* Issuing the file attribute ioctls on device nodes is not
952 * safe, as that will be delivered to the drivers, not the
953 * file system containing the device node. */
954 if (!S_ISREG(st
.st_mode
) && !S_ISDIR(st
.st_mode
)) {
955 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path
);
959 f
= item
->attribute_value
& item
->attribute_mask
;
961 /* Mask away directory-specific flags */
962 if (!S_ISDIR(st
.st_mode
))
965 r
= chattr_fd(fd
, f
, item
->attribute_mask
);
967 log_full_errno(r
== -ENOTTY
? LOG_DEBUG
: LOG_WARNING
,
969 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
970 path
, item
->attribute_value
, item
->attribute_mask
);
975 static int write_one_file(Item
*i
, const char *path
) {
976 _cleanup_close_
int fd
= -1;
983 flags
= i
->type
== CREATE_FILE
? O_CREAT
|O_APPEND
|O_NOFOLLOW
:
984 i
->type
== TRUNCATE_FILE
? O_CREAT
|O_TRUNC
|O_NOFOLLOW
: 0;
986 RUN_WITH_UMASK(0000) {
987 mac_selinux_create_file_prepare(path
, S_IFREG
);
988 fd
= open(path
, flags
|O_NDELAY
|O_CLOEXEC
|O_WRONLY
|O_NOCTTY
, i
->mode
);
989 mac_selinux_create_file_clear();
993 if (i
->type
== WRITE_FILE
&& errno
== ENOENT
) {
994 log_debug_errno(errno
, "Not writing \"%s\": %m", path
);
999 if (!i
->argument
&& errno
== EROFS
&& stat(path
, &st
) == 0 &&
1000 (i
->type
== CREATE_FILE
|| st
.st_size
== 0))
1003 return log_error_errno(r
, "Failed to create file %s: %m", path
);
1007 _cleanup_free_
char *unescaped
= NULL
, *replaced
= NULL
;
1009 log_debug("%s to \"%s\".", i
->type
== CREATE_FILE
? "Appending" : "Writing", path
);
1011 r
= cunescape(i
->argument
, 0, &unescaped
);
1013 return log_error_errno(r
, "Failed to unescape parameter to write: %s", i
->argument
);
1015 r
= specifier_printf(unescaped
, specifier_table
, NULL
, &replaced
);
1017 return log_error_errno(r
, "Failed to replace specifiers in parameter to write '%s': %m", unescaped
);
1019 r
= loop_write(fd
, replaced
, strlen(replaced
), false);
1021 return log_error_errno(r
, "Failed to write file \"%s\": %m", path
);
1023 log_debug("\"%s\" has been created.", path
);
1025 fd
= safe_close(fd
);
1027 if (stat(path
, &st
) < 0)
1028 return log_error_errno(errno
, "stat(%s) failed: %m", path
);
1031 if (!S_ISREG(st
.st_mode
)) {
1032 log_error("%s is not a file.", path
);
1036 r
= path_set_perms(i
, path
);
1043 typedef int (*action_t
)(Item
*, const char *);
1045 static int item_do_children(Item
*i
, const char *path
, action_t action
) {
1046 _cleanup_closedir_
DIR *d
;
1052 /* This returns the first error we run into, but nevertheless
1055 d
= opendir_nomod(path
);
1057 return errno
== ENOENT
|| errno
== ENOTDIR
? 0 : -errno
;
1060 _cleanup_free_
char *p
= NULL
;
1067 if (errno
!= 0 && r
== 0)
1073 if (STR_IN_SET(de
->d_name
, ".", ".."))
1076 p
= strjoin(path
, "/", de
->d_name
, NULL
);
1081 if (q
< 0 && q
!= -ENOENT
&& r
== 0)
1084 if (IN_SET(de
->d_type
, DT_UNKNOWN
, DT_DIR
)) {
1085 q
= item_do_children(i
, p
, action
);
1086 if (q
< 0 && r
== 0)
1094 static int glob_item(Item
*i
, action_t action
, bool recursive
) {
1095 _cleanup_globfree_ glob_t g
= {
1096 .gl_closedir
= (void (*)(void *)) closedir
,
1097 .gl_readdir
= (struct dirent
*(*)(void *)) readdir
,
1098 .gl_opendir
= (void *(*)(const char *)) opendir_nomod
,
1106 k
= glob(i
->path
, GLOB_NOSORT
|GLOB_BRACE
|GLOB_ALTDIRFUNC
, NULL
, &g
);
1107 if (k
!= 0 && k
!= GLOB_NOMATCH
)
1108 return log_error_errno(errno
?: EIO
, "glob(%s) failed: %m", i
->path
);
1110 STRV_FOREACH(fn
, g
.gl_pathv
) {
1112 if (k
< 0 && r
== 0)
1116 k
= item_do_children(i
, *fn
, action
);
1117 if (k
< 0 && r
== 0)
1130 _CREATION_MODE_INVALID
= -1
1133 static const char *creation_mode_verb_table
[_CREATION_MODE_MAX
] = {
1134 [CREATION_NORMAL
] = "Created",
1135 [CREATION_EXISTING
] = "Found existing",
1136 [CREATION_FORCE
] = "Created replacement",
1139 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb
, CreationMode
);
1141 static int create_item(Item
*i
) {
1142 _cleanup_free_
char *resolved
= NULL
;
1145 CreationMode creation
;
1149 log_debug("Running create action for entry %c %s", (char) i
->type
, i
->path
);
1154 case IGNORE_DIRECTORY_PATH
:
1156 case RECURSIVE_REMOVE_PATH
:
1161 r
= write_one_file(i
, i
->path
);
1167 r
= specifier_printf(i
->argument
, specifier_table
, NULL
, &resolved
);
1169 return log_error_errno(r
, "Failed to substitute specifiers in copy source %s: %m", i
->argument
);
1171 log_debug("Copying tree \"%s\" to \"%s\".", resolved
, i
->path
);
1172 r
= copy_tree(resolved
, i
->path
, false);
1174 if (r
== -EROFS
&& stat(i
->path
, &st
) == 0)
1181 return log_error_errno(r
, "Failed to copy files to %s: %m", i
->path
);
1183 if (stat(resolved
, &a
) < 0)
1184 return log_error_errno(errno
, "stat(%s) failed: %m", resolved
);
1186 if (stat(i
->path
, &b
) < 0)
1187 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1189 if ((a
.st_mode
^ b
.st_mode
) & S_IFMT
) {
1190 log_debug("Can't copy to %s, file exists already and is of different type", i
->path
);
1195 r
= path_set_perms(i
, i
->path
);
1202 r
= glob_item(i
, write_one_file
, false);
1208 case CREATE_DIRECTORY
:
1209 case TRUNCATE_DIRECTORY
:
1210 case CREATE_SUBVOLUME
:
1211 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1212 case CREATE_SUBVOLUME_NEW_QUOTA
:
1214 RUN_WITH_UMASK(0000)
1215 mkdir_parents_label(i
->path
, 0755);
1217 if (IN_SET(i
->type
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
)) {
1218 RUN_WITH_UMASK((~i
->mode
) & 0777)
1219 r
= btrfs_subvol_make(i
->path
);
1223 if (IN_SET(i
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
) || r
== -ENOTTY
)
1224 RUN_WITH_UMASK(0000)
1225 r
= mkdir_label(i
->path
, i
->mode
);
1230 if (r
!= -EEXIST
&& r
!= -EROFS
)
1231 return log_error_errno(r
, "Failed to create directory or subvolume \"%s\": %m", i
->path
);
1233 k
= is_dir(i
->path
, false);
1234 if (k
== -ENOENT
&& r
== -EROFS
)
1235 return log_error_errno(r
, "%s does not exist and cannot be created as the file system is read-only.", i
->path
);
1237 return log_error_errno(k
, "Failed to check if %s exists: %m", i
->path
);
1239 log_warning("\"%s\" already exists and is not a directory.", i
->path
);
1243 creation
= CREATION_EXISTING
;
1245 creation
= CREATION_NORMAL
;
1247 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1249 if (IN_SET(i
->type
, CREATE_SUBVOLUME_NEW_QUOTA
, CREATE_SUBVOLUME_INHERIT_QUOTA
)) {
1250 r
= btrfs_subvol_auto_qgroup(i
->path
, 0, i
->type
== CREATE_SUBVOLUME_NEW_QUOTA
);
1252 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" because of unsupported file system or because directory is not a subvolume: %m", i
->path
);
1256 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" because of read-only file system: %m", i
->path
);
1260 return log_error_errno(r
, "Failed to adjust quota for subvolume \"%s\": %m", i
->path
);
1262 log_debug("Adjusted quota for subvolume \"%s\".", i
->path
);
1264 log_debug("Quota for subvolume \"%s\" already in place, no change made.", i
->path
);
1267 r
= path_set_perms(i
, i
->path
);
1275 RUN_WITH_UMASK(0000) {
1276 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1277 r
= mkfifo(i
->path
, i
->mode
);
1278 mac_selinux_create_file_clear();
1282 if (errno
!= EEXIST
)
1283 return log_error_errno(errno
, "Failed to create fifo %s: %m", i
->path
);
1285 if (lstat(i
->path
, &st
) < 0)
1286 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1288 if (!S_ISFIFO(st
.st_mode
)) {
1291 RUN_WITH_UMASK(0000) {
1292 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1293 r
= mkfifo_atomic(i
->path
, i
->mode
);
1294 mac_selinux_create_file_clear();
1298 return log_error_errno(r
, "Failed to create fifo %s: %m", i
->path
);
1299 creation
= CREATION_FORCE
;
1301 log_warning("\"%s\" already exists and is not a fifo.", i
->path
);
1305 creation
= CREATION_EXISTING
;
1307 creation
= CREATION_NORMAL
;
1308 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1310 r
= path_set_perms(i
, i
->path
);
1317 case CREATE_SYMLINK
: {
1318 r
= specifier_printf(i
->argument
, specifier_table
, NULL
, &resolved
);
1320 return log_error_errno(r
, "Failed to substitute specifiers in symlink target %s: %m", i
->argument
);
1322 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1323 r
= symlink(resolved
, i
->path
);
1324 mac_selinux_create_file_clear();
1327 _cleanup_free_
char *x
= NULL
;
1329 if (errno
!= EEXIST
)
1330 return log_error_errno(errno
, "symlink(%s, %s) failed: %m", resolved
, i
->path
);
1332 r
= readlink_malloc(i
->path
, &x
);
1333 if (r
< 0 || !streq(resolved
, x
)) {
1336 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1337 r
= symlink_atomic(resolved
, i
->path
);
1338 mac_selinux_create_file_clear();
1341 return log_error_errno(r
, "symlink(%s, %s) failed: %m", resolved
, i
->path
);
1343 creation
= CREATION_FORCE
;
1345 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i
->path
);
1349 creation
= CREATION_EXISTING
;
1352 creation
= CREATION_NORMAL
;
1353 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1357 case CREATE_BLOCK_DEVICE
:
1358 case CREATE_CHAR_DEVICE
: {
1361 if (have_effective_cap(CAP_MKNOD
) == 0) {
1362 /* In a container we lack CAP_MKNOD. We
1363 shouldn't attempt to create the device node in
1364 that case to avoid noise, and we don't support
1365 virtualized devices in containers anyway. */
1367 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i
->path
);
1371 file_type
= i
->type
== CREATE_BLOCK_DEVICE
? S_IFBLK
: S_IFCHR
;
1373 RUN_WITH_UMASK(0000) {
1374 mac_selinux_create_file_prepare(i
->path
, file_type
);
1375 r
= mknod(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1376 mac_selinux_create_file_clear();
1380 if (errno
== EPERM
) {
1381 log_debug("We lack permissions, possibly because of cgroup configuration; "
1382 "skipping creation of device node %s.", i
->path
);
1386 if (errno
!= EEXIST
)
1387 return log_error_errno(errno
, "Failed to create device node %s: %m", i
->path
);
1389 if (lstat(i
->path
, &st
) < 0)
1390 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1392 if ((st
.st_mode
& S_IFMT
) != file_type
) {
1396 RUN_WITH_UMASK(0000) {
1397 mac_selinux_create_file_prepare(i
->path
, file_type
);
1398 r
= mknod_atomic(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1399 mac_selinux_create_file_clear();
1403 return log_error_errno(r
, "Failed to create device node \"%s\": %m", i
->path
);
1404 creation
= CREATION_FORCE
;
1406 log_debug("%s is not a device node.", i
->path
);
1410 creation
= CREATION_EXISTING
;
1412 creation
= CREATION_NORMAL
;
1414 log_debug("%s %s device node \"%s\" %u:%u.",
1415 creation_mode_verb_to_string(creation
),
1416 i
->type
== CREATE_BLOCK_DEVICE
? "block" : "char",
1417 i
->path
, major(i
->mode
), minor(i
->mode
));
1419 r
= path_set_perms(i
, i
->path
);
1428 r
= glob_item(i
, path_set_perms
, false);
1433 case RECURSIVE_RELABEL_PATH
:
1434 r
= glob_item(i
, path_set_perms
, true);
1440 r
= glob_item(i
, path_set_xattrs
, false);
1445 case RECURSIVE_SET_XATTR
:
1446 r
= glob_item(i
, path_set_xattrs
, true);
1452 r
= glob_item(i
, path_set_acls
, false);
1457 case RECURSIVE_SET_ACL
:
1458 r
= glob_item(i
, path_set_acls
, true);
1464 r
= glob_item(i
, path_set_attribute
, false);
1469 case RECURSIVE_SET_ATTRIBUTE
:
1470 r
= glob_item(i
, path_set_attribute
, true);
1479 static int remove_item_instance(Item
*i
, const char *instance
) {
1487 if (remove(instance
) < 0 && errno
!= ENOENT
)
1488 return log_error_errno(errno
, "rm(%s): %m", instance
);
1492 case TRUNCATE_DIRECTORY
:
1493 case RECURSIVE_REMOVE_PATH
:
1494 /* FIXME: we probably should use dir_cleanup() here
1495 * instead of rm_rf() so that 'x' is honoured. */
1496 log_debug("rm -rf \"%s\"", instance
);
1497 r
= rm_rf(instance
, (i
->type
== RECURSIVE_REMOVE_PATH
? REMOVE_ROOT
|REMOVE_SUBVOLUME
: 0) | REMOVE_PHYSICAL
);
1498 if (r
< 0 && r
!= -ENOENT
)
1499 return log_error_errno(r
, "rm_rf(%s): %m", instance
);
1504 assert_not_reached("wut?");
1510 static int remove_item(Item
*i
) {
1515 log_debug("Running remove action for entry %c %s", (char) i
->type
, i
->path
);
1521 case CREATE_DIRECTORY
:
1522 case CREATE_SUBVOLUME
:
1523 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1524 case CREATE_SUBVOLUME_NEW_QUOTA
:
1526 case CREATE_SYMLINK
:
1527 case CREATE_CHAR_DEVICE
:
1528 case CREATE_BLOCK_DEVICE
:
1530 case IGNORE_DIRECTORY_PATH
:
1533 case RECURSIVE_RELABEL_PATH
:
1537 case RECURSIVE_SET_XATTR
:
1539 case RECURSIVE_SET_ACL
:
1541 case RECURSIVE_SET_ATTRIBUTE
:
1545 case TRUNCATE_DIRECTORY
:
1546 case RECURSIVE_REMOVE_PATH
:
1547 r
= glob_item(i
, remove_item_instance
, false);
1554 static int clean_item_instance(Item
*i
, const char* instance
) {
1555 _cleanup_closedir_
DIR *d
= NULL
;
1559 char timestamp
[FORMAT_TIMESTAMP_MAX
];
1566 n
= now(CLOCK_REALTIME
);
1570 cutoff
= n
- i
->age
;
1572 d
= opendir_nomod(instance
);
1574 if (errno
== ENOENT
|| errno
== ENOTDIR
) {
1575 log_debug_errno(errno
, "Directory \"%s\": %m", instance
);
1579 log_error_errno(errno
, "Failed to open directory %s: %m", instance
);
1583 if (fstat(dirfd(d
), &s
) < 0)
1584 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1586 if (!S_ISDIR(s
.st_mode
)) {
1587 log_error("%s is not a directory.", i
->path
);
1591 if (fstatat(dirfd(d
), "..", &ps
, AT_SYMLINK_NOFOLLOW
) != 0)
1592 return log_error_errno(errno
, "stat(%s/..) failed: %m", i
->path
);
1594 mountpoint
= s
.st_dev
!= ps
.st_dev
|| s
.st_ino
== ps
.st_ino
;
1596 log_debug("Cleanup threshold for %s \"%s\" is %s",
1597 mountpoint
? "mount point" : "directory",
1599 format_timestamp_us(timestamp
, sizeof(timestamp
), cutoff
));
1601 return dir_cleanup(i
, instance
, d
, &s
, cutoff
, s
.st_dev
, mountpoint
,
1602 MAX_DEPTH
, i
->keep_first_level
);
1605 static int clean_item(Item
*i
) {
1610 log_debug("Running clean action for entry %c %s", (char) i
->type
, i
->path
);
1613 case CREATE_DIRECTORY
:
1614 case CREATE_SUBVOLUME
:
1615 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1616 case CREATE_SUBVOLUME_NEW_QUOTA
:
1617 case TRUNCATE_DIRECTORY
:
1620 clean_item_instance(i
, i
->path
);
1622 case IGNORE_DIRECTORY_PATH
:
1623 r
= glob_item(i
, clean_item_instance
, false);
1632 static int process_item_array(ItemArray
*array
);
1634 static int process_item(Item
*i
) {
1636 _cleanup_free_
char *prefix
= NULL
;
1645 prefix
= malloc(strlen(i
->path
) + 1);
1649 PATH_FOREACH_PREFIX(prefix
, i
->path
) {
1652 j
= ordered_hashmap_get(items
, prefix
);
1656 s
= process_item_array(j
);
1657 if (s
< 0 && t
== 0)
1662 r
= arg_create
? create_item(i
) : 0;
1663 q
= arg_remove
? remove_item(i
) : 0;
1664 p
= arg_clean
? clean_item(i
) : 0;
1672 static int process_item_array(ItemArray
*array
) {
1678 for (n
= 0; n
< array
->count
; n
++) {
1679 k
= process_item(array
->items
+ n
);
1680 if (k
< 0 && r
== 0)
1687 static void item_free_contents(Item
*i
) {
1691 strv_free(i
->xattrs
);
1694 acl_free(i
->acl_access
);
1695 acl_free(i
->acl_default
);
1699 static void item_array_free(ItemArray
*a
) {
1705 for (n
= 0; n
< a
->count
; n
++)
1706 item_free_contents(a
->items
+ n
);
1711 static int item_compare(const void *a
, const void *b
) {
1712 const Item
*x
= a
, *y
= b
;
1714 /* Make sure that the ownership taking item is put first, so
1715 * that we first create the node, and then can adjust it */
1717 if (takes_ownership(x
->type
) && !takes_ownership(y
->type
))
1719 if (!takes_ownership(x
->type
) && takes_ownership(y
->type
))
1722 return (int) x
->type
- (int) y
->type
;
1725 static bool item_compatible(Item
*a
, Item
*b
) {
1728 assert(streq(a
->path
, b
->path
));
1730 if (takes_ownership(a
->type
) && takes_ownership(b
->type
))
1731 /* check if the items are the same */
1732 return streq_ptr(a
->argument
, b
->argument
) &&
1734 a
->uid_set
== b
->uid_set
&&
1737 a
->gid_set
== b
->gid_set
&&
1740 a
->mode_set
== b
->mode_set
&&
1741 a
->mode
== b
->mode
&&
1743 a
->age_set
== b
->age_set
&&
1746 a
->mask_perms
== b
->mask_perms
&&
1748 a
->keep_first_level
== b
->keep_first_level
&&
1750 a
->major_minor
== b
->major_minor
;
1755 static bool should_include_path(const char *path
) {
1758 STRV_FOREACH(prefix
, arg_exclude_prefixes
)
1759 if (path_startswith(path
, *prefix
)) {
1760 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1765 STRV_FOREACH(prefix
, arg_include_prefixes
)
1766 if (path_startswith(path
, *prefix
)) {
1767 log_debug("Entry \"%s\" matches include prefix \"%s\".", path
, *prefix
);
1771 /* no matches, so we should include this path only if we
1772 * have no whitelist at all */
1773 if (strv_length(arg_include_prefixes
) == 0)
1776 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path
);
1780 static int parse_line(const char *fname
, unsigned line
, const char *buffer
) {
1782 _cleanup_free_
char *action
= NULL
, *mode
= NULL
, *user
= NULL
, *group
= NULL
, *age
= NULL
, *path
= NULL
;
1783 _cleanup_(item_free_contents
) Item i
= {};
1784 ItemArray
*existing
;
1787 bool force
= false, boot
= false;
1793 r
= extract_many_words(
1805 return log_error_errno(r
, "[%s:%u] Failed to parse line: %m", fname
, line
);
1807 log_error("[%s:%u] Syntax error.", fname
, line
);
1811 if (!isempty(buffer
) && !streq(buffer
, "-")) {
1812 i
.argument
= strdup(buffer
);
1817 if (isempty(action
)) {
1818 log_error("[%s:%u] Command too short '%s'.", fname
, line
, action
);
1822 for (pos
= 1; action
[pos
]; pos
++) {
1823 if (action
[pos
] == '!' && !boot
)
1825 else if (action
[pos
] == '+' && !force
)
1828 log_error("[%s:%u] Unknown modifiers in command '%s'",
1829 fname
, line
, action
);
1834 if (boot
&& !arg_boot
) {
1835 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
1843 r
= specifier_printf(path
, specifier_table
, NULL
, &i
.path
);
1845 log_error("[%s:%u] Failed to replace specifiers: %s", fname
, line
, path
);
1851 case CREATE_DIRECTORY
:
1852 case CREATE_SUBVOLUME
:
1853 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1854 case CREATE_SUBVOLUME_NEW_QUOTA
:
1855 case TRUNCATE_DIRECTORY
:
1858 case IGNORE_DIRECTORY_PATH
:
1860 case RECURSIVE_REMOVE_PATH
:
1863 case RECURSIVE_RELABEL_PATH
:
1865 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname
, line
, i
.type
);
1873 case CREATE_SYMLINK
:
1875 i
.argument
= strappend("/usr/share/factory/", i
.path
);
1883 log_error("[%s:%u] Write file requires argument.", fname
, line
);
1890 i
.argument
= strappend("/usr/share/factory/", i
.path
);
1893 } else if (!path_is_absolute(i
.argument
)) {
1894 log_error("[%s:%u] Source path is not absolute.", fname
, line
);
1898 path_kill_slashes(i
.argument
);
1901 case CREATE_CHAR_DEVICE
:
1902 case CREATE_BLOCK_DEVICE
: {
1903 unsigned major
, minor
;
1906 log_error("[%s:%u] Device file requires argument.", fname
, line
);
1910 if (sscanf(i
.argument
, "%u:%u", &major
, &minor
) != 2) {
1911 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname
, line
, i
.argument
);
1915 i
.major_minor
= makedev(major
, minor
);
1920 case RECURSIVE_SET_XATTR
:
1922 log_error("[%s:%u] Set extended attribute requires argument.", fname
, line
);
1925 r
= parse_xattrs_from_arg(&i
);
1931 case RECURSIVE_SET_ACL
:
1933 log_error("[%s:%u] Set ACLs requires argument.", fname
, line
);
1936 r
= parse_acls_from_arg(&i
);
1942 case RECURSIVE_SET_ATTRIBUTE
:
1944 log_error("[%s:%u] Set file attribute requires argument.", fname
, line
);
1947 r
= parse_attribute_from_arg(&i
);
1953 log_error("[%s:%u] Unknown command type '%c'.", fname
, line
, (char) i
.type
);
1957 if (!path_is_absolute(i
.path
)) {
1958 log_error("[%s:%u] Path '%s' not absolute.", fname
, line
, i
.path
);
1962 path_kill_slashes(i
.path
);
1964 if (!should_include_path(i
.path
))
1970 p
= prefix_root(arg_root
, i
.path
);
1978 if (!isempty(user
) && !streq(user
, "-")) {
1979 const char *u
= user
;
1981 r
= get_user_creds(&u
, &i
.uid
, NULL
, NULL
, NULL
);
1983 log_error("[%s:%u] Unknown user '%s'.", fname
, line
, user
);
1990 if (!isempty(group
) && !streq(group
, "-")) {
1991 const char *g
= group
;
1993 r
= get_group_creds(&g
, &i
.gid
);
1995 log_error("[%s:%u] Unknown group '%s'.", fname
, line
, group
);
2002 if (!isempty(mode
) && !streq(mode
, "-")) {
2003 const char *mm
= mode
;
2007 i
.mask_perms
= true;
2011 if (parse_mode(mm
, &m
) < 0) {
2012 log_error("[%s:%u] Invalid mode '%s'.", fname
, line
, mode
);
2019 i
.mode
= IN_SET(i
.type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
) ? 0755 : 0644;
2021 if (!isempty(age
) && !streq(age
, "-")) {
2022 const char *a
= age
;
2025 i
.keep_first_level
= true;
2029 if (parse_sec(a
, &i
.age
) < 0) {
2030 log_error("[%s:%u] Invalid age '%s'.", fname
, line
, age
);
2037 h
= needs_glob(i
.type
) ? globs
: items
;
2039 existing
= ordered_hashmap_get(h
, i
.path
);
2043 for (n
= 0; n
< existing
->count
; n
++) {
2044 if (!item_compatible(existing
->items
+ n
, &i
)) {
2045 log_warning("[%s:%u] Duplicate line for path \"%s\", ignoring.",
2046 fname
, line
, i
.path
);
2051 existing
= new0(ItemArray
, 1);
2052 r
= ordered_hashmap_put(h
, i
.path
, existing
);
2057 if (!GREEDY_REALLOC(existing
->items
, existing
->size
, existing
->count
+ 1))
2060 memcpy(existing
->items
+ existing
->count
++, &i
, sizeof(i
));
2062 /* Sort item array, to enforce stable ordering of application */
2063 qsort_safe(existing
->items
, existing
->count
, sizeof(Item
), item_compare
);
2069 static void help(void) {
2070 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
2071 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
2072 " -h --help Show this help\n"
2073 " --version Show package version\n"
2074 " --create Create marked files/directories\n"
2075 " --clean Clean up marked directories\n"
2076 " --remove Remove marked files/directories\n"
2077 " --boot Execute actions only safe at boot\n"
2078 " --prefix=PATH Only apply rules with the specified prefix\n"
2079 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2080 " --root=PATH Operate on an alternate filesystem root\n",
2081 program_invocation_short_name
);
2084 static int parse_argv(int argc
, char *argv
[]) {
2087 ARG_VERSION
= 0x100,
2097 static const struct option options
[] = {
2098 { "help", no_argument
, NULL
, 'h' },
2099 { "version", no_argument
, NULL
, ARG_VERSION
},
2100 { "create", no_argument
, NULL
, ARG_CREATE
},
2101 { "clean", no_argument
, NULL
, ARG_CLEAN
},
2102 { "remove", no_argument
, NULL
, ARG_REMOVE
},
2103 { "boot", no_argument
, NULL
, ARG_BOOT
},
2104 { "prefix", required_argument
, NULL
, ARG_PREFIX
},
2105 { "exclude-prefix", required_argument
, NULL
, ARG_EXCLUDE_PREFIX
},
2106 { "root", required_argument
, NULL
, ARG_ROOT
},
2115 while ((c
= getopt_long(argc
, argv
, "h", options
, NULL
)) >= 0)
2143 if (strv_push(&arg_include_prefixes
, optarg
) < 0)
2147 case ARG_EXCLUDE_PREFIX
:
2148 if (strv_push(&arg_exclude_prefixes
, optarg
) < 0)
2153 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
2162 assert_not_reached("Unhandled option");
2165 if (!arg_clean
&& !arg_create
&& !arg_remove
) {
2166 log_error("You need to specify at least one of --clean, --create or --remove.");
2173 static int read_config_file(const char *fn
, bool ignore_enoent
) {
2174 _cleanup_fclose_
FILE *f
= NULL
;
2175 char line
[LINE_MAX
];
2183 r
= search_and_fopen_nulstr(fn
, "re", arg_root
, conf_file_dirs
, &f
);
2185 if (ignore_enoent
&& r
== -ENOENT
) {
2186 log_debug_errno(r
, "Failed to open \"%s\": %m", fn
);
2190 return log_error_errno(r
, "Failed to open '%s', ignoring: %m", fn
);
2192 log_debug("Reading config file \"%s\".", fn
);
2194 FOREACH_LINE(line
, f
, break) {
2201 if (*l
== '#' || *l
== 0)
2204 k
= parse_line(fn
, v
, l
);
2205 if (k
< 0 && r
== 0)
2209 /* we have to determine age parameter for each entry of type X */
2210 ORDERED_HASHMAP_FOREACH(i
, globs
, iterator
) {
2212 Item
*j
, *candidate_item
= NULL
;
2214 if (i
->type
!= IGNORE_DIRECTORY_PATH
)
2217 ORDERED_HASHMAP_FOREACH(j
, items
, iter
) {
2218 if (!IN_SET(j
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
))
2221 if (path_equal(j
->path
, i
->path
)) {
2226 if ((!candidate_item
&& path_startswith(i
->path
, j
->path
)) ||
2227 (candidate_item
&& path_startswith(j
->path
, candidate_item
->path
) && (fnmatch(i
->path
, j
->path
, FNM_PATHNAME
| FNM_PERIOD
) == 0)))
2231 if (candidate_item
&& candidate_item
->age_set
) {
2232 i
->age
= candidate_item
->age
;
2238 log_error_errno(errno
, "Failed to read from file %s: %m", fn
);
2246 int main(int argc
, char *argv
[]) {
2251 r
= parse_argv(argc
, argv
);
2255 log_set_target(LOG_TARGET_AUTO
);
2256 log_parse_environment();
2261 mac_selinux_init(NULL
);
2263 items
= ordered_hashmap_new(&string_hash_ops
);
2264 globs
= ordered_hashmap_new(&string_hash_ops
);
2266 if (!items
|| !globs
) {
2273 if (optind
< argc
) {
2276 for (j
= optind
; j
< argc
; j
++) {
2277 k
= read_config_file(argv
[j
], false);
2278 if (k
< 0 && r
== 0)
2283 _cleanup_strv_free_
char **files
= NULL
;
2286 r
= conf_files_list_nulstr(&files
, ".conf", arg_root
, conf_file_dirs
);
2288 log_error_errno(r
, "Failed to enumerate tmpfiles.d files: %m");
2292 STRV_FOREACH(f
, files
) {
2293 k
= read_config_file(*f
, true);
2294 if (k
< 0 && r
== 0)
2299 /* The non-globbing ones usually create things, hence we apply
2301 ORDERED_HASHMAP_FOREACH(a
, items
, iterator
) {
2302 k
= process_item_array(a
);
2303 if (k
< 0 && r
== 0)
2307 /* The globbing ones usually alter things, hence we apply them
2309 ORDERED_HASHMAP_FOREACH(a
, globs
, iterator
) {
2310 k
= process_item_array(a
);
2311 if (k
< 0 && r
== 0)
2316 while ((a
= ordered_hashmap_steal_first(items
)))
2319 while ((a
= ordered_hashmap_steal_first(globs
)))
2322 ordered_hashmap_free(items
);
2323 ordered_hashmap_free(globs
);
2325 free(arg_include_prefixes
);
2326 free(arg_exclude_prefixes
);
2329 set_free_free(unix_sockets
);
2331 mac_selinux_finish();
2333 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;