From dd04fb3268691ad847f72c5852eb1e208fc7d627 Mon Sep 17 00:00:00 2001 From: Lennart Poettering Date: Tue, 28 Jul 2020 17:52:23 +0200 Subject: [PATCH] tmpfiles: add new switch -E for quickly excluding /proc, /dev, /sys and /run --- man/systemd-tmpfiles.xml | 17 ++++++++++++++++- src/tmpfiles/tmpfiles.c | 31 ++++++++++++++++++++++++++++++- 2 files changed, 46 insertions(+), 2 deletions(-) diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml index 998fd0911ba..e3bb1db7c6b 100644 --- a/man/systemd-tmpfiles.xml +++ b/man/systemd-tmpfiles.xml @@ -149,6 +149,7 @@ the specified prefix. This option can be specified multiple times. + Ignore rules with paths that start with the @@ -156,6 +157,16 @@ times. + + + A shortcut for --exclude-prefix=/dev --exclude-prefix=/proc + --exclude-prefix=/run --exclude-prefix=/sys, i.e. exclude the hierarchies typically backed + by virtual or memory file systems. This is useful in combination with , if + the specified directory tree contains an OS tree without these virtual/memory file systems mounted + in, as it is typically not desirable to create any files and directories below these subdirectories + if they are supposed to be overmounted during runtime. + + Takes a directory path as an argument. All paths will be prefixed with the given alternate @@ -164,7 +175,11 @@ When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users and groups. Instead the files /etc/passwd and /etc/group inside the alternate root are read directly. This means that users/groups not listed in these files - will not be resolved, i.e. LDAP NIS and other complex databases are not considered. + will not be resolved, i.e. LDAP NIS and other complex databases are not considered. + + Consider combining this with to ensure the invocation does not create files + or directories below mount points in the OS image operated on that are typically overmounted during + runtime. diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index 2404e36bf29..3c800d5fa8e 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -2884,6 +2884,27 @@ static int cat_config(char **config_dirs, char **args) { return cat_files(NULL, files, 0); } +static int exclude_default_prefixes(void) { + int r; + + /* Provide an easy way to exclude virtual/memory file systems from what we do here. Useful in + * combination with --root= where we probably don't want to apply stuff to these dirs as they are + * likely over-mounted if the root directory is actually used, and it wouldbe less than ideal to have + * all kinds of files created/adjusted underneath these mount points. */ + + r = strv_extend_strv( + &arg_exclude_prefixes, + STRV_MAKE("/dev", + "/proc", + "/run", + "/sys"), + true); + if (r < 0) + return log_oom(); + + return 0; +} + static int help(void) { _cleanup_free_ char *link = NULL; int r; @@ -2904,6 +2925,7 @@ static int help(void) { " --boot Execute actions only safe at boot\n" " --prefix=PATH Only apply rules with the specified prefix\n" " --exclude-prefix=PATH Ignore rules with the specified prefix\n" + " -E Ignore rules prefixed with /dev, /proc, /run, /sys\n" " --root=PATH Operate on an alternate filesystem root\n" " --replace=PATH Treat arguments as replacement for PATH\n" " --no-pager Do not pipe output into a pager\n" @@ -2954,7 +2976,7 @@ static int parse_argv(int argc, char *argv[]) { assert(argc >= 0); assert(argv); - while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) + while ((c = getopt_long(argc, argv, "hE", options, NULL)) >= 0) switch (c) { @@ -2998,6 +3020,13 @@ static int parse_argv(int argc, char *argv[]) { return log_oom(); break; + case 'E': + r = exclude_default_prefixes(); + if (r < 0) + return r; + + break; + case ARG_ROOT: r = parse_path_argument_and_warn(optarg, /* suppress_root= */ false, &arg_root); if (r < 0) -- 2.39.2