1 /* SPDX-License-Identifier: LGPL-2.1+ */
3 This file is part of systemd.
5 Copyright 2010 Lennart Poettering, Kay Sievers
6 Copyright 2015 Zbigniew Jędrzejewski-Szmek
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
35 #include <sys/xattr.h>
43 #include "alloc-util.h"
44 #include "btrfs-util.h"
45 #include "capability-util.h"
46 #include "chattr-util.h"
47 #include "conf-files.h"
50 #include "dirent-util.h"
54 #include "format-util.h"
56 #include "glob-util.h"
63 #include "mount-util.h"
64 #include "parse-util.h"
65 #include "path-lookup.h"
66 #include "path-util.h"
68 #include "selinux-util.h"
70 #include "specifier.h"
71 #include "stat-util.h"
72 #include "stdio-util.h"
73 #include "string-table.h"
74 #include "string-util.h"
76 #include "umask-util.h"
77 #include "user-util.h"
80 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
81 * them in the file system. This is intended to be used to create
82 * properly owned directories beneath /tmp, /var/tmp, /run, which are
83 * volatile and hence need to be recreated on bootup. */
85 typedef enum ItemType
{
86 /* These ones take file names */
89 CREATE_DIRECTORY
= 'd',
90 TRUNCATE_DIRECTORY
= 'D',
91 CREATE_SUBVOLUME
= 'v',
92 CREATE_SUBVOLUME_INHERIT_QUOTA
= 'q',
93 CREATE_SUBVOLUME_NEW_QUOTA
= 'Q',
96 CREATE_CHAR_DEVICE
= 'c',
97 CREATE_BLOCK_DEVICE
= 'b',
100 /* These ones take globs */
102 EMPTY_DIRECTORY
= 'e',
104 RECURSIVE_SET_XATTR
= 'T',
106 RECURSIVE_SET_ACL
= 'A',
108 RECURSIVE_SET_ATTRIBUTE
= 'H',
110 IGNORE_DIRECTORY_PATH
= 'X',
112 RECURSIVE_REMOVE_PATH
= 'R',
114 RECURSIVE_RELABEL_PATH
= 'Z',
115 ADJUST_MODE
= 'm', /* legacy, 'z' is identical to this */
118 typedef struct Item
{
134 unsigned attribute_value
;
135 unsigned attribute_mask
;
142 bool attribute_set
:1;
144 bool keep_first_level
:1;
151 typedef struct ItemArray
{
157 typedef enum DirectoryType
{
158 DIRECTORY_RUNTIME
= 0,
165 static bool arg_user
= false;
166 static bool arg_create
= false;
167 static bool arg_clean
= false;
168 static bool arg_remove
= false;
169 static bool arg_boot
= false;
171 static char **arg_include_prefixes
= NULL
;
172 static char **arg_exclude_prefixes
= NULL
;
173 static char *arg_root
= NULL
;
175 #define MAX_DEPTH 256
177 static OrderedHashmap
*items
= NULL
, *globs
= NULL
;
178 static Set
*unix_sockets
= NULL
;
180 static int specifier_machine_id_safe(char specifier
, void *data
, void *userdata
, char **ret
);
181 static int specifier_directory(char specifier
, void *data
, void *userdata
, char **ret
);
183 static const Specifier specifier_table
[] = {
184 { 'm', specifier_machine_id_safe
, NULL
},
185 { 'b', specifier_boot_id
, NULL
},
186 { 'H', specifier_host_name
, NULL
},
187 { 'v', specifier_kernel_release
, NULL
},
189 { 'U', specifier_user_id
, NULL
},
190 { 'u', specifier_user_name
, NULL
},
191 { 'h', specifier_user_home
, NULL
},
192 { 't', specifier_directory
, UINT_TO_PTR(DIRECTORY_RUNTIME
) },
193 { 'S', specifier_directory
, UINT_TO_PTR(DIRECTORY_STATE
) },
194 { 'C', specifier_directory
, UINT_TO_PTR(DIRECTORY_CACHE
) },
195 { 'L', specifier_directory
, UINT_TO_PTR(DIRECTORY_LOGS
) },
199 static int specifier_machine_id_safe(char specifier
, void *data
, void *userdata
, char **ret
) {
202 /* If /etc/machine_id is missing or empty (e.g. in a chroot environment)
203 * return a recognizable error so that the caller can skip the rule
206 r
= specifier_machine_id(specifier
, data
, userdata
, ret
);
207 if (IN_SET(r
, -ENOENT
, -ENOMEDIUM
))
213 static int specifier_directory(char specifier
, void *data
, void *userdata
, char **ret
) {
219 static const struct table_entry paths_system
[] = {
220 [DIRECTORY_RUNTIME
] = { SD_PATH_SYSTEM_RUNTIME
},
221 [DIRECTORY_STATE
] = { SD_PATH_SYSTEM_STATE_PRIVATE
},
222 [DIRECTORY_CACHE
] = { SD_PATH_SYSTEM_STATE_CACHE
},
223 [DIRECTORY_LOGS
] = { SD_PATH_SYSTEM_STATE_LOGS
},
226 static const struct table_entry paths_user
[] = {
227 [DIRECTORY_RUNTIME
] = { SD_PATH_USER_RUNTIME
},
228 [DIRECTORY_STATE
] = { SD_PATH_USER_CONFIGURATION
},
229 [DIRECTORY_CACHE
] = { SD_PATH_USER_STATE_CACHE
},
230 [DIRECTORY_LOGS
] = { SD_PATH_USER_CONFIGURATION
, "log" },
234 const struct table_entry
*paths
;
236 assert_cc(ELEMENTSOF(paths_system
) == ELEMENTSOF(paths_user
));
237 paths
= arg_user
? paths_user
: paths_system
;
239 i
= PTR_TO_UINT(data
);
240 assert(i
< ELEMENTSOF(paths_system
));
242 return sd_path_home(paths
[i
].type
, paths
[i
].suffix
, ret
);
245 static int log_unresolvable_specifier(const char *filename
, unsigned line
) {
246 static bool notified
= false;
248 /* In system mode, this is called when /etc is not fully initialized (e.g.
249 * in a chroot environment) where some specifiers are unresolvable. In user
250 * mode, this is called when some variables are not defined. These cases are
251 * not considered as an error so log at LOG_NOTICE only for the first time
252 * and then downgrade this to LOG_DEBUG for the rest. */
254 log_full(notified
? LOG_DEBUG
: LOG_NOTICE
,
255 "[%s:%u] Failed to resolve specifier: %s, skipping",
257 arg_user
? "Required $XDG_... variable not defined" : "uninitialized /etc detected");
260 log_notice("All rules containing unresolvable specifiers will be skipped.");
266 static int user_config_paths(char*** ret
) {
267 _cleanup_strv_free_
char **config_dirs
= NULL
, **data_dirs
= NULL
;
268 _cleanup_free_
char *persistent_config
= NULL
, *runtime_config
= NULL
, *data_home
= NULL
;
269 _cleanup_strv_free_
char **res
= NULL
;
272 r
= xdg_user_dirs(&config_dirs
, &data_dirs
);
276 r
= xdg_user_config_dir(&persistent_config
, "/user-tmpfiles.d");
277 if (r
< 0 && r
!= -ENXIO
)
280 r
= xdg_user_runtime_dir(&runtime_config
, "/user-tmpfiles.d");
281 if (r
< 0 && r
!= -ENXIO
)
284 r
= xdg_user_data_dir(&data_home
, "/user-tmpfiles.d");
285 if (r
< 0 && r
!= -ENXIO
)
288 r
= strv_extend_strv_concat(&res
, config_dirs
, "/user-tmpfiles.d");
292 r
= strv_extend(&res
, persistent_config
);
296 r
= strv_extend(&res
, runtime_config
);
300 r
= strv_extend(&res
, data_home
);
304 r
= strv_extend_strv_concat(&res
, data_dirs
, "/user-tmpfiles.d");
308 r
= path_strv_make_absolute_cwd(res
);
317 static bool needs_glob(ItemType t
) {
321 IGNORE_DIRECTORY_PATH
,
323 RECURSIVE_REMOVE_PATH
,
327 RECURSIVE_RELABEL_PATH
,
333 RECURSIVE_SET_ATTRIBUTE
);
336 static bool takes_ownership(ItemType t
) {
344 CREATE_SUBVOLUME_INHERIT_QUOTA
,
345 CREATE_SUBVOLUME_NEW_QUOTA
,
353 IGNORE_DIRECTORY_PATH
,
355 RECURSIVE_REMOVE_PATH
);
358 static struct Item
* find_glob(OrderedHashmap
*h
, const char *match
) {
362 ORDERED_HASHMAP_FOREACH(j
, h
, i
) {
365 for (n
= 0; n
< j
->count
; n
++) {
366 Item
*item
= j
->items
+ n
;
368 if (fnmatch(item
->path
, match
, FNM_PATHNAME
|FNM_PERIOD
) == 0)
376 static void load_unix_sockets(void) {
377 _cleanup_fclose_
FILE *f
= NULL
;
383 /* We maintain a cache of the sockets we found in /proc/net/unix to speed things up a little. */
385 unix_sockets
= set_new(&string_hash_ops
);
389 f
= fopen("/proc/net/unix", "re");
391 log_full_errno(errno
== ENOENT
? LOG_DEBUG
: LOG_WARNING
, errno
,
392 "Failed to open /proc/net/unix, ignoring: %m");
397 r
= read_line(f
, LONG_LINE_MAX
, NULL
);
399 log_warning_errno(r
, "Failed to skip /proc/net/unix header line: %m");
403 log_warning("Premature end of file reading /proc/net/unix.");
408 _cleanup_free_
char *line
= NULL
;
411 r
= read_line(f
, LONG_LINE_MAX
, &line
);
413 log_warning_errno(r
, "Failed to read /proc/net/unix line, ignoring: %m");
416 if (r
== 0) /* EOF */
419 p
= strchr(line
, ':');
427 p
+= strspn(p
, WHITESPACE
);
428 p
+= strcspn(p
, WHITESPACE
); /* skip one more word */
429 p
+= strspn(p
, WHITESPACE
);
440 path_kill_slashes(s
);
442 r
= set_consume(unix_sockets
, s
);
443 if (r
< 0 && r
!= -EEXIST
) {
444 log_warning_errno(r
, "Failed to add AF_UNIX socket to set, ignoring: %m");
452 unix_sockets
= set_free_free(unix_sockets
);
455 static bool unix_socket_alive(const char *fn
) {
461 return !!set_get(unix_sockets
, (char*) fn
);
463 /* We don't know, so assume yes */
467 static int dir_is_mount_point(DIR *d
, const char *subdir
) {
469 int mount_id_parent
, mount_id
;
472 r_p
= name_to_handle_at_loop(dirfd(d
), ".", NULL
, &mount_id_parent
, 0);
476 r
= name_to_handle_at_loop(dirfd(d
), subdir
, NULL
, &mount_id
, 0);
480 /* got no handle; make no assumptions, return error */
481 if (r_p
< 0 && r
< 0)
484 /* got both handles; if they differ, it is a mount point */
485 if (r_p
>= 0 && r
>= 0)
486 return mount_id_parent
!= mount_id
;
488 /* got only one handle; assume different mount points if one
489 * of both queries was not supported by the filesystem */
490 if (IN_SET(r_p
, -ENOSYS
, -EOPNOTSUPP
) || IN_SET(r
, -ENOSYS
, -EOPNOTSUPP
))
499 static DIR* xopendirat_nomod(int dirfd
, const char *path
) {
502 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
|O_NOATIME
);
506 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
510 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
);
512 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
517 static DIR* opendir_nomod(const char *path
) {
518 return xopendirat_nomod(AT_FDCWD
, path
);
521 static int dir_cleanup(
525 const struct stat
*ds
,
530 bool keep_this_level
) {
533 struct timespec times
[2];
534 bool deleted
= false;
537 FOREACH_DIRENT_ALL(dent
, d
, break) {
540 _cleanup_free_
char *sub_path
= NULL
;
542 if (dot_or_dot_dot(dent
->d_name
))
545 if (fstatat(dirfd(d
), dent
->d_name
, &s
, AT_SYMLINK_NOFOLLOW
) < 0) {
549 /* FUSE, NFS mounts, SELinux might return EACCES */
550 r
= log_full_errno(errno
== EACCES
? LOG_DEBUG
: LOG_ERR
, errno
,
551 "stat(%s/%s) failed: %m", p
, dent
->d_name
);
555 /* Stay on the same filesystem */
556 if (s
.st_dev
!= rootdev
) {
557 log_debug("Ignoring \"%s/%s\": different filesystem.", p
, dent
->d_name
);
561 /* Try to detect bind mounts of the same filesystem instance; they
562 * do not differ in device major/minors. This type of query is not
563 * supported on all kernels or filesystem types though. */
564 if (S_ISDIR(s
.st_mode
) && dir_is_mount_point(d
, dent
->d_name
) > 0) {
565 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
570 /* Do not delete read-only files owned by root */
571 if (s
.st_uid
== 0 && !(s
.st_mode
& S_IWUSR
)) {
572 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p
, dent
->d_name
);
576 sub_path
= strjoin(p
, "/", dent
->d_name
);
582 /* Is there an item configured for this path? */
583 if (ordered_hashmap_get(items
, sub_path
)) {
584 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path
);
588 if (find_glob(globs
, sub_path
)) {
589 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path
);
593 if (S_ISDIR(s
.st_mode
)) {
596 streq(dent
->d_name
, "lost+found") &&
598 log_debug("Ignoring \"%s\".", sub_path
);
603 log_warning("Reached max depth on \"%s\".", sub_path
);
605 _cleanup_closedir_
DIR *sub_dir
;
608 sub_dir
= xopendirat_nomod(dirfd(d
), dent
->d_name
);
611 r
= log_error_errno(errno
, "opendir(%s) failed: %m", sub_path
);
616 q
= dir_cleanup(i
, sub_path
, sub_dir
, &s
, cutoff
, rootdev
, false, maxdepth
-1, false);
621 /* Note: if you are wondering why we don't
622 * support the sticky bit for excluding
623 * directories from cleaning like we do it for
624 * other file system objects: well, the sticky
625 * bit already has a meaning for directories,
626 * so we don't want to overload that. */
628 if (keep_this_level
) {
629 log_debug("Keeping \"%s\".", sub_path
);
633 /* Ignore ctime, we change it when deleting */
634 age
= timespec_load(&s
.st_mtim
);
636 char a
[FORMAT_TIMESTAMP_MAX
];
637 /* Follows spelling in stat(1). */
638 log_debug("Directory \"%s\": modify time %s is too new.",
640 format_timestamp_us(a
, sizeof(a
), age
));
644 age
= timespec_load(&s
.st_atim
);
646 char a
[FORMAT_TIMESTAMP_MAX
];
647 log_debug("Directory \"%s\": access time %s is too new.",
649 format_timestamp_us(a
, sizeof(a
), age
));
653 log_debug("Removing directory \"%s\".", sub_path
);
654 if (unlinkat(dirfd(d
), dent
->d_name
, AT_REMOVEDIR
) < 0)
655 if (!IN_SET(errno
, ENOENT
, ENOTEMPTY
))
656 r
= log_error_errno(errno
, "rmdir(%s): %m", sub_path
);
659 /* Skip files for which the sticky bit is
660 * set. These are semantics we define, and are
661 * unknown elsewhere. See XDG_RUNTIME_DIR
662 * specification for details. */
663 if (s
.st_mode
& S_ISVTX
) {
664 log_debug("Skipping \"%s\": sticky bit set.", sub_path
);
668 if (mountpoint
&& S_ISREG(s
.st_mode
))
669 if (s
.st_uid
== 0 && STR_IN_SET(dent
->d_name
,
673 log_debug("Skipping \"%s\".", sub_path
);
677 /* Ignore sockets that are listed in /proc/net/unix */
678 if (S_ISSOCK(s
.st_mode
) && unix_socket_alive(sub_path
)) {
679 log_debug("Skipping \"%s\": live socket.", sub_path
);
683 /* Ignore device nodes */
684 if (S_ISCHR(s
.st_mode
) || S_ISBLK(s
.st_mode
)) {
685 log_debug("Skipping \"%s\": a device.", sub_path
);
689 /* Keep files on this level around if this is
691 if (keep_this_level
) {
692 log_debug("Keeping \"%s\".", sub_path
);
696 age
= timespec_load(&s
.st_mtim
);
698 char a
[FORMAT_TIMESTAMP_MAX
];
699 /* Follows spelling in stat(1). */
700 log_debug("File \"%s\": modify time %s is too new.",
702 format_timestamp_us(a
, sizeof(a
), age
));
706 age
= timespec_load(&s
.st_atim
);
708 char a
[FORMAT_TIMESTAMP_MAX
];
709 log_debug("File \"%s\": access time %s is too new.",
711 format_timestamp_us(a
, sizeof(a
), age
));
715 age
= timespec_load(&s
.st_ctim
);
717 char a
[FORMAT_TIMESTAMP_MAX
];
718 log_debug("File \"%s\": change time %s is too new.",
720 format_timestamp_us(a
, sizeof(a
), age
));
724 log_debug("unlink \"%s\"", sub_path
);
726 if (unlinkat(dirfd(d
), dent
->d_name
, 0) < 0)
728 r
= log_error_errno(errno
, "unlink(%s): %m", sub_path
);
737 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
739 /* Restore original directory timestamps */
740 times
[0] = ds
->st_atim
;
741 times
[1] = ds
->st_mtim
;
743 age1
= timespec_load(&ds
->st_atim
);
744 age2
= timespec_load(&ds
->st_mtim
);
745 log_debug("Restoring access and modification time on \"%s\": %s, %s",
747 format_timestamp_us(a
, sizeof(a
), age1
),
748 format_timestamp_us(b
, sizeof(b
), age2
));
749 if (futimens(dirfd(d
), times
) < 0)
750 log_error_errno(errno
, "utimensat(%s): %m", p
);
756 static int path_set_perms(Item
*i
, const char *path
) {
757 char fn
[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
758 _cleanup_close_
int fd
= -1;
764 if (!i
->mode_set
&& !i
->uid_set
&& !i
->gid_set
)
767 /* We open the file with O_PATH here, to make the operation
768 * somewhat atomic. Also there's unfortunately no fchmodat()
769 * with AT_SYMLINK_NOFOLLOW, hence we emulate it here via
772 fd
= open(path
, O_NOFOLLOW
|O_CLOEXEC
|O_PATH
);
774 int level
= LOG_ERR
, r
= -errno
;
776 /* Option "e" operates only on existing objects. Do not
777 * print errors about non-existent files or directories */
778 if (i
->type
== EMPTY_DIRECTORY
&& errno
== ENOENT
) {
783 log_full_errno(level
, errno
, "Adjusting owner and mode for %s failed: %m", path
);
787 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
788 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
790 xsprintf(fn
, "/proc/self/fd/%i", fd
);
793 if (S_ISLNK(st
.st_mode
))
794 log_debug("Skipping mode fix for symlink %s.", path
);
799 if (!(st
.st_mode
& 0111))
801 if (!(st
.st_mode
& 0222))
803 if (!(st
.st_mode
& 0444))
805 if (!S_ISDIR(st
.st_mode
))
806 m
&= ~07000; /* remove sticky/sgid/suid bit, unless directory */
809 if (m
== (st
.st_mode
& 07777))
810 log_debug("\"%s\" has correct mode %o already.", path
, st
.st_mode
);
812 log_debug("Changing \"%s\" to mode %o.", path
, m
);
814 if (chmod(fn
, m
) < 0)
815 return log_error_errno(errno
, "chmod() of %s via %s failed: %m", path
, fn
);
820 if ((i
->uid
!= st
.st_uid
|| i
->gid
!= st
.st_gid
) &&
821 (i
->uid_set
|| i
->gid_set
)) {
822 log_debug("Changing \"%s\" to owner "UID_FMT
":"GID_FMT
,
824 i
->uid_set
? i
->uid
: UID_INVALID
,
825 i
->gid_set
? i
->gid
: GID_INVALID
);
828 i
->uid_set
? i
->uid
: UID_INVALID
,
829 i
->gid_set
? i
->gid
: GID_INVALID
) < 0)
830 return log_error_errno(errno
, "chown() of %s via %s failed: %m", path
, fn
);
836 return label_fix(path
, false, false);
839 static int parse_xattrs_from_arg(Item
*i
) {
849 _cleanup_free_
char *name
= NULL
, *value
= NULL
, *xattr
= NULL
;
851 r
= extract_first_word(&p
, &xattr
, NULL
, EXTRACT_QUOTES
|EXTRACT_CUNESCAPE
);
853 log_warning_errno(r
, "Failed to parse extended attribute '%s', ignoring: %m", p
);
857 r
= split_pair(xattr
, "=", &name
, &value
);
859 log_warning_errno(r
, "Failed to parse extended attribute, ignoring: %s", xattr
);
863 if (isempty(name
) || isempty(value
)) {
864 log_warning("Malformed extended attribute found, ignoring: %s", xattr
);
868 if (strv_push_pair(&i
->xattrs
, name
, value
) < 0)
877 static int path_set_xattrs(Item
*i
, const char *path
) {
878 char **name
, **value
;
883 STRV_FOREACH_PAIR(name
, value
, i
->xattrs
) {
884 log_debug("Setting extended attribute '%s=%s' on %s.", *name
, *value
, path
);
885 if (lsetxattr(path
, *name
, *value
, strlen(*value
), 0) < 0)
886 return log_error_errno(errno
, "Setting extended attribute %s=%s on %s failed: %m",
887 *name
, *value
, path
);
892 static int parse_acls_from_arg(Item
*item
) {
898 /* If force (= modify) is set, we will not modify the acl
899 * afterwards, so the mask can be added now if necessary. */
901 r
= parse_acl(item
->argument
, &item
->acl_access
, &item
->acl_default
, !item
->force
);
903 log_warning_errno(r
, "Failed to parse ACL \"%s\": %m. Ignoring", item
->argument
);
905 log_warning_errno(ENOSYS
, "ACLs are not supported. Ignoring");
912 static int path_set_acl(const char *path
, const char *pretty
, acl_type_t type
, acl_t acl
, bool modify
) {
913 _cleanup_(acl_free_charpp
) char *t
= NULL
;
914 _cleanup_(acl_freep
) acl_t dup
= NULL
;
917 /* Returns 0 for success, positive error if already warned,
918 * negative error otherwise. */
921 r
= acls_for_file(path
, type
, acl
, &dup
);
925 r
= calc_acl_mask_if_needed(&dup
);
933 /* the mask was already added earlier if needed */
936 r
= add_base_acls_if_needed(&dup
, path
);
940 t
= acl_to_any_text(dup
, NULL
, ',', TEXT_ABBREVIATE
);
941 log_debug("Setting %s ACL %s on %s.",
942 type
== ACL_TYPE_ACCESS
? "access" : "default",
945 r
= acl_set_file(path
, type
, dup
);
947 /* Return positive to indicate we already warned */
948 return -log_error_errno(errno
,
949 "Setting %s ACL \"%s\" on %s failed: %m",
950 type
== ACL_TYPE_ACCESS
? "access" : "default",
957 static int path_set_acls(Item
*item
, const char *path
) {
960 char fn
[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
961 _cleanup_close_
int fd
= -1;
967 fd
= open(path
, O_NOFOLLOW
|O_CLOEXEC
|O_PATH
);
969 return log_error_errno(errno
, "Adjusting ACL of %s failed: %m", path
);
971 if (fstatat(fd
, "", &st
, AT_EMPTY_PATH
) < 0)
972 return log_error_errno(errno
, "Failed to fstat() file %s: %m", path
);
974 if (S_ISLNK(st
.st_mode
)) {
975 log_debug("Skipping ACL fix for symlink %s.", path
);
979 xsprintf(fn
, "/proc/self/fd/%i", fd
);
981 if (item
->acl_access
)
982 r
= path_set_acl(fn
, path
, ACL_TYPE_ACCESS
, item
->acl_access
, item
->force
);
984 if (r
== 0 && item
->acl_default
)
985 r
= path_set_acl(fn
, path
, ACL_TYPE_DEFAULT
, item
->acl_default
, item
->force
);
988 return -r
; /* already warned */
989 else if (r
== -EOPNOTSUPP
) {
990 log_debug_errno(r
, "ACLs not supported by file system at %s", path
);
993 log_error_errno(r
, "ACL operation on \"%s\" failed: %m", path
);
998 #define ATTRIBUTES_ALL \
1007 FS_JOURNAL_DATA_FL | \
1014 static int parse_attribute_from_arg(Item
*item
) {
1016 static const struct {
1020 { 'A', FS_NOATIME_FL
}, /* do not update atime */
1021 { 'S', FS_SYNC_FL
}, /* Synchronous updates */
1022 { 'D', FS_DIRSYNC_FL
}, /* dirsync behaviour (directories only) */
1023 { 'a', FS_APPEND_FL
}, /* writes to file may only append */
1024 { 'c', FS_COMPR_FL
}, /* Compress file */
1025 { 'd', FS_NODUMP_FL
}, /* do not dump file */
1026 { 'e', FS_EXTENT_FL
}, /* Extents */
1027 { 'i', FS_IMMUTABLE_FL
}, /* Immutable file */
1028 { 'j', FS_JOURNAL_DATA_FL
}, /* Reserved for ext3 */
1029 { 's', FS_SECRM_FL
}, /* Secure deletion */
1030 { 'u', FS_UNRM_FL
}, /* Undelete */
1031 { 't', FS_NOTAIL_FL
}, /* file tail should not be merged */
1032 { 'T', FS_TOPDIR_FL
}, /* Top of directory hierarchies */
1033 { 'C', FS_NOCOW_FL
}, /* Do not cow file */
1042 unsigned value
= 0, mask
= 0;
1052 } else if (*p
== '-') {
1055 } else if (*p
== '=') {
1061 if (isempty(p
) && mode
!= MODE_SET
) {
1062 log_error("Setting file attribute on '%s' needs an attribute specification.", item
->path
);
1066 for (; p
&& *p
; p
++) {
1069 for (i
= 0; i
< ELEMENTSOF(attributes
); i
++)
1070 if (*p
== attributes
[i
].character
)
1073 if (i
>= ELEMENTSOF(attributes
)) {
1074 log_error("Unknown file attribute '%c' on '%s'.", *p
, item
->path
);
1078 v
= attributes
[i
].value
;
1080 SET_FLAG(value
, v
, IN_SET(mode
, MODE_ADD
, MODE_SET
));
1085 if (mode
== MODE_SET
)
1086 mask
|= ATTRIBUTES_ALL
;
1090 item
->attribute_mask
= mask
;
1091 item
->attribute_value
= value
;
1092 item
->attribute_set
= true;
1097 static int path_set_attribute(Item
*item
, const char *path
) {
1098 _cleanup_close_
int fd
= -1;
1103 if (!item
->attribute_set
|| item
->attribute_mask
== 0)
1106 fd
= open(path
, O_RDONLY
|O_NONBLOCK
|O_CLOEXEC
|O_NOATIME
|O_NOFOLLOW
);
1109 return log_error_errno(errno
, "Skipping file attributes adjustment on symlink %s.", path
);
1111 return log_error_errno(errno
, "Cannot open '%s': %m", path
);
1114 if (fstat(fd
, &st
) < 0)
1115 return log_error_errno(errno
, "Cannot stat '%s': %m", path
);
1117 /* Issuing the file attribute ioctls on device nodes is not
1118 * safe, as that will be delivered to the drivers, not the
1119 * file system containing the device node. */
1120 if (!S_ISREG(st
.st_mode
) && !S_ISDIR(st
.st_mode
)) {
1121 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path
);
1125 f
= item
->attribute_value
& item
->attribute_mask
;
1127 /* Mask away directory-specific flags */
1128 if (!S_ISDIR(st
.st_mode
))
1129 f
&= ~FS_DIRSYNC_FL
;
1131 r
= chattr_fd(fd
, f
, item
->attribute_mask
);
1133 log_full_errno(IN_SET(r
, -ENOTTY
, -EOPNOTSUPP
) ? LOG_DEBUG
: LOG_WARNING
,
1135 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
1136 path
, item
->attribute_value
, item
->attribute_mask
);
1141 static int write_one_file(Item
*i
, const char *path
) {
1142 _cleanup_close_
int fd
= -1;
1149 flags
= i
->type
== CREATE_FILE
? O_CREAT
|O_APPEND
|O_NOFOLLOW
:
1150 i
->type
== TRUNCATE_FILE
? O_CREAT
|O_TRUNC
|O_NOFOLLOW
: 0;
1152 RUN_WITH_UMASK(0000) {
1153 mac_selinux_create_file_prepare(path
, S_IFREG
);
1154 fd
= open(path
, flags
|O_NDELAY
|O_CLOEXEC
|O_WRONLY
|O_NOCTTY
, i
->mode
);
1155 mac_selinux_create_file_clear();
1159 if (i
->type
== WRITE_FILE
&& errno
== ENOENT
) {
1160 log_debug_errno(errno
, "Not writing \"%s\": %m", path
);
1165 if (!i
->argument
&& errno
== EROFS
&& stat(path
, &st
) == 0 &&
1166 (i
->type
== CREATE_FILE
|| st
.st_size
== 0))
1169 return log_error_errno(r
, "Failed to create file %s: %m", path
);
1173 log_debug("%s to \"%s\".", i
->type
== CREATE_FILE
? "Appending" : "Writing", path
);
1175 r
= loop_write(fd
, i
->argument
, strlen(i
->argument
), false);
1177 return log_error_errno(r
, "Failed to write file \"%s\": %m", path
);
1179 log_debug("\"%s\" has been created.", path
);
1181 fd
= safe_close(fd
);
1183 if (stat(path
, &st
) < 0)
1184 return log_error_errno(errno
, "stat(%s) failed: %m", path
);
1187 if (!S_ISREG(st
.st_mode
)) {
1188 log_error("%s is not a file.", path
);
1192 r
= path_set_perms(i
, path
);
1199 typedef int (*action_t
)(Item
*, const char *);
1201 static int item_do_children(Item
*i
, const char *path
, action_t action
) {
1202 _cleanup_closedir_
DIR *d
;
1209 /* This returns the first error we run into, but nevertheless
1212 d
= opendir_nomod(path
);
1214 return IN_SET(errno
, ENOENT
, ENOTDIR
, ELOOP
) ? 0 : -errno
;
1216 FOREACH_DIRENT_ALL(de
, d
, r
= -errno
) {
1217 _cleanup_free_
char *p
= NULL
;
1220 if (dot_or_dot_dot(de
->d_name
))
1223 p
= strjoin(path
, "/", de
->d_name
);
1228 if (q
< 0 && q
!= -ENOENT
&& r
== 0)
1231 if (IN_SET(de
->d_type
, DT_UNKNOWN
, DT_DIR
)) {
1232 q
= item_do_children(i
, p
, action
);
1233 if (q
< 0 && r
== 0)
1241 static int glob_item(Item
*i
, action_t action
, bool recursive
) {
1242 _cleanup_globfree_ glob_t g
= {
1243 .gl_opendir
= (void *(*)(const char *)) opendir_nomod
,
1248 k
= safe_glob(i
->path
, GLOB_NOSORT
|GLOB_BRACE
, &g
);
1249 if (k
< 0 && k
!= -ENOENT
)
1250 return log_error_errno(k
, "glob(%s) failed: %m", i
->path
);
1252 STRV_FOREACH(fn
, g
.gl_pathv
) {
1254 if (k
< 0 && r
== 0)
1258 k
= item_do_children(i
, *fn
, action
);
1259 if (k
< 0 && r
== 0)
1272 _CREATION_MODE_INVALID
= -1
1275 static const char *creation_mode_verb_table
[_CREATION_MODE_MAX
] = {
1276 [CREATION_NORMAL
] = "Created",
1277 [CREATION_EXISTING
] = "Found existing",
1278 [CREATION_FORCE
] = "Created replacement",
1281 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb
, CreationMode
);
1283 static int create_item(Item
*i
) {
1287 CreationMode creation
;
1291 log_debug("Running create action for entry %c %s", (char) i
->type
, i
->path
);
1296 case IGNORE_DIRECTORY_PATH
:
1298 case RECURSIVE_REMOVE_PATH
:
1303 r
= write_one_file(i
, i
->path
);
1309 log_debug("Copying tree \"%s\" to \"%s\".", i
->argument
, i
->path
);
1310 r
= copy_tree(i
->argument
, i
->path
, i
->uid_set
? i
->uid
: UID_INVALID
, i
->gid_set
? i
->gid
: GID_INVALID
, COPY_REFLINK
);
1312 if (r
== -EROFS
&& stat(i
->path
, &st
) == 0)
1319 return log_error_errno(r
, "Failed to copy files to %s: %m", i
->path
);
1321 if (stat(i
->argument
, &a
) < 0)
1322 return log_error_errno(errno
, "stat(%s) failed: %m", i
->argument
);
1324 if (stat(i
->path
, &b
) < 0)
1325 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1327 if ((a
.st_mode
^ b
.st_mode
) & S_IFMT
) {
1328 log_debug("Can't copy to %s, file exists already and is of different type", i
->path
);
1333 r
= path_set_perms(i
, i
->path
);
1340 r
= glob_item(i
, write_one_file
, false);
1346 case CREATE_DIRECTORY
:
1347 case TRUNCATE_DIRECTORY
:
1348 case CREATE_SUBVOLUME
:
1349 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1350 case CREATE_SUBVOLUME_NEW_QUOTA
:
1351 RUN_WITH_UMASK(0000)
1352 mkdir_parents_label(i
->path
, 0755);
1354 if (IN_SET(i
->type
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
)) {
1356 if (btrfs_is_subvol(isempty(arg_root
) ? "/" : arg_root
) <= 0)
1358 /* Don't create a subvolume unless the
1359 * root directory is one, too. We do
1360 * this under the assumption that if
1361 * the root directory is just a plain
1362 * directory (i.e. very light-weight),
1363 * we shouldn't try to split it up
1364 * into subvolumes (i.e. more
1365 * heavy-weight). Thus, chroot()
1366 * environments and suchlike will get
1367 * a full brtfs subvolume set up below
1368 * their tree only if they
1369 * specifically set up a btrfs
1370 * subvolume for the root dir too. */
1374 RUN_WITH_UMASK((~i
->mode
) & 0777)
1375 r
= btrfs_subvol_make(i
->path
);
1380 if (IN_SET(i
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
) || r
== -ENOTTY
)
1381 RUN_WITH_UMASK(0000)
1382 r
= mkdir_label(i
->path
, i
->mode
);
1387 if (!IN_SET(r
, -EEXIST
, -EROFS
))
1388 return log_error_errno(r
, "Failed to create directory or subvolume \"%s\": %m", i
->path
);
1390 k
= is_dir(i
->path
, false);
1391 if (k
== -ENOENT
&& r
== -EROFS
)
1392 return log_error_errno(r
, "%s does not exist and cannot be created as the file system is read-only.", i
->path
);
1394 return log_error_errno(k
, "Failed to check if %s exists: %m", i
->path
);
1396 log_warning("\"%s\" already exists and is not a directory.", i
->path
);
1400 creation
= CREATION_EXISTING
;
1402 creation
= CREATION_NORMAL
;
1404 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1406 if (IN_SET(i
->type
, CREATE_SUBVOLUME_NEW_QUOTA
, CREATE_SUBVOLUME_INHERIT_QUOTA
)) {
1407 r
= btrfs_subvol_auto_qgroup(i
->path
, 0, i
->type
== CREATE_SUBVOLUME_NEW_QUOTA
);
1409 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" (unsupported fs or dir not a subvolume): %m", i
->path
);
1410 else if (r
== -EROFS
)
1411 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" (fs is read-only).", i
->path
);
1412 else if (r
== -ENOPROTOOPT
)
1413 log_debug_errno(r
, "Couldn't adjust quota for subvolume \"%s\" (quota support is disabled).", i
->path
);
1415 q
= log_error_errno(r
, "Failed to adjust quota for subvolume \"%s\": %m", i
->path
);
1417 log_debug("Adjusted quota for subvolume \"%s\".", i
->path
);
1419 log_debug("Quota for subvolume \"%s\" already in place, no change made.", i
->path
);
1423 case EMPTY_DIRECTORY
:
1424 r
= path_set_perms(i
, i
->path
);
1433 RUN_WITH_UMASK(0000) {
1434 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1435 r
= mkfifo(i
->path
, i
->mode
);
1436 mac_selinux_create_file_clear();
1440 if (errno
!= EEXIST
)
1441 return log_error_errno(errno
, "Failed to create fifo %s: %m", i
->path
);
1443 if (lstat(i
->path
, &st
) < 0)
1444 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1446 if (!S_ISFIFO(st
.st_mode
)) {
1449 RUN_WITH_UMASK(0000) {
1450 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1451 r
= mkfifo_atomic(i
->path
, i
->mode
);
1452 mac_selinux_create_file_clear();
1456 return log_error_errno(r
, "Failed to create fifo %s: %m", i
->path
);
1457 creation
= CREATION_FORCE
;
1459 log_warning("\"%s\" already exists and is not a fifo.", i
->path
);
1463 creation
= CREATION_EXISTING
;
1465 creation
= CREATION_NORMAL
;
1466 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1468 r
= path_set_perms(i
, i
->path
);
1475 case CREATE_SYMLINK
: {
1476 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1477 r
= symlink(i
->argument
, i
->path
);
1478 mac_selinux_create_file_clear();
1481 _cleanup_free_
char *x
= NULL
;
1483 if (errno
!= EEXIST
)
1484 return log_error_errno(errno
, "symlink(%s, %s) failed: %m", i
->argument
, i
->path
);
1486 r
= readlink_malloc(i
->path
, &x
);
1487 if (r
< 0 || !streq(i
->argument
, x
)) {
1490 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1491 r
= symlink_atomic(i
->argument
, i
->path
);
1492 mac_selinux_create_file_clear();
1494 if (IN_SET(r
, -EEXIST
, -ENOTEMPTY
)) {
1495 r
= rm_rf(i
->path
, REMOVE_ROOT
|REMOVE_PHYSICAL
);
1497 return log_error_errno(r
, "rm -fr %s failed: %m", i
->path
);
1499 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1500 r
= symlink(i
->argument
, i
->path
) < 0 ? -errno
: 0;
1501 mac_selinux_create_file_clear();
1504 return log_error_errno(r
, "symlink(%s, %s) failed: %m", i
->argument
, i
->path
);
1506 creation
= CREATION_FORCE
;
1508 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i
->path
);
1512 creation
= CREATION_EXISTING
;
1515 creation
= CREATION_NORMAL
;
1516 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1520 case CREATE_BLOCK_DEVICE
:
1521 case CREATE_CHAR_DEVICE
: {
1524 if (have_effective_cap(CAP_MKNOD
) == 0) {
1525 /* In a container we lack CAP_MKNOD. We
1526 shouldn't attempt to create the device node in
1527 that case to avoid noise, and we don't support
1528 virtualized devices in containers anyway. */
1530 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i
->path
);
1534 file_type
= i
->type
== CREATE_BLOCK_DEVICE
? S_IFBLK
: S_IFCHR
;
1536 RUN_WITH_UMASK(0000) {
1537 mac_selinux_create_file_prepare(i
->path
, file_type
);
1538 r
= mknod(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1539 mac_selinux_create_file_clear();
1543 if (errno
== EPERM
) {
1544 log_debug("We lack permissions, possibly because of cgroup configuration; "
1545 "skipping creation of device node %s.", i
->path
);
1549 if (errno
!= EEXIST
)
1550 return log_error_errno(errno
, "Failed to create device node %s: %m", i
->path
);
1552 if (lstat(i
->path
, &st
) < 0)
1553 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1555 if ((st
.st_mode
& S_IFMT
) != file_type
) {
1559 RUN_WITH_UMASK(0000) {
1560 mac_selinux_create_file_prepare(i
->path
, file_type
);
1561 r
= mknod_atomic(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1562 mac_selinux_create_file_clear();
1566 return log_error_errno(r
, "Failed to create device node \"%s\": %m", i
->path
);
1567 creation
= CREATION_FORCE
;
1569 log_debug("%s is not a device node.", i
->path
);
1573 creation
= CREATION_EXISTING
;
1575 creation
= CREATION_NORMAL
;
1577 log_debug("%s %s device node \"%s\" %u:%u.",
1578 creation_mode_verb_to_string(creation
),
1579 i
->type
== CREATE_BLOCK_DEVICE
? "block" : "char",
1580 i
->path
, major(i
->mode
), minor(i
->mode
));
1582 r
= path_set_perms(i
, i
->path
);
1591 r
= glob_item(i
, path_set_perms
, false);
1596 case RECURSIVE_RELABEL_PATH
:
1597 r
= glob_item(i
, path_set_perms
, true);
1603 r
= glob_item(i
, path_set_xattrs
, false);
1608 case RECURSIVE_SET_XATTR
:
1609 r
= glob_item(i
, path_set_xattrs
, true);
1615 r
= glob_item(i
, path_set_acls
, false);
1620 case RECURSIVE_SET_ACL
:
1621 r
= glob_item(i
, path_set_acls
, true);
1627 r
= glob_item(i
, path_set_attribute
, false);
1632 case RECURSIVE_SET_ATTRIBUTE
:
1633 r
= glob_item(i
, path_set_attribute
, true);
1642 static int remove_item_instance(Item
*i
, const char *instance
) {
1650 if (remove(instance
) < 0 && errno
!= ENOENT
)
1651 return log_error_errno(errno
, "rm(%s): %m", instance
);
1655 case TRUNCATE_DIRECTORY
:
1656 case RECURSIVE_REMOVE_PATH
:
1657 /* FIXME: we probably should use dir_cleanup() here
1658 * instead of rm_rf() so that 'x' is honoured. */
1659 log_debug("rm -rf \"%s\"", instance
);
1660 r
= rm_rf(instance
, (i
->type
== RECURSIVE_REMOVE_PATH
? REMOVE_ROOT
|REMOVE_SUBVOLUME
: 0) | REMOVE_PHYSICAL
);
1661 if (r
< 0 && r
!= -ENOENT
)
1662 return log_error_errno(r
, "rm_rf(%s): %m", instance
);
1667 assert_not_reached("wut?");
1673 static int remove_item(Item
*i
) {
1676 log_debug("Running remove action for entry %c %s", (char) i
->type
, i
->path
);
1681 case TRUNCATE_DIRECTORY
:
1682 case RECURSIVE_REMOVE_PATH
:
1683 return glob_item(i
, remove_item_instance
, false);
1690 static int clean_item_instance(Item
*i
, const char* instance
) {
1691 _cleanup_closedir_
DIR *d
= NULL
;
1695 char timestamp
[FORMAT_TIMESTAMP_MAX
];
1702 n
= now(CLOCK_REALTIME
);
1706 cutoff
= n
- i
->age
;
1708 d
= opendir_nomod(instance
);
1710 if (IN_SET(errno
, ENOENT
, ENOTDIR
)) {
1711 log_debug_errno(errno
, "Directory \"%s\": %m", instance
);
1715 return log_error_errno(errno
, "Failed to open directory %s: %m", instance
);
1718 if (fstat(dirfd(d
), &s
) < 0)
1719 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1721 if (!S_ISDIR(s
.st_mode
)) {
1722 log_error("%s is not a directory.", i
->path
);
1726 if (fstatat(dirfd(d
), "..", &ps
, AT_SYMLINK_NOFOLLOW
) != 0)
1727 return log_error_errno(errno
, "stat(%s/..) failed: %m", i
->path
);
1729 mountpoint
= s
.st_dev
!= ps
.st_dev
|| s
.st_ino
== ps
.st_ino
;
1731 log_debug("Cleanup threshold for %s \"%s\" is %s",
1732 mountpoint
? "mount point" : "directory",
1734 format_timestamp_us(timestamp
, sizeof(timestamp
), cutoff
));
1736 return dir_cleanup(i
, instance
, d
, &s
, cutoff
, s
.st_dev
, mountpoint
,
1737 MAX_DEPTH
, i
->keep_first_level
);
1740 static int clean_item(Item
*i
) {
1743 log_debug("Running clean action for entry %c %s", (char) i
->type
, i
->path
);
1746 case CREATE_DIRECTORY
:
1747 case CREATE_SUBVOLUME
:
1748 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
1749 case CREATE_SUBVOLUME_NEW_QUOTA
:
1750 case TRUNCATE_DIRECTORY
:
1753 clean_item_instance(i
, i
->path
);
1755 case EMPTY_DIRECTORY
:
1756 case IGNORE_DIRECTORY_PATH
:
1757 return glob_item(i
, clean_item_instance
, false);
1763 static int process_item_array(ItemArray
*array
);
1765 static int process_item(Item
*i
) {
1767 _cleanup_free_
char *prefix
= NULL
;
1776 prefix
= malloc(strlen(i
->path
) + 1);
1780 PATH_FOREACH_PREFIX(prefix
, i
->path
) {
1783 j
= ordered_hashmap_get(items
, prefix
);
1787 s
= process_item_array(j
);
1788 if (s
< 0 && t
== 0)
1793 if (chase_symlinks(i
->path
, NULL
, CHASE_NO_AUTOFS
, NULL
) == -EREMOTE
)
1796 r
= arg_create
? create_item(i
) : 0;
1797 q
= arg_remove
? remove_item(i
) : 0;
1798 p
= arg_clean
? clean_item(i
) : 0;
1806 static int process_item_array(ItemArray
*array
) {
1812 for (n
= 0; n
< array
->count
; n
++) {
1813 k
= process_item(array
->items
+ n
);
1814 if (k
< 0 && r
== 0)
1821 static void item_free_contents(Item
*i
) {
1825 strv_free(i
->xattrs
);
1828 acl_free(i
->acl_access
);
1829 acl_free(i
->acl_default
);
1833 static void item_array_free(ItemArray
*a
) {
1839 for (n
= 0; n
< a
->count
; n
++)
1840 item_free_contents(a
->items
+ n
);
1845 static int item_compare(const void *a
, const void *b
) {
1846 const Item
*x
= a
, *y
= b
;
1848 /* Make sure that the ownership taking item is put first, so
1849 * that we first create the node, and then can adjust it */
1851 if (takes_ownership(x
->type
) && !takes_ownership(y
->type
))
1853 if (!takes_ownership(x
->type
) && takes_ownership(y
->type
))
1856 return (int) x
->type
- (int) y
->type
;
1859 static bool item_compatible(Item
*a
, Item
*b
) {
1862 assert(streq(a
->path
, b
->path
));
1864 if (takes_ownership(a
->type
) && takes_ownership(b
->type
))
1865 /* check if the items are the same */
1866 return streq_ptr(a
->argument
, b
->argument
) &&
1868 a
->uid_set
== b
->uid_set
&&
1871 a
->gid_set
== b
->gid_set
&&
1874 a
->mode_set
== b
->mode_set
&&
1875 a
->mode
== b
->mode
&&
1877 a
->age_set
== b
->age_set
&&
1880 a
->mask_perms
== b
->mask_perms
&&
1882 a
->keep_first_level
== b
->keep_first_level
&&
1884 a
->major_minor
== b
->major_minor
;
1889 static bool should_include_path(const char *path
) {
1892 STRV_FOREACH(prefix
, arg_exclude_prefixes
)
1893 if (path_startswith(path
, *prefix
)) {
1894 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1899 STRV_FOREACH(prefix
, arg_include_prefixes
)
1900 if (path_startswith(path
, *prefix
)) {
1901 log_debug("Entry \"%s\" matches include prefix \"%s\".", path
, *prefix
);
1905 /* no matches, so we should include this path only if we
1906 * have no whitelist at all */
1907 if (strv_isempty(arg_include_prefixes
))
1910 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path
);
1914 static int specifier_expansion_from_arg(Item
*i
) {
1915 _cleanup_free_
char *unescaped
= NULL
, *resolved
= NULL
;
1921 if (i
->argument
== NULL
)
1926 case CREATE_SYMLINK
:
1930 r
= cunescape(i
->argument
, 0, &unescaped
);
1932 return log_error_errno(r
, "Failed to unescape parameter to write: %s", i
->argument
);
1934 r
= specifier_printf(unescaped
, specifier_table
, NULL
, &resolved
);
1938 free_and_replace(i
->argument
, resolved
);
1942 case RECURSIVE_SET_XATTR
:
1945 STRV_FOREACH (xattr
, i
->xattrs
) {
1946 r
= specifier_printf(*xattr
, specifier_table
, NULL
, &resolved
);
1950 free_and_replace(*xattr
, resolved
);
1960 static int parse_line(const char *fname
, unsigned line
, const char *buffer
, bool *invalid_config
) {
1962 _cleanup_free_
char *action
= NULL
, *mode
= NULL
, *user
= NULL
, *group
= NULL
, *age
= NULL
, *path
= NULL
;
1963 _cleanup_(item_free_contents
) Item i
= {};
1964 ItemArray
*existing
;
1967 bool force
= false, boot
= false;
1973 r
= extract_many_words(
1985 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
1986 /* invalid quoting and such or an unknown specifier */
1987 *invalid_config
= true;
1988 return log_error_errno(r
, "[%s:%u] Failed to parse line: %m", fname
, line
);
1992 *invalid_config
= true;
1993 log_error("[%s:%u] Syntax error.", fname
, line
);
1997 if (!isempty(buffer
) && !streq(buffer
, "-")) {
1998 i
.argument
= strdup(buffer
);
2003 if (isempty(action
)) {
2004 *invalid_config
= true;
2005 log_error("[%s:%u] Command too short '%s'.", fname
, line
, action
);
2009 for (pos
= 1; action
[pos
]; pos
++) {
2010 if (action
[pos
] == '!' && !boot
)
2012 else if (action
[pos
] == '+' && !force
)
2015 *invalid_config
= true;
2016 log_error("[%s:%u] Unknown modifiers in command '%s'",
2017 fname
, line
, action
);
2022 if (boot
&& !arg_boot
) {
2023 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
2031 r
= specifier_printf(path
, specifier_table
, NULL
, &i
.path
);
2033 return log_unresolvable_specifier(fname
, line
);
2035 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
2036 *invalid_config
= true;
2037 return log_error_errno(r
, "[%s:%u] Failed to replace specifiers: %s", fname
, line
, path
);
2042 case CREATE_DIRECTORY
:
2043 case CREATE_SUBVOLUME
:
2044 case CREATE_SUBVOLUME_INHERIT_QUOTA
:
2045 case CREATE_SUBVOLUME_NEW_QUOTA
:
2046 case EMPTY_DIRECTORY
:
2047 case TRUNCATE_DIRECTORY
:
2050 case IGNORE_DIRECTORY_PATH
:
2052 case RECURSIVE_REMOVE_PATH
:
2055 case RECURSIVE_RELABEL_PATH
:
2057 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname
, line
, i
.type
);
2065 case CREATE_SYMLINK
:
2067 i
.argument
= strappend("/usr/share/factory/", i
.path
);
2075 *invalid_config
= true;
2076 log_error("[%s:%u] Write file requires argument.", fname
, line
);
2083 i
.argument
= strappend("/usr/share/factory/", i
.path
);
2086 } else if (!path_is_absolute(i
.argument
)) {
2087 *invalid_config
= true;
2088 log_error("[%s:%u] Source path is not absolute.", fname
, line
);
2092 path_kill_slashes(i
.argument
);
2095 case CREATE_CHAR_DEVICE
:
2096 case CREATE_BLOCK_DEVICE
: {
2097 unsigned major
, minor
;
2100 *invalid_config
= true;
2101 log_error("[%s:%u] Device file requires argument.", fname
, line
);
2105 if (sscanf(i
.argument
, "%u:%u", &major
, &minor
) != 2) {
2106 *invalid_config
= true;
2107 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname
, line
, i
.argument
);
2111 i
.major_minor
= makedev(major
, minor
);
2116 case RECURSIVE_SET_XATTR
:
2118 *invalid_config
= true;
2119 log_error("[%s:%u] Set extended attribute requires argument.", fname
, line
);
2122 r
= parse_xattrs_from_arg(&i
);
2128 case RECURSIVE_SET_ACL
:
2130 *invalid_config
= true;
2131 log_error("[%s:%u] Set ACLs requires argument.", fname
, line
);
2134 r
= parse_acls_from_arg(&i
);
2140 case RECURSIVE_SET_ATTRIBUTE
:
2142 *invalid_config
= true;
2143 log_error("[%s:%u] Set file attribute requires argument.", fname
, line
);
2146 r
= parse_attribute_from_arg(&i
);
2147 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
2148 *invalid_config
= true;
2154 log_error("[%s:%u] Unknown command type '%c'.", fname
, line
, (char) i
.type
);
2155 *invalid_config
= true;
2159 if (!path_is_absolute(i
.path
)) {
2160 log_error("[%s:%u] Path '%s' not absolute.", fname
, line
, i
.path
);
2161 *invalid_config
= true;
2165 path_kill_slashes(i
.path
);
2167 if (!should_include_path(i
.path
))
2170 r
= specifier_expansion_from_arg(&i
);
2172 return log_unresolvable_specifier(fname
, line
);
2174 if (IN_SET(r
, -EINVAL
, -EBADSLT
))
2175 *invalid_config
= true;
2176 return log_error_errno(r
, "[%s:%u] Failed to substitute specifiers in argument: %m",
2183 p
= prefix_root(arg_root
, i
.path
);
2191 if (!isempty(user
) && !streq(user
, "-")) {
2192 const char *u
= user
;
2194 r
= get_user_creds(&u
, &i
.uid
, NULL
, NULL
, NULL
);
2196 *invalid_config
= true;
2197 return log_error_errno(r
, "[%s:%u] Unknown user '%s'.", fname
, line
, user
);
2203 if (!isempty(group
) && !streq(group
, "-")) {
2204 const char *g
= group
;
2206 r
= get_group_creds(&g
, &i
.gid
);
2208 *invalid_config
= true;
2209 log_error("[%s:%u] Unknown group '%s'.", fname
, line
, group
);
2216 if (!isempty(mode
) && !streq(mode
, "-")) {
2217 const char *mm
= mode
;
2221 i
.mask_perms
= true;
2225 if (parse_mode(mm
, &m
) < 0) {
2226 *invalid_config
= true;
2227 log_error("[%s:%u] Invalid mode '%s'.", fname
, line
, mode
);
2234 i
.mode
= IN_SET(i
.type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
) ? 0755 : 0644;
2236 if (!isempty(age
) && !streq(age
, "-")) {
2237 const char *a
= age
;
2240 i
.keep_first_level
= true;
2244 if (parse_sec(a
, &i
.age
) < 0) {
2245 *invalid_config
= true;
2246 log_error("[%s:%u] Invalid age '%s'.", fname
, line
, age
);
2253 h
= needs_glob(i
.type
) ? globs
: items
;
2255 existing
= ordered_hashmap_get(h
, i
.path
);
2259 for (n
= 0; n
< existing
->count
; n
++) {
2260 if (!item_compatible(existing
->items
+ n
, &i
)) {
2261 log_notice("[%s:%u] Duplicate line for path \"%s\", ignoring.",
2262 fname
, line
, i
.path
);
2267 existing
= new0(ItemArray
, 1);
2271 r
= ordered_hashmap_put(h
, i
.path
, existing
);
2276 if (!GREEDY_REALLOC(existing
->items
, existing
->size
, existing
->count
+ 1))
2279 memcpy(existing
->items
+ existing
->count
++, &i
, sizeof(i
));
2281 /* Sort item array, to enforce stable ordering of application */
2282 qsort_safe(existing
->items
, existing
->count
, sizeof(Item
), item_compare
);
2288 static void help(void) {
2289 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
2290 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
2291 " -h --help Show this help\n"
2292 " --user Execute user configuration\n"
2293 " --version Show package version\n"
2294 " --create Create marked files/directories\n"
2295 " --clean Clean up marked directories\n"
2296 " --remove Remove marked files/directories\n"
2297 " --boot Execute actions only safe at boot\n"
2298 " --prefix=PATH Only apply rules with the specified prefix\n"
2299 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2300 " --root=PATH Operate on an alternate filesystem root\n"
2301 , program_invocation_short_name
);
2304 static int parse_argv(int argc
, char *argv
[]) {
2307 ARG_VERSION
= 0x100,
2318 static const struct option options
[] = {
2319 { "help", no_argument
, NULL
, 'h' },
2320 { "user", no_argument
, NULL
, ARG_USER
},
2321 { "version", no_argument
, NULL
, ARG_VERSION
},
2322 { "create", no_argument
, NULL
, ARG_CREATE
},
2323 { "clean", no_argument
, NULL
, ARG_CLEAN
},
2324 { "remove", no_argument
, NULL
, ARG_REMOVE
},
2325 { "boot", no_argument
, NULL
, ARG_BOOT
},
2326 { "prefix", required_argument
, NULL
, ARG_PREFIX
},
2327 { "exclude-prefix", required_argument
, NULL
, ARG_EXCLUDE_PREFIX
},
2328 { "root", required_argument
, NULL
, ARG_ROOT
},
2337 while ((c
= getopt_long(argc
, argv
, "h", options
, NULL
)) >= 0)
2369 if (strv_push(&arg_include_prefixes
, optarg
) < 0)
2373 case ARG_EXCLUDE_PREFIX
:
2374 if (strv_push(&arg_exclude_prefixes
, optarg
) < 0)
2379 r
= parse_path_argument_and_warn(optarg
, true, &arg_root
);
2388 assert_not_reached("Unhandled option");
2391 if (!arg_clean
&& !arg_create
&& !arg_remove
) {
2392 log_error("You need to specify at least one of --clean, --create or --remove.");
2399 static int read_config_file(const char **config_dirs
, const char *fn
, bool ignore_enoent
, bool *invalid_config
) {
2400 _cleanup_fclose_
FILE *_f
= NULL
;
2402 char line
[LINE_MAX
];
2410 if (streq(fn
, "-")) {
2411 log_debug("Reading config from stdin.");
2415 r
= search_and_fopen(fn
, "re", arg_root
, config_dirs
, &_f
);
2417 if (ignore_enoent
&& r
== -ENOENT
) {
2418 log_debug_errno(r
, "Failed to open \"%s\", ignoring: %m", fn
);
2422 return log_error_errno(r
, "Failed to open '%s': %m", fn
);
2424 log_debug("Reading config file \"%s\".", fn
);
2428 FOREACH_LINE(line
, f
, break) {
2431 bool invalid_line
= false;
2436 if (IN_SET(*l
, 0, '#'))
2439 k
= parse_line(fn
, v
, l
, &invalid_line
);
2442 /* Allow reporting with a special code if the caller requested this */
2443 *invalid_config
= true;
2445 /* The first error becomes our return value */
2450 /* we have to determine age parameter for each entry of type X */
2451 ORDERED_HASHMAP_FOREACH(i
, globs
, iterator
) {
2453 Item
*j
, *candidate_item
= NULL
;
2455 if (i
->type
!= IGNORE_DIRECTORY_PATH
)
2458 ORDERED_HASHMAP_FOREACH(j
, items
, iter
) {
2459 if (!IN_SET(j
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
, CREATE_SUBVOLUME
, CREATE_SUBVOLUME_INHERIT_QUOTA
, CREATE_SUBVOLUME_NEW_QUOTA
))
2462 if (path_equal(j
->path
, i
->path
)) {
2467 if ((!candidate_item
&& path_startswith(i
->path
, j
->path
)) ||
2468 (candidate_item
&& path_startswith(j
->path
, candidate_item
->path
) && (fnmatch(i
->path
, j
->path
, FNM_PATHNAME
| FNM_PERIOD
) == 0)))
2472 if (candidate_item
&& candidate_item
->age_set
) {
2473 i
->age
= candidate_item
->age
;
2479 log_error_errno(errno
, "Failed to read from file %s: %m", fn
);
2487 int main(int argc
, char *argv
[]) {
2491 _cleanup_strv_free_
char **config_dirs
= NULL
;
2492 bool invalid_config
= false;
2495 r
= parse_argv(argc
, argv
);
2499 log_set_target(LOG_TARGET_AUTO
);
2500 log_parse_environment();
2507 items
= ordered_hashmap_new(&string_hash_ops
);
2508 globs
= ordered_hashmap_new(&string_hash_ops
);
2510 if (!items
|| !globs
) {
2518 r
= user_config_paths(&config_dirs
);
2520 log_error_errno(r
, "Failed to initialize configuration directory list: %m");
2524 config_dirs
= strv_split_nulstr(CONF_PATHS_NULSTR("tmpfiles.d"));
2531 if (DEBUG_LOGGING
) {
2532 _cleanup_free_
char *t
= NULL
;
2534 t
= strv_join(config_dirs
, "\n\t");
2536 log_debug("Looking for configuration files in (higher priority first:\n\t%s", t
);
2539 if (optind
< argc
) {
2542 for (j
= optind
; j
< argc
; j
++) {
2543 k
= read_config_file((const char**) config_dirs
, argv
[j
], false, &invalid_config
);
2544 if (k
< 0 && r
== 0)
2549 _cleanup_strv_free_
char **files
= NULL
;
2551 r
= conf_files_list_strv(&files
, ".conf", arg_root
, 0, (const char* const*) config_dirs
);
2553 log_error_errno(r
, "Failed to enumerate tmpfiles.d files: %m");
2557 STRV_FOREACH(f
, files
) {
2558 k
= read_config_file((const char**) config_dirs
, *f
, true, &invalid_config
);
2559 if (k
< 0 && r
== 0)
2564 /* The non-globbing ones usually create things, hence we apply
2566 ORDERED_HASHMAP_FOREACH(a
, items
, iterator
) {
2567 k
= process_item_array(a
);
2568 if (k
< 0 && r
== 0)
2572 /* The globbing ones usually alter things, hence we apply them
2574 ORDERED_HASHMAP_FOREACH(a
, globs
, iterator
) {
2575 k
= process_item_array(a
);
2576 if (k
< 0 && r
== 0)
2581 ordered_hashmap_free_with_destructor(items
, item_array_free
);
2582 ordered_hashmap_free_with_destructor(globs
, item_array_free
);
2584 free(arg_include_prefixes
);
2585 free(arg_exclude_prefixes
);
2588 set_free_free(unix_sockets
);
2590 mac_selinux_finish();
2593 return EXIT_FAILURE
;
2594 else if (invalid_config
)
2597 return EXIT_SUCCESS
;