the specified prefix. This option can be specified multiple
times.</para></listitem>
</varlistentry>
+
<varlistentry>
<term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
<listitem><para>Ignore rules with paths that start with the
times.</para></listitem>
</varlistentry>
+ <varlistentry>
+ <term><option>-E</option></term>
+ <listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
+ --exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
+ by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
+ the specified directory tree contains an OS tree without these virtual/memory file systems mounted
+ in, as it is typically not desirable to create any files and directories below these subdirectories
+ if they are supposed to be overmounted during runtime.</para></listitem>
+ </varlistentry>
+
<varlistentry>
<term><option>--root=<replaceable>root</replaceable></option></term>
<listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
<para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
inside the alternate root are read directly. This means that users/groups not listed in these files
- will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para></listitem>
+ will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>
+
+ <para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
+ or directories below mount points in the OS image operated on that are typically overmounted during
+ runtime.</para></listitem>
</varlistentry>
<varlistentry>
return cat_files(NULL, files, 0);
}
+static int exclude_default_prefixes(void) {
+ int r;
+
+ /* Provide an easy way to exclude virtual/memory file systems from what we do here. Useful in
+ * combination with --root= where we probably don't want to apply stuff to these dirs as they are
+ * likely over-mounted if the root directory is actually used, and it wouldbe less than ideal to have
+ * all kinds of files created/adjusted underneath these mount points. */
+
+ r = strv_extend_strv(
+ &arg_exclude_prefixes,
+ STRV_MAKE("/dev",
+ "/proc",
+ "/run",
+ "/sys"),
+ true);
+ if (r < 0)
+ return log_oom();
+
+ return 0;
+}
+
static int help(void) {
_cleanup_free_ char *link = NULL;
int r;
" --boot Execute actions only safe at boot\n"
" --prefix=PATH Only apply rules with the specified prefix\n"
" --exclude-prefix=PATH Ignore rules with the specified prefix\n"
+ " -E Ignore rules prefixed with /dev, /proc, /run, /sys\n"
" --root=PATH Operate on an alternate filesystem root\n"
" --replace=PATH Treat arguments as replacement for PATH\n"
" --no-pager Do not pipe output into a pager\n"
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
+ while ((c = getopt_long(argc, argv, "hE", options, NULL)) >= 0)
switch (c) {
return log_oom();
break;
+ case 'E':
+ r = exclude_default_prefixes();
+ if (r < 0)
+ return r;
+
+ break;
+
case ARG_ROOT:
r = parse_path_argument_and_warn(optarg, /* suppress_root= */ false, &arg_root);
if (r < 0)