1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering, Kay Sievers
7 Copyright 2015 Zbigniew Jędrzejewski-Szmek
9 systemd is free software; you can redistribute it and/or modify it
10 under the terms of the GNU Lesser General Public License as published by
11 the Free Software Foundation; either version 2.1 of the License, or
12 (at your option) any later version.
14 systemd is distributed in the hope that it will be useful, but
15 WITHOUT ANY WARRANTY; without even the implied warranty of
16 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
17 Lesser General Public License for more details.
19 You should have received a copy of the GNU Lesser General Public License
20 along with systemd; If not, see <http://www.gnu.org/licenses/>.
38 #include <sys/xattr.h>
46 #include "path-util.h"
50 #include "conf-files.h"
51 #include "capability.h"
52 #include "specifier.h"
56 #include "selinux-util.h"
57 #include "btrfs-util.h"
59 #include "formats-util.h"
61 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
62 * them in the file system. This is intended to be used to create
63 * properly owned directories beneath /tmp, /var/tmp, /run, which are
64 * volatile and hence need to be recreated on bootup. */
66 typedef enum ItemType
{
67 /* These ones take file names */
70 CREATE_DIRECTORY
= 'd',
71 TRUNCATE_DIRECTORY
= 'D',
72 CREATE_SUBVOLUME
= 'v',
75 CREATE_CHAR_DEVICE
= 'c',
76 CREATE_BLOCK_DEVICE
= 'b',
79 /* These ones take globs */
82 RECURSIVE_SET_XATTR
= 'T',
84 RECURSIVE_SET_ACL
= 'A',
86 RECURSIVE_SET_ATTRIBUTE
= 'H',
88 IGNORE_DIRECTORY_PATH
= 'X',
90 RECURSIVE_REMOVE_PATH
= 'R',
92 RECURSIVE_RELABEL_PATH
= 'Z',
93 ADJUST_MODE
= 'm', /* legacy, 'z' is identical to this */
112 unsigned attribute_value
;
113 unsigned attribute_mask
;
120 bool attribute_set
:1;
122 bool keep_first_level
:1;
129 typedef struct ItemArray
{
135 static bool arg_create
= false;
136 static bool arg_clean
= false;
137 static bool arg_remove
= false;
138 static bool arg_boot
= false;
140 static char **arg_include_prefixes
= NULL
;
141 static char **arg_exclude_prefixes
= NULL
;
142 static char *arg_root
= NULL
;
144 static const char conf_file_dirs
[] = CONF_DIRS_NULSTR("tmpfiles");
146 #define MAX_DEPTH 256
148 static Hashmap
*items
= NULL
, *globs
= NULL
;
149 static Set
*unix_sockets
= NULL
;
151 static const Specifier specifier_table
[] = {
152 { 'm', specifier_machine_id
, NULL
},
153 { 'b', specifier_boot_id
, NULL
},
154 { 'H', specifier_host_name
, NULL
},
155 { 'v', specifier_kernel_release
, NULL
},
159 static bool needs_glob(ItemType t
) {
163 IGNORE_DIRECTORY_PATH
,
165 RECURSIVE_REMOVE_PATH
,
168 RECURSIVE_RELABEL_PATH
,
174 RECURSIVE_SET_ATTRIBUTE
);
177 static bool takes_ownership(ItemType t
) {
191 IGNORE_DIRECTORY_PATH
,
193 RECURSIVE_REMOVE_PATH
);
196 static struct Item
* find_glob(Hashmap
*h
, const char *match
) {
200 HASHMAP_FOREACH(j
, h
, i
) {
203 for (n
= 0; n
< j
->count
; n
++) {
204 Item
*item
= j
->items
+ n
;
206 if (fnmatch(item
->path
, match
, FNM_PATHNAME
|FNM_PERIOD
) == 0)
214 static void load_unix_sockets(void) {
215 _cleanup_fclose_
FILE *f
= NULL
;
221 /* We maintain a cache of the sockets we found in
222 * /proc/net/unix to speed things up a little. */
224 unix_sockets
= set_new(&string_hash_ops
);
228 f
= fopen("/proc/net/unix", "re");
233 if (!fgets(line
, sizeof(line
), f
))
240 if (!fgets(line
, sizeof(line
), f
))
245 p
= strchr(line
, ':');
253 p
+= strspn(p
, WHITESPACE
);
254 p
+= strcspn(p
, WHITESPACE
); /* skip one more word */
255 p
+= strspn(p
, WHITESPACE
);
264 path_kill_slashes(s
);
266 k
= set_consume(unix_sockets
, s
);
267 if (k
< 0 && k
!= -EEXIST
)
274 set_free_free(unix_sockets
);
278 static bool unix_socket_alive(const char *fn
) {
284 return !!set_get(unix_sockets
, (char*) fn
);
286 /* We don't know, so assume yes */
290 static int dir_is_mount_point(DIR *d
, const char *subdir
) {
292 union file_handle_union h
= FILE_HANDLE_INIT
;
293 int mount_id_parent
, mount_id
;
296 r_p
= name_to_handle_at(dirfd(d
), ".", &h
.handle
, &mount_id_parent
, 0);
300 h
.handle
.handle_bytes
= MAX_HANDLE_SZ
;
301 r
= name_to_handle_at(dirfd(d
), subdir
, &h
.handle
, &mount_id
, 0);
305 /* got no handle; make no assumptions, return error */
306 if (r_p
< 0 && r
< 0)
309 /* got both handles; if they differ, it is a mount point */
310 if (r_p
>= 0 && r
>= 0)
311 return mount_id_parent
!= mount_id
;
313 /* got only one handle; assume different mount points if one
314 * of both queries was not supported by the filesystem */
315 if (r_p
== -ENOSYS
|| r_p
== -EOPNOTSUPP
|| r
== -ENOSYS
|| r
== -EOPNOTSUPP
)
324 static DIR* xopendirat_nomod(int dirfd
, const char *path
) {
327 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
|O_NOATIME
);
331 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
335 dir
= xopendirat(dirfd
, path
, O_NOFOLLOW
);
337 log_debug_errno(errno
, "Cannot open %sdirectory \"%s\": %m", dirfd
== AT_FDCWD
? "" : "sub", path
);
342 static DIR* opendir_nomod(const char *path
) {
343 return xopendirat_nomod(AT_FDCWD
, path
);
346 static int dir_cleanup(
350 const struct stat
*ds
,
355 bool keep_this_level
) {
358 struct timespec times
[2];
359 bool deleted
= false;
362 while ((dent
= readdir(d
))) {
365 _cleanup_free_
char *sub_path
= NULL
;
367 if (STR_IN_SET(dent
->d_name
, ".", ".."))
370 if (fstatat(dirfd(d
), dent
->d_name
, &s
, AT_SYMLINK_NOFOLLOW
) < 0) {
374 /* FUSE, NFS mounts, SELinux might return EACCES */
376 log_debug_errno(errno
, "stat(%s/%s) failed: %m", p
, dent
->d_name
);
378 log_error_errno(errno
, "stat(%s/%s) failed: %m", p
, dent
->d_name
);
383 /* Stay on the same filesystem */
384 if (s
.st_dev
!= rootdev
) {
385 log_debug("Ignoring \"%s/%s\": different filesystem.", p
, dent
->d_name
);
389 /* Try to detect bind mounts of the same filesystem instance; they
390 * do not differ in device major/minors. This type of query is not
391 * supported on all kernels or filesystem types though. */
392 if (S_ISDIR(s
.st_mode
) && dir_is_mount_point(d
, dent
->d_name
) > 0) {
393 log_debug("Ignoring \"%s/%s\": different mount of the same filesystem.",
398 /* Do not delete read-only files owned by root */
399 if (s
.st_uid
== 0 && !(s
.st_mode
& S_IWUSR
)) {
400 log_debug("Ignoring \"%s/%s\": read-only and owner by root.", p
, dent
->d_name
);
404 sub_path
= strjoin(p
, "/", dent
->d_name
, NULL
);
410 /* Is there an item configured for this path? */
411 if (hashmap_get(items
, sub_path
)) {
412 log_debug("Ignoring \"%s\": a separate entry exists.", sub_path
);
416 if (find_glob(globs
, sub_path
)) {
417 log_debug("Ignoring \"%s\": a separate glob exists.", sub_path
);
421 if (S_ISDIR(s
.st_mode
)) {
424 streq(dent
->d_name
, "lost+found") &&
426 log_debug("Ignoring \"%s\".", sub_path
);
431 log_warning("Reached max depth on \"%s\".", sub_path
);
433 _cleanup_closedir_
DIR *sub_dir
;
436 sub_dir
= xopendirat_nomod(dirfd(d
), dent
->d_name
);
439 r
= log_error_errno(errno
, "opendir(%s) failed: %m", sub_path
);
444 q
= dir_cleanup(i
, sub_path
, sub_dir
, &s
, cutoff
, rootdev
, false, maxdepth
-1, false);
449 /* Note: if you are wondering why we don't
450 * support the sticky bit for excluding
451 * directories from cleaning like we do it for
452 * other file system objects: well, the sticky
453 * bit already has a meaning for directories,
454 * so we don't want to overload that. */
456 if (keep_this_level
) {
457 log_debug("Keeping \"%s\".", sub_path
);
461 /* Ignore ctime, we change it when deleting */
462 age
= timespec_load(&s
.st_mtim
);
464 char a
[FORMAT_TIMESTAMP_MAX
];
465 /* Follows spelling in stat(1). */
466 log_debug("Directory \"%s\": modify time %s is too new.",
468 format_timestamp_us(a
, sizeof(a
), age
));
472 age
= timespec_load(&s
.st_atim
);
474 char a
[FORMAT_TIMESTAMP_MAX
];
475 log_debug("Directory \"%s\": access time %s is too new.",
477 format_timestamp_us(a
, sizeof(a
), age
));
481 log_debug("Removing directory \"%s\".", sub_path
);
482 if (unlinkat(dirfd(d
), dent
->d_name
, AT_REMOVEDIR
) < 0)
483 if (errno
!= ENOENT
&& errno
!= ENOTEMPTY
) {
484 log_error_errno(errno
, "rmdir(%s): %m", sub_path
);
489 /* Skip files for which the sticky bit is
490 * set. These are semantics we define, and are
491 * unknown elsewhere. See XDG_RUNTIME_DIR
492 * specification for details. */
493 if (s
.st_mode
& S_ISVTX
) {
494 log_debug("Skipping \"%s\": sticky bit set.", sub_path
);
498 if (mountpoint
&& S_ISREG(s
.st_mode
))
499 if ((streq(dent
->d_name
, ".journal") && s
.st_uid
== 0) ||
500 streq(dent
->d_name
, "aquota.user") ||
501 streq(dent
->d_name
, "aquota.group")) {
502 log_debug("Skipping \"%s\".", sub_path
);
506 /* Ignore sockets that are listed in /proc/net/unix */
507 if (S_ISSOCK(s
.st_mode
) && unix_socket_alive(sub_path
)) {
508 log_debug("Skipping \"%s\": live socket.", sub_path
);
512 /* Ignore device nodes */
513 if (S_ISCHR(s
.st_mode
) || S_ISBLK(s
.st_mode
)) {
514 log_debug("Skipping \"%s\": a device.", sub_path
);
518 /* Keep files on this level around if this is
520 if (keep_this_level
) {
521 log_debug("Keeping \"%s\".", sub_path
);
525 age
= timespec_load(&s
.st_mtim
);
527 char a
[FORMAT_TIMESTAMP_MAX
];
528 /* Follows spelling in stat(1). */
529 log_debug("File \"%s\": modify time %s is too new.",
531 format_timestamp_us(a
, sizeof(a
), age
));
535 age
= timespec_load(&s
.st_atim
);
537 char a
[FORMAT_TIMESTAMP_MAX
];
538 log_debug("File \"%s\": access time %s is too new.",
540 format_timestamp_us(a
, sizeof(a
), age
));
544 age
= timespec_load(&s
.st_ctim
);
546 char a
[FORMAT_TIMESTAMP_MAX
];
547 log_debug("File \"%s\": change time %s is too new.",
549 format_timestamp_us(a
, sizeof(a
), age
));
553 log_debug("unlink \"%s\"", sub_path
);
555 if (unlinkat(dirfd(d
), dent
->d_name
, 0) < 0)
557 r
= log_error_errno(errno
, "unlink(%s): %m", sub_path
);
566 char a
[FORMAT_TIMESTAMP_MAX
], b
[FORMAT_TIMESTAMP_MAX
];
568 /* Restore original directory timestamps */
569 times
[0] = ds
->st_atim
;
570 times
[1] = ds
->st_mtim
;
572 age1
= timespec_load(&ds
->st_atim
);
573 age2
= timespec_load(&ds
->st_mtim
);
574 log_debug("Restoring access and modification time on \"%s\": %s, %s",
576 format_timestamp_us(a
, sizeof(a
), age1
),
577 format_timestamp_us(b
, sizeof(b
), age2
));
578 if (futimens(dirfd(d
), times
) < 0)
579 log_error_errno(errno
, "utimensat(%s): %m", p
);
585 static int path_set_perms(Item
*i
, const char *path
) {
592 st_valid
= stat(path
, &st
) == 0;
594 /* not using i->path directly because it may be a glob */
598 if (i
->mask_perms
&& st_valid
) {
599 if (!(st
.st_mode
& 0111))
601 if (!(st
.st_mode
& 0222))
603 if (!(st
.st_mode
& 0444))
605 if (!S_ISDIR(st
.st_mode
))
606 m
&= ~07000; /* remove sticky/sgid/suid bit, unless directory */
609 if (st_valid
&& m
== (st
.st_mode
& 07777))
610 log_debug("\"%s\" has right mode %o", path
, st
.st_mode
);
612 log_debug("chmod \"%s\" to mode %o", path
, m
);
613 if (chmod(path
, m
) < 0)
614 return log_error_errno(errno
, "chmod(%s) failed: %m", path
);
618 if ((!st_valid
|| i
->uid
!= st
.st_uid
|| i
->gid
!= st
.st_gid
) &&
619 (i
->uid_set
|| i
->gid_set
)) {
620 log_debug("chown \"%s\" to "UID_FMT
"."GID_FMT
,
622 i
->uid_set
? i
->uid
: UID_INVALID
,
623 i
->gid_set
? i
->gid
: GID_INVALID
);
625 i
->uid_set
? i
->uid
: UID_INVALID
,
626 i
->gid_set
? i
->gid
: GID_INVALID
) < 0)
628 return log_error_errno(errno
, "chown(%s) failed: %m", path
);
631 return label_fix(path
, false, false);
634 static int parse_xattrs_from_arg(Item
*i
) {
644 _cleanup_free_
char *name
= NULL
, *value
= NULL
, *xattr
= NULL
, *xattr_replaced
= NULL
;
646 r
= unquote_first_word(&p
, &xattr
, UNQUOTE_CUNESCAPE
);
648 log_warning_errno(r
, "Failed to parse extended attribute '%s', ignoring: %m", p
);
652 r
= specifier_printf(xattr
, specifier_table
, NULL
, &xattr_replaced
);
654 return log_error_errno(r
, "Failed to replace specifiers in extended attribute '%s': %m", xattr
);
656 r
= split_pair(xattr_replaced
, "=", &name
, &value
);
658 log_warning_errno(r
, "Failed to parse extended attribute, ignoring: %s", xattr
);
662 if (isempty(name
) || isempty(value
)) {
663 log_warning("Malformed extended attribute found, ignoring: %s", xattr
);
667 if (strv_push_pair(&i
->xattrs
, name
, value
) < 0)
676 static int path_set_xattrs(Item
*i
, const char *path
) {
677 char **name
, **value
;
682 STRV_FOREACH_PAIR(name
, value
, i
->xattrs
) {
686 log_debug("Setting extended attribute '%s=%s' on %s.", *name
, *value
, path
);
687 if (lsetxattr(path
, *name
, *value
, n
, 0) < 0) {
688 log_error("Setting extended attribute %s=%s on %s failed: %m", *name
, *value
, path
);
695 static int parse_acls_from_arg(Item
*item
) {
701 /* If force (= modify) is set, we will not modify the acl
702 * afterwards, so the mask can be added now if necessary. */
704 r
= parse_acl(item
->argument
, &item
->acl_access
, &item
->acl_default
, !item
->force
);
706 log_warning_errno(r
, "Failed to parse ACL \"%s\": %m. Ignoring", item
->argument
);
708 log_warning_errno(ENOSYS
, "ACLs are not supported. Ignoring");
715 static int path_set_acl(const char *path
, acl_type_t type
, acl_t acl
, bool modify
) {
716 _cleanup_(acl_freep
) acl_t dup
= NULL
;
718 _cleanup_(acl_free_charpp
) char *t
= NULL
;
720 /* Returns 0 for success, positive error if already warned,
721 * negative error otherwise. */
724 r
= acls_for_file(path
, type
, acl
, &dup
);
728 r
= calc_acl_mask_if_needed(&dup
);
736 /* the mask was already added earlier if needed */
739 r
= add_base_acls_if_needed(&dup
, path
);
743 t
= acl_to_any_text(dup
, NULL
, ',', TEXT_ABBREVIATE
);
744 log_debug("\"%s\": setting %s ACL \"%s\"", path
,
745 type
== ACL_TYPE_ACCESS
? "access" : "default",
748 r
= acl_set_file(path
, type
, dup
);
750 /* Return positive to indicate we already warned */
751 return -log_error_errno(errno
,
752 "Setting %s ACL \"%s\" on %s failed: %m",
753 type
== ACL_TYPE_ACCESS
? "access" : "default",
760 static int path_set_acls(Item
*item
, const char *path
) {
766 if (item
->acl_access
)
767 r
= path_set_acl(path
, ACL_TYPE_ACCESS
, item
->acl_access
, item
->force
);
769 if (r
== 0 && item
->acl_default
)
770 r
= path_set_acl(path
, ACL_TYPE_DEFAULT
, item
->acl_default
, item
->force
);
773 return -r
; /* already warned */
774 else if (r
== -EOPNOTSUPP
) {
775 log_debug_errno(r
, "ACLs not supported by file system at %s", path
);
778 log_error_errno(r
, "ACL operation on \"%s\" failed: %m", path
);
783 #define ATTRIBUTES_ALL \
792 FS_JOURNAL_DATA_FL | \
799 static int parse_attribute_from_arg(Item
*item
) {
801 static const struct {
805 { 'A', FS_NOATIME_FL
}, /* do not update atime */
806 { 'S', FS_SYNC_FL
}, /* Synchronous updates */
807 { 'D', FS_DIRSYNC_FL
}, /* dirsync behaviour (directories only) */
808 { 'a', FS_APPEND_FL
}, /* writes to file may only append */
809 { 'c', FS_COMPR_FL
}, /* Compress file */
810 { 'd', FS_NODUMP_FL
}, /* do not dump file */
811 { 'e', FS_EXTENT_FL
}, /* Top of directory hierarchies*/
812 { 'i', FS_IMMUTABLE_FL
}, /* Immutable file */
813 { 'j', FS_JOURNAL_DATA_FL
}, /* Reserved for ext3 */
814 { 's', FS_SECRM_FL
}, /* Secure deletion */
815 { 'u', FS_UNRM_FL
}, /* Undelete */
816 { 't', FS_NOTAIL_FL
}, /* file tail should not be merged */
817 { 'T', FS_TOPDIR_FL
}, /* Top of directory hierarchies*/
818 { 'C', FS_NOCOW_FL
}, /* Do not cow file */
827 unsigned value
= 0, mask
= 0;
837 } else if (*p
== '-') {
840 } else if (*p
== '=') {
846 if (isempty(p
) && mode
!= MODE_SET
) {
847 log_error("Setting file attribute on '%s' needs an attribute specification.", item
->path
);
851 for (; p
&& *p
; p
++) {
854 for (i
= 0; i
< ELEMENTSOF(attributes
); i
++)
855 if (*p
== attributes
[i
].character
)
858 if (i
>= ELEMENTSOF(attributes
)) {
859 log_error("Unknown file attribute '%c' on '%s'.", *p
, item
->path
);
863 v
= attributes
[i
].value
;
865 if (mode
== MODE_ADD
|| mode
== MODE_SET
)
873 if (mode
== MODE_SET
)
874 mask
|= ATTRIBUTES_ALL
;
878 item
->attribute_mask
= mask
;
879 item
->attribute_value
= value
;
880 item
->attribute_set
= true;
885 static int path_set_attribute(Item
*item
, const char *path
) {
886 _cleanup_close_
int fd
= -1;
891 if (!item
->attribute_set
|| item
->attribute_mask
== 0)
894 fd
= open(path
, O_RDONLY
|O_NONBLOCK
|O_CLOEXEC
);
896 return log_error_errno(errno
, "Cannot open '%s': %m", path
);
898 if (fstat(fd
, &st
) < 0)
899 return log_error_errno(errno
, "Cannot stat '%s': %m", path
);
901 /* Issuing the file attribute ioctls on device nodes is not
902 * safe, as that will be delivered to the drivers, not the
903 * file system containing the device node. */
904 if (!S_ISREG(st
.st_mode
) && !S_ISDIR(st
.st_mode
)) {
905 log_error("Setting file flags is only supported on regular files and directories, cannot set on '%s'.", path
);
909 f
= item
->attribute_value
& item
->attribute_mask
;
911 /* Mask away directory-specific flags */
912 if (!S_ISDIR(st
.st_mode
))
915 r
= chattr_fd(fd
, f
, item
->attribute_mask
);
917 return log_error_errno(r
,
918 "Cannot set file attribute for '%s', value=0x%08x, mask=0x%08x: %m",
919 path
, item
->attribute_value
, item
->attribute_mask
);
924 static int write_one_file(Item
*i
, const char *path
) {
925 _cleanup_close_
int fd
= -1;
932 flags
= i
->type
== CREATE_FILE
? O_CREAT
|O_APPEND
|O_NOFOLLOW
:
933 i
->type
== TRUNCATE_FILE
? O_CREAT
|O_TRUNC
|O_NOFOLLOW
: 0;
935 RUN_WITH_UMASK(0000) {
936 mac_selinux_create_file_prepare(path
, S_IFREG
);
937 fd
= open(path
, flags
|O_NDELAY
|O_CLOEXEC
|O_WRONLY
|O_NOCTTY
, i
->mode
);
938 mac_selinux_create_file_clear();
942 if (i
->type
== WRITE_FILE
&& errno
== ENOENT
) {
943 log_debug_errno(errno
, "Not writing \"%s\": %m", path
);
947 log_error_errno(errno
, "Failed to create file %s: %m", path
);
952 _cleanup_free_
char *unescaped
= NULL
, *replaced
= NULL
;
954 log_debug("%s to \"%s\".", i
->type
== CREATE_FILE
? "Appending" : "Writing", path
);
956 r
= cunescape(i
->argument
, 0, &unescaped
);
958 return log_error_errno(r
, "Failed to unescape parameter to write: %s", i
->argument
);
960 r
= specifier_printf(unescaped
, specifier_table
, NULL
, &replaced
);
962 return log_error_errno(r
, "Failed to replace specifiers in parameter to write '%s': %m", unescaped
);
964 r
= loop_write(fd
, replaced
, strlen(replaced
), false);
966 return log_error_errno(r
, "Failed to write file \"%s\": %m", path
);
968 log_debug("\"%s\" has been created.", path
);
972 if (stat(path
, &st
) < 0)
973 return log_error_errno(errno
, "stat(%s) failed: %m", path
);
975 if (!S_ISREG(st
.st_mode
)) {
976 log_error("%s is not a file.", path
);
980 r
= path_set_perms(i
, path
);
987 typedef int (*action_t
)(Item
*, const char *);
989 static int item_do_children(Item
*i
, const char *path
, action_t action
) {
990 _cleanup_closedir_
DIR *d
;
996 /* This returns the first error we run into, but nevertheless
999 d
= opendir_nomod(path
);
1001 return errno
== ENOENT
|| errno
== ENOTDIR
? 0 : -errno
;
1004 _cleanup_free_
char *p
= NULL
;
1011 if (errno
!= 0 && r
== 0)
1017 if (STR_IN_SET(de
->d_name
, ".", ".."))
1020 p
= strjoin(path
, "/", de
->d_name
, NULL
);
1025 if (q
< 0 && q
!= -ENOENT
&& r
== 0)
1028 if (IN_SET(de
->d_type
, DT_UNKNOWN
, DT_DIR
)) {
1029 q
= item_do_children(i
, p
, action
);
1030 if (q
< 0 && r
== 0)
1038 static int glob_item(Item
*i
, action_t action
, bool recursive
) {
1039 _cleanup_globfree_ glob_t g
= {
1040 .gl_closedir
= (void (*)(void *)) closedir
,
1041 .gl_readdir
= (struct dirent
*(*)(void *)) readdir
,
1042 .gl_opendir
= (void *(*)(const char *)) opendir_nomod
,
1050 k
= glob(i
->path
, GLOB_NOSORT
|GLOB_BRACE
|GLOB_ALTDIRFUNC
, NULL
, &g
);
1051 if (k
!= 0 && k
!= GLOB_NOMATCH
)
1052 return log_error_errno(errno
?: EIO
, "glob(%s) failed: %m", i
->path
);
1054 STRV_FOREACH(fn
, g
.gl_pathv
) {
1056 if (k
< 0 && r
== 0)
1060 k
= item_do_children(i
, *fn
, action
);
1061 if (k
< 0 && r
== 0)
1074 _CREATION_MODE_INVALID
= -1
1077 static const char *creation_mode_verb_table
[_CREATION_MODE_MAX
] = {
1078 [CREATION_NORMAL
] = "Created",
1079 [CREATION_EXISTING
] = "Found existing",
1080 [CREATION_FORCE
] = "Created replacement",
1083 DEFINE_PRIVATE_STRING_TABLE_LOOKUP_TO_STRING(creation_mode_verb
, CreationMode
);
1085 static int create_item(Item
*i
) {
1086 _cleanup_free_
char *resolved
= NULL
;
1089 CreationMode creation
;
1093 log_debug("Running create action for entry %c %s", (char) i
->type
, i
->path
);
1098 case IGNORE_DIRECTORY_PATH
:
1100 case RECURSIVE_REMOVE_PATH
:
1105 r
= write_one_file(i
, i
->path
);
1111 r
= specifier_printf(i
->argument
, specifier_table
, NULL
, &resolved
);
1113 return log_error_errno(r
, "Failed to substitute specifiers in copy source %s: %m", i
->argument
);
1115 log_debug("Copying tree \"%s\" to \"%s\".", resolved
, i
->path
);
1116 r
= copy_tree(resolved
, i
->path
, false);
1121 return log_error_errno(r
, "Failed to copy files to %s: %m", i
->path
);
1123 if (stat(resolved
, &a
) < 0)
1124 return log_error_errno(errno
, "stat(%s) failed: %m", resolved
);
1126 if (stat(i
->path
, &b
) < 0)
1127 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1129 if ((a
.st_mode
^ b
.st_mode
) & S_IFMT
) {
1130 log_debug("Can't copy to %s, file exists already and is of different type", i
->path
);
1135 r
= path_set_perms(i
, i
->path
);
1142 r
= glob_item(i
, write_one_file
, false);
1148 case CREATE_DIRECTORY
:
1149 case TRUNCATE_DIRECTORY
:
1150 case CREATE_SUBVOLUME
:
1152 RUN_WITH_UMASK(0000)
1153 mkdir_parents_label(i
->path
, 0755);
1155 if (i
->type
== CREATE_SUBVOLUME
)
1156 RUN_WITH_UMASK((~i
->mode
) & 0777) {
1157 r
= btrfs_subvol_make(i
->path
);
1158 log_debug_errno(r
, "Creating subvolume \"%s\": %m", i
->path
);
1163 if (IN_SET(i
->type
, CREATE_DIRECTORY
, TRUNCATE_DIRECTORY
) || r
== -ENOTTY
)
1164 RUN_WITH_UMASK(0000)
1165 r
= mkdir_label(i
->path
, i
->mode
);
1169 return log_error_errno(r
, "Failed to create directory or subvolume \"%s\": %m", i
->path
);
1171 if (stat(i
->path
, &st
) < 0)
1172 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1174 if (!S_ISDIR(st
.st_mode
)) {
1175 log_debug("\"%s\" already exists and is not a directory.", i
->path
);
1179 creation
= CREATION_EXISTING
;
1181 creation
= CREATION_NORMAL
;
1182 log_debug("%s directory \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1184 r
= path_set_perms(i
, i
->path
);
1192 RUN_WITH_UMASK(0000) {
1193 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1194 r
= mkfifo(i
->path
, i
->mode
);
1195 mac_selinux_create_file_clear();
1199 if (errno
!= EEXIST
)
1200 return log_error_errno(errno
, "Failed to create fifo %s: %m", i
->path
);
1202 if (stat(i
->path
, &st
) < 0)
1203 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1205 if (!S_ISFIFO(st
.st_mode
)) {
1209 RUN_WITH_UMASK(0000) {
1210 mac_selinux_create_file_prepare(i
->path
, S_IFIFO
);
1211 r
= mkfifo_atomic(i
->path
, i
->mode
);
1212 mac_selinux_create_file_clear();
1216 return log_error_errno(r
, "Failed to create fifo %s: %m", i
->path
);
1217 creation
= CREATION_FORCE
;
1219 log_debug("%s is not a fifo.", i
->path
);
1223 creation
= CREATION_EXISTING
;
1225 creation
= CREATION_NORMAL
;
1226 log_debug("%s fifo \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1228 r
= path_set_perms(i
, i
->path
);
1235 case CREATE_SYMLINK
: {
1236 r
= specifier_printf(i
->argument
, specifier_table
, NULL
, &resolved
);
1238 return log_error_errno(r
, "Failed to substitute specifiers in symlink target %s: %m", i
->argument
);
1240 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1241 r
= symlink(resolved
, i
->path
);
1242 mac_selinux_create_file_clear();
1245 _cleanup_free_
char *x
= NULL
;
1247 if (errno
!= EEXIST
)
1248 return log_error_errno(errno
, "symlink(%s, %s) failed: %m", resolved
, i
->path
);
1250 r
= readlink_malloc(i
->path
, &x
);
1251 if (r
< 0 || !streq(resolved
, x
)) {
1254 mac_selinux_create_file_prepare(i
->path
, S_IFLNK
);
1255 r
= symlink_atomic(resolved
, i
->path
);
1256 mac_selinux_create_file_clear();
1259 return log_error_errno(r
, "symlink(%s, %s) failed: %m", resolved
, i
->path
);
1260 creation
= CREATION_FORCE
;
1262 log_debug("\"%s\" is not a symlink or does not point to the correct path.", i
->path
);
1266 creation
= CREATION_EXISTING
;
1268 creation
= CREATION_NORMAL
;
1269 log_debug("%s symlink \"%s\".", creation_mode_verb_to_string(creation
), i
->path
);
1274 case CREATE_BLOCK_DEVICE
:
1275 case CREATE_CHAR_DEVICE
: {
1278 if (have_effective_cap(CAP_MKNOD
) == 0) {
1279 /* In a container we lack CAP_MKNOD. We
1280 shouldn't attempt to create the device node in
1281 that case to avoid noise, and we don't support
1282 virtualized devices in containers anyway. */
1284 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i
->path
);
1288 file_type
= i
->type
== CREATE_BLOCK_DEVICE
? S_IFBLK
: S_IFCHR
;
1290 RUN_WITH_UMASK(0000) {
1291 mac_selinux_create_file_prepare(i
->path
, file_type
);
1292 r
= mknod(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1293 mac_selinux_create_file_clear();
1297 if (errno
== EPERM
) {
1298 log_debug("We lack permissions, possibly because of cgroup configuration; "
1299 "skipping creation of device node %s.", i
->path
);
1303 if (errno
!= EEXIST
)
1304 return log_error_errno(errno
, "Failed to create device node %s: %m", i
->path
);
1306 if (stat(i
->path
, &st
) < 0)
1307 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1309 if ((st
.st_mode
& S_IFMT
) != file_type
) {
1313 RUN_WITH_UMASK(0000) {
1314 mac_selinux_create_file_prepare(i
->path
, file_type
);
1315 r
= mknod_atomic(i
->path
, i
->mode
| file_type
, i
->major_minor
);
1316 mac_selinux_create_file_clear();
1320 return log_error_errno(r
, "Failed to create device node \"%s\": %m", i
->path
);
1321 creation
= CREATION_FORCE
;
1323 log_debug("%s is not a device node.", i
->path
);
1327 creation
= CREATION_EXISTING
;
1329 creation
= CREATION_NORMAL
;
1330 log_debug("%s %s device node \"%s\" %u:%u.",
1331 creation_mode_verb_to_string(creation
),
1332 i
->type
== CREATE_BLOCK_DEVICE
? "block" : "char",
1333 i
->path
, major(i
->mode
), minor(i
->mode
));
1335 r
= path_set_perms(i
, i
->path
);
1344 r
= glob_item(i
, path_set_perms
, false);
1349 case RECURSIVE_RELABEL_PATH
:
1350 r
= glob_item(i
, path_set_perms
, true);
1356 r
= glob_item(i
, path_set_xattrs
, false);
1361 case RECURSIVE_SET_XATTR
:
1362 r
= glob_item(i
, path_set_xattrs
, true);
1368 r
= glob_item(i
, path_set_acls
, false);
1373 case RECURSIVE_SET_ACL
:
1374 r
= glob_item(i
, path_set_acls
, true);
1380 r
= glob_item(i
, path_set_attribute
, false);
1385 case RECURSIVE_SET_ATTRIBUTE
:
1386 r
= glob_item(i
, path_set_attribute
, true);
1395 static int remove_item_instance(Item
*i
, const char *instance
) {
1403 if (remove(instance
) < 0 && errno
!= ENOENT
)
1404 return log_error_errno(errno
, "rm(%s): %m", instance
);
1408 case TRUNCATE_DIRECTORY
:
1409 case RECURSIVE_REMOVE_PATH
:
1410 /* FIXME: we probably should use dir_cleanup() here
1411 * instead of rm_rf() so that 'x' is honoured. */
1412 log_debug("rm -rf \"%s\"", instance
);
1413 r
= rm_rf(instance
, (i
->type
== RECURSIVE_REMOVE_PATH
? REMOVE_ROOT
: 0) | REMOVE_PHYSICAL
);
1414 if (r
< 0 && r
!= -ENOENT
)
1415 return log_error_errno(r
, "rm_rf(%s): %m", instance
);
1420 assert_not_reached("wut?");
1426 static int remove_item(Item
*i
) {
1431 log_debug("Running remove action for entry %c %s", (char) i
->type
, i
->path
);
1437 case CREATE_DIRECTORY
:
1438 case CREATE_SUBVOLUME
:
1440 case CREATE_SYMLINK
:
1441 case CREATE_CHAR_DEVICE
:
1442 case CREATE_BLOCK_DEVICE
:
1444 case IGNORE_DIRECTORY_PATH
:
1447 case RECURSIVE_RELABEL_PATH
:
1451 case RECURSIVE_SET_XATTR
:
1453 case RECURSIVE_SET_ACL
:
1455 case RECURSIVE_SET_ATTRIBUTE
:
1459 case TRUNCATE_DIRECTORY
:
1460 case RECURSIVE_REMOVE_PATH
:
1461 r
= glob_item(i
, remove_item_instance
, false);
1468 static int clean_item_instance(Item
*i
, const char* instance
) {
1469 _cleanup_closedir_
DIR *d
= NULL
;
1473 char timestamp
[FORMAT_TIMESTAMP_MAX
];
1480 n
= now(CLOCK_REALTIME
);
1484 cutoff
= n
- i
->age
;
1486 d
= opendir_nomod(instance
);
1488 if (errno
== ENOENT
|| errno
== ENOTDIR
) {
1489 log_debug_errno(errno
, "Directory \"%s\": %m", instance
);
1493 log_error_errno(errno
, "Failed to open directory %s: %m", instance
);
1497 if (fstat(dirfd(d
), &s
) < 0)
1498 return log_error_errno(errno
, "stat(%s) failed: %m", i
->path
);
1500 if (!S_ISDIR(s
.st_mode
)) {
1501 log_error("%s is not a directory.", i
->path
);
1505 if (fstatat(dirfd(d
), "..", &ps
, AT_SYMLINK_NOFOLLOW
) != 0)
1506 return log_error_errno(errno
, "stat(%s/..) failed: %m", i
->path
);
1508 mountpoint
= s
.st_dev
!= ps
.st_dev
||
1509 (s
.st_dev
== ps
.st_dev
&& s
.st_ino
== ps
.st_ino
);
1511 log_debug("Cleanup threshold for %s \"%s\" is %s",
1512 mountpoint
? "mount point" : "directory",
1514 format_timestamp_us(timestamp
, sizeof(timestamp
), cutoff
));
1516 return dir_cleanup(i
, instance
, d
, &s
, cutoff
, s
.st_dev
, mountpoint
,
1517 MAX_DEPTH
, i
->keep_first_level
);
1520 static int clean_item(Item
*i
) {
1525 log_debug("Running clean action for entry %c %s", (char) i
->type
, i
->path
);
1528 case CREATE_DIRECTORY
:
1529 case CREATE_SUBVOLUME
:
1530 case TRUNCATE_DIRECTORY
:
1533 clean_item_instance(i
, i
->path
);
1535 case IGNORE_DIRECTORY_PATH
:
1536 r
= glob_item(i
, clean_item_instance
, false);
1545 static int process_item_array(ItemArray
*array
);
1547 static int process_item(Item
*i
) {
1549 _cleanup_free_
char *prefix
= NULL
;
1558 prefix
= malloc(strlen(i
->path
) + 1);
1562 PATH_FOREACH_PREFIX(prefix
, i
->path
) {
1565 j
= hashmap_get(items
, prefix
);
1569 s
= process_item_array(j
);
1570 if (s
< 0 && t
== 0)
1575 r
= arg_create
? create_item(i
) : 0;
1576 q
= arg_remove
? remove_item(i
) : 0;
1577 p
= arg_clean
? clean_item(i
) : 0;
1585 static int process_item_array(ItemArray
*array
) {
1591 for (n
= 0; n
< array
->count
; n
++) {
1592 k
= process_item(array
->items
+ n
);
1593 if (k
< 0 && r
== 0)
1600 static void item_free_contents(Item
*i
) {
1604 strv_free(i
->xattrs
);
1607 acl_free(i
->acl_access
);
1608 acl_free(i
->acl_default
);
1612 static void item_array_free(ItemArray
*a
) {
1618 for (n
= 0; n
< a
->count
; n
++)
1619 item_free_contents(a
->items
+ n
);
1624 static int item_compare(const void *a
, const void *b
) {
1625 const Item
*x
= a
, *y
= b
;
1627 /* Make sure that the ownership taking item is put first, so
1628 * that we first create the node, and then can adjust it */
1630 if (takes_ownership(x
->type
) && !takes_ownership(y
->type
))
1632 if (!takes_ownership(x
->type
) && takes_ownership(y
->type
))
1635 return (int) x
->type
- (int) y
->type
;
1638 static void item_array_sort(ItemArray
*a
) {
1640 /* Sort an item array, to enforce stable ordering in which we
1646 qsort(a
->items
, a
->count
, sizeof(Item
), item_compare
);
1649 static bool item_compatible(Item
*a
, Item
*b
) {
1652 assert(streq(a
->path
, b
->path
));
1654 if (takes_ownership(a
->type
) && takes_ownership(b
->type
))
1655 /* check if the items are the same */
1656 return streq_ptr(a
->argument
, b
->argument
) &&
1658 a
->uid_set
== b
->uid_set
&&
1661 a
->gid_set
== b
->gid_set
&&
1664 a
->mode_set
== b
->mode_set
&&
1665 a
->mode
== b
->mode
&&
1667 a
->age_set
== b
->age_set
&&
1670 a
->mask_perms
== b
->mask_perms
&&
1672 a
->keep_first_level
== b
->keep_first_level
&&
1674 a
->major_minor
== b
->major_minor
;
1679 static bool should_include_path(const char *path
) {
1682 STRV_FOREACH(prefix
, arg_exclude_prefixes
)
1683 if (path_startswith(path
, *prefix
)) {
1684 log_debug("Entry \"%s\" matches exclude prefix \"%s\", skipping.",
1689 STRV_FOREACH(prefix
, arg_include_prefixes
)
1690 if (path_startswith(path
, *prefix
)) {
1691 log_debug("Entry \"%s\" matches include prefix \"%s\".", path
, *prefix
);
1695 /* no matches, so we should include this path only if we
1696 * have no whitelist at all */
1697 if (strv_length(arg_include_prefixes
) == 0)
1700 log_debug("Entry \"%s\" does not match any include prefix, skipping.", path
);
1704 static int parse_line(const char *fname
, unsigned line
, const char *buffer
) {
1706 _cleanup_free_
char *action
= NULL
, *mode
= NULL
, *user
= NULL
, *group
= NULL
, *age
= NULL
, *path
= NULL
;
1707 _cleanup_(item_free_contents
) Item i
= {};
1708 ItemArray
*existing
;
1711 bool force
= false, boot
= false;
1717 r
= unquote_many_words(
1728 return log_error_errno(r
, "[%s:%u] Failed to parse line: %m", fname
, line
);
1730 log_error("[%s:%u] Syntax error.", fname
, line
);
1734 if (!isempty(buffer
)) {
1735 i
.argument
= strdup(buffer
);
1740 if (isempty(action
)) {
1741 log_error("[%s:%u] Command too short '%s'.", fname
, line
, action
);
1745 for (pos
= 1; action
[pos
]; pos
++) {
1746 if (action
[pos
] == '!' && !boot
)
1748 else if (action
[pos
] == '+' && !force
)
1751 log_error("[%s:%u] Unknown modifiers in command '%s'",
1752 fname
, line
, action
);
1757 if (boot
&& !arg_boot
) {
1758 log_debug("Ignoring entry %s \"%s\" because --boot is not specified.",
1766 r
= specifier_printf(path
, specifier_table
, NULL
, &i
.path
);
1768 log_error("[%s:%u] Failed to replace specifiers: %s", fname
, line
, path
);
1774 case CREATE_DIRECTORY
:
1775 case CREATE_SUBVOLUME
:
1776 case TRUNCATE_DIRECTORY
:
1779 case IGNORE_DIRECTORY_PATH
:
1781 case RECURSIVE_REMOVE_PATH
:
1784 case RECURSIVE_RELABEL_PATH
:
1786 log_warning("[%s:%u] %c lines don't take argument fields, ignoring.", fname
, line
, i
.type
);
1794 case CREATE_SYMLINK
:
1796 i
.argument
= strappend("/usr/share/factory/", i
.path
);
1804 log_error("[%s:%u] Write file requires argument.", fname
, line
);
1811 i
.argument
= strappend("/usr/share/factory/", i
.path
);
1814 } else if (!path_is_absolute(i
.argument
)) {
1815 log_error("[%s:%u] Source path is not absolute.", fname
, line
);
1819 path_kill_slashes(i
.argument
);
1822 case CREATE_CHAR_DEVICE
:
1823 case CREATE_BLOCK_DEVICE
: {
1824 unsigned major
, minor
;
1827 log_error("[%s:%u] Device file requires argument.", fname
, line
);
1831 if (sscanf(i
.argument
, "%u:%u", &major
, &minor
) != 2) {
1832 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname
, line
, i
.argument
);
1836 i
.major_minor
= makedev(major
, minor
);
1841 case RECURSIVE_SET_XATTR
:
1843 log_error("[%s:%u] Set extended attribute requires argument.", fname
, line
);
1846 r
= parse_xattrs_from_arg(&i
);
1852 case RECURSIVE_SET_ACL
:
1854 log_error("[%s:%u] Set ACLs requires argument.", fname
, line
);
1857 r
= parse_acls_from_arg(&i
);
1863 case RECURSIVE_SET_ATTRIBUTE
:
1865 log_error("[%s:%u] Set file attribute requires argument.", fname
, line
);
1868 r
= parse_attribute_from_arg(&i
);
1874 log_error("[%s:%u] Unknown command type '%c'.", fname
, line
, (char) i
.type
);
1878 if (!path_is_absolute(i
.path
)) {
1879 log_error("[%s:%u] Path '%s' not absolute.", fname
, line
, i
.path
);
1883 path_kill_slashes(i
.path
);
1885 if (!should_include_path(i
.path
))
1891 p
= strappend(arg_root
, i
.path
);
1899 if (!isempty(user
) && !streq(user
, "-")) {
1900 const char *u
= user
;
1902 r
= get_user_creds(&u
, &i
.uid
, NULL
, NULL
, NULL
);
1904 log_error("[%s:%u] Unknown user '%s'.", fname
, line
, user
);
1911 if (!isempty(group
) && !streq(group
, "-")) {
1912 const char *g
= group
;
1914 r
= get_group_creds(&g
, &i
.gid
);
1916 log_error("[%s:%u] Unknown group '%s'.", fname
, line
, group
);
1923 if (!isempty(mode
) && !streq(mode
, "-")) {
1924 const char *mm
= mode
;
1928 i
.mask_perms
= true;
1932 if (parse_mode(mm
, &m
) < 0) {
1933 log_error("[%s:%u] Invalid mode '%s'.", fname
, line
, mode
);
1940 i
.mode
= IN_SET(i
.type
, CREATE_DIRECTORY
, CREATE_SUBVOLUME
, TRUNCATE_DIRECTORY
)
1943 if (!isempty(age
) && !streq(age
, "-")) {
1944 const char *a
= age
;
1947 i
.keep_first_level
= true;
1951 if (parse_sec(a
, &i
.age
) < 0) {
1952 log_error("[%s:%u] Invalid age '%s'.", fname
, line
, age
);
1959 h
= needs_glob(i
.type
) ? globs
: items
;
1961 existing
= hashmap_get(h
, i
.path
);
1965 for (n
= 0; n
< existing
->count
; n
++) {
1966 if (!item_compatible(existing
->items
+ n
, &i
)) {
1967 log_warning("[%s:%u] Duplicate line for path \"%s\", ignoring.",
1968 fname
, line
, i
.path
);
1973 existing
= new0(ItemArray
, 1);
1974 r
= hashmap_put(h
, i
.path
, existing
);
1979 if (!GREEDY_REALLOC(existing
->items
, existing
->size
, existing
->count
+ 1))
1982 memcpy(existing
->items
+ existing
->count
++, &i
, sizeof(i
));
1983 item_array_sort(existing
);
1989 static void help(void) {
1990 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
1991 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
1992 " -h --help Show this help\n"
1993 " --version Show package version\n"
1994 " --create Create marked files/directories\n"
1995 " --clean Clean up marked directories\n"
1996 " --remove Remove marked files/directories\n"
1997 " --boot Execute actions only safe at boot\n"
1998 " --prefix=PATH Only apply rules with the specified prefix\n"
1999 " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
2000 " --root=PATH Operate on an alternate filesystem root\n",
2001 program_invocation_short_name
);
2004 static int parse_argv(int argc
, char *argv
[]) {
2007 ARG_VERSION
= 0x100,
2017 static const struct option options
[] = {
2018 { "help", no_argument
, NULL
, 'h' },
2019 { "version", no_argument
, NULL
, ARG_VERSION
},
2020 { "create", no_argument
, NULL
, ARG_CREATE
},
2021 { "clean", no_argument
, NULL
, ARG_CLEAN
},
2022 { "remove", no_argument
, NULL
, ARG_REMOVE
},
2023 { "boot", no_argument
, NULL
, ARG_BOOT
},
2024 { "prefix", required_argument
, NULL
, ARG_PREFIX
},
2025 { "exclude-prefix", required_argument
, NULL
, ARG_EXCLUDE_PREFIX
},
2026 { "root", required_argument
, NULL
, ARG_ROOT
},
2035 while ((c
= getopt_long(argc
, argv
, "h", options
, NULL
)) >= 0)
2044 puts(PACKAGE_STRING
);
2045 puts(SYSTEMD_FEATURES
);
2065 if (strv_push(&arg_include_prefixes
, optarg
) < 0)
2069 case ARG_EXCLUDE_PREFIX
:
2070 if (strv_push(&arg_exclude_prefixes
, optarg
) < 0)
2076 arg_root
= path_make_absolute_cwd(optarg
);
2080 path_kill_slashes(arg_root
);
2087 assert_not_reached("Unhandled option");
2090 if (!arg_clean
&& !arg_create
&& !arg_remove
) {
2091 log_error("You need to specify at least one of --clean, --create or --remove.");
2098 static int read_config_file(const char *fn
, bool ignore_enoent
) {
2099 _cleanup_fclose_
FILE *f
= NULL
;
2100 char line
[LINE_MAX
];
2108 r
= search_and_fopen_nulstr(fn
, "re", arg_root
, conf_file_dirs
, &f
);
2110 if (ignore_enoent
&& r
== -ENOENT
) {
2111 log_debug_errno(r
, "Failed to open \"%s\": %m", fn
);
2115 return log_error_errno(r
, "Failed to open '%s', ignoring: %m", fn
);
2117 log_debug("Reading config file \"%s\".", fn
);
2119 FOREACH_LINE(line
, f
, break) {
2126 if (*l
== '#' || *l
== 0)
2129 k
= parse_line(fn
, v
, l
);
2130 if (k
< 0 && r
== 0)
2134 /* we have to determine age parameter for each entry of type X */
2135 HASHMAP_FOREACH(i
, globs
, iterator
) {
2137 Item
*j
, *candidate_item
= NULL
;
2139 if (i
->type
!= IGNORE_DIRECTORY_PATH
)
2142 HASHMAP_FOREACH(j
, items
, iter
) {
2143 if (j
->type
!= CREATE_DIRECTORY
&& j
->type
!= TRUNCATE_DIRECTORY
&& j
->type
!= CREATE_SUBVOLUME
)
2146 if (path_equal(j
->path
, i
->path
)) {
2151 if ((!candidate_item
&& path_startswith(i
->path
, j
->path
)) ||
2152 (candidate_item
&& path_startswith(j
->path
, candidate_item
->path
) && (fnmatch(i
->path
, j
->path
, FNM_PATHNAME
| FNM_PERIOD
) == 0)))
2156 if (candidate_item
&& candidate_item
->age_set
) {
2157 i
->age
= candidate_item
->age
;
2163 log_error_errno(errno
, "Failed to read from file %s: %m", fn
);
2171 int main(int argc
, char *argv
[]) {
2176 r
= parse_argv(argc
, argv
);
2180 log_set_target(LOG_TARGET_AUTO
);
2181 log_parse_environment();
2186 mac_selinux_init(NULL
);
2188 items
= hashmap_new(&string_hash_ops
);
2189 globs
= hashmap_new(&string_hash_ops
);
2191 if (!items
|| !globs
) {
2198 if (optind
< argc
) {
2201 for (j
= optind
; j
< argc
; j
++) {
2202 k
= read_config_file(argv
[j
], false);
2203 if (k
< 0 && r
== 0)
2208 _cleanup_strv_free_
char **files
= NULL
;
2211 r
= conf_files_list_nulstr(&files
, ".conf", arg_root
, conf_file_dirs
);
2213 log_error_errno(r
, "Failed to enumerate tmpfiles.d files: %m");
2217 STRV_FOREACH(f
, files
) {
2218 k
= read_config_file(*f
, true);
2219 if (k
< 0 && r
== 0)
2224 /* The non-globbing ones usually create things, hence we apply
2226 HASHMAP_FOREACH(a
, items
, iterator
) {
2227 k
= process_item_array(a
);
2228 if (k
< 0 && r
== 0)
2232 /* The globbing ones usually alter things, hence we apply them
2234 HASHMAP_FOREACH(a
, globs
, iterator
) {
2235 k
= process_item_array(a
);
2236 if (k
< 0 && r
== 0)
2241 while ((a
= hashmap_steal_first(items
)))
2244 while ((a
= hashmap_steal_first(globs
)))
2247 hashmap_free(items
);
2248 hashmap_free(globs
);
2250 free(arg_include_prefixes
);
2251 free(arg_exclude_prefixes
);
2254 set_free_free(unix_sockets
);
2256 mac_selinux_finish();
2258 return r
< 0 ? EXIT_FAILURE
: EXIT_SUCCESS
;