This makes tmpfiles, sysusers, and udevd invoked in the following order:
1. systemd-tmpfiles-setup-dev-early.service
Create device nodes gracefully, that is, create device nodes anyway
by ignoring unknown users and groups.
2. systemd-sysusers.service
Create users and groups, to make later invocations of tmpfiles and
udevd can resolve necessary users and groups.
3. systemd-tmpfiles-setup-dev.service
Adjust owners of previously created device nodes.
4. systemd-udevd.service
Process all devices. Especially to make block devices active and can
be mountable.
5. systemd-tmpfiles-setup.service
Setup basic filesystem.
Follow-up for
b42482af904ae0b94a6e4501ec595448f0ba1c06.
Fixes #28653.
Replaces #28681 and #28732.
<refnamediv>
<refname>systemd-tmpfiles</refname>
<refname>systemd-tmpfiles-setup.service</refname>
+ <refname>systemd-tmpfiles-setup-dev-early.service</refname>
<refname>systemd-tmpfiles-setup-dev.service</refname>
<refname>systemd-tmpfiles-clean.service</refname>
<refname>systemd-tmpfiles-clean.timer</refname>
<para>System units:
<literallayout><filename>systemd-tmpfiles-setup.service</filename>
+<filename>systemd-tmpfiles-setup-dev-early.service</filename>
<filename>systemd-tmpfiles-setup-dev.service</filename>
<filename>systemd-tmpfiles-clean.service</filename>
<filename>systemd-tmpfiles-clean.timer</filename></literallayout></para>
searched for a matching file and the file found that has the highest priority is executed.</para>
<para>System services (<filename>systemd-tmpfiles-setup.service</filename>,
+ <filename>systemd-tmpfiles-setup-dev-early.service</filename>,
<filename>systemd-tmpfiles-setup-dev.service</filename>,
<filename>systemd-tmpfiles-clean.service</filename>) invoke <command>systemd-tmpfiles</command> to create
system files and to perform system wide cleanup. Those services read administrator-controlled
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"
+test_append_files() {
+ instmods snd_seq snd_timer tun
+ generate_module_dependencies
+}
do_test "$@"
--- /dev/null
+#!/usr/bin/env bash
+# SPDX-License-Identifier: LGPL-2.1-or-later
+set -ex
+set -o pipefail
+
+# shellcheck source=test/units/util.sh
+. "$(dirname "$0")"/util.sh
+
+# Tests for issue #28588 and #28653.
+
+# On boot, services need to be started in the following order:
+# 1. systemd-tmpfiles-setup-dev-early.service
+# 2. systemd-sysusers.service
+# 3. systemd-tmpfiles-setup-dev.service
+# 4. systemd-udevd.service
+
+output="$(systemctl show --property After --value systemd-udevd.service)"
+assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
+assert_in "systemd-sysusers.service" "$output"
+assert_in "systemd-tmpfiles-setup-dev.service" "$output"
+
+output="$(systemctl show --property After --value systemd-tmpfiles-setup-dev.service)"
+assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
+assert_in "systemd-sysusers.service" "$output"
+
+output="$(systemctl show --property After --value systemd-sysusers.service)"
+assert_in "systemd-tmpfiles-setup-dev-early.service" "$output"
+
+check_owner_and_mode() {
+ local dev=${1?}
+ local user=${2?}
+ local group=${3?}
+ local mode=${4:-}
+
+ if [[ -e "$dev" ]]; then
+ assert_in "$user" "$(stat --format=%U "$dev")"
+ assert_in "$group" "$(stat --format=%G "$dev")"
+ if [[ -n "$mode" ]]; then
+ assert_in "$mode" "$(stat --format=%#0a "$dev")"
+ fi
+ fi
+
+ return 0
+}
+
+# Check owner and access mode specified in static-nodes-permissions.conf
+check_owner_and_mode /dev/snd/seq root audio 0660
+check_owner_and_mode /dev/snd/timer root audio 0660
+check_owner_and_mode /dev/loop-control root disk 0660
+check_owner_and_mode /dev/net/tun root root 0666
+check_owner_and_mode /dev/fuse root root 0666
+check_owner_and_mode /dev/vfio/vfio root root 0666
+check_owner_and_mode /dev/kvm root kvm
+check_owner_and_mode /dev/vhost-net root kvm
+check_owner_and_mode /dev/vhost-vsock root kvm
+
+exit 0
[Unit]
Description=Create List of Static Device Nodes
DefaultDependencies=no
-Before=sysinit.target systemd-tmpfiles-setup-dev.service
+Before=sysinit.target systemd-tmpfiles-setup-dev-early.service
ConditionCapability=CAP_SYS_MODULE
ConditionFileNotEmpty=/lib/modules/%v/modules.devname
'conditions' : ['ENABLE_TMPFILES'],
'symlinks' : ['timers.target.wants/'],
},
+ {
+ 'file' : 'systemd-tmpfiles-setup-dev-early.service',
+ 'conditions' : ['ENABLE_TMPFILES'],
+ 'symlinks' : ['sysinit.target.wants/'],
+ },
{
'file' : 'systemd-tmpfiles-setup-dev.service',
'conditions' : ['ENABLE_TMPFILES'],
DefaultDependencies=no
After=systemd-remount-fs.service
+After=systemd-tmpfiles-setup-dev-early.service
+Before=systemd-tmpfiles-setup-dev.service
Before=sysinit.target systemd-update-done.service
Conflicts=shutdown.target initrd-switch-root.target
Before=shutdown.target initrd-switch-root.target
--- /dev/null
+# SPDX-License-Identifier: LGPL-2.1-or-later
+#
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+[Unit]
+Description=Create Static Device Nodes in /dev gracefully
+Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
+
+DefaultDependencies=no
+Before=sysinit.target local-fs-pre.target systemd-udevd.service
+Wants=local-fs-pre.target
+Conflicts=shutdown.target initrd-switch-root.target
+Before=shutdown.target initrd-switch-root.target
+
+[Service]
+Type=oneshot
+RemainAfterExit=yes
+ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful
+SuccessExitStatus=DATAERR CANTCREAT
+ImportCredential=tmpfiles.*
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
DefaultDependencies=no
+After=systemd-tmpfiles-setup-dev-early.service
Before=sysinit.target local-fs-pre.target systemd-udevd.service
Wants=local-fs-pre.target
Conflicts=shutdown.target initrd-switch-root.target
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=systemd-tmpfiles --prefix=/dev --create --boot --graceful
+ExecStart=systemd-tmpfiles --prefix=/dev --create --boot
SuccessExitStatus=DATAERR CANTCREAT
ImportCredential=tmpfiles.*
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=systemd-tmpfiles --create --remove --boot
+ExecStart=systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev
SuccessExitStatus=DATAERR CANTCREAT
ImportCredential=tmpfiles.*
ImportCredential=login.motd
projects / thirdparty / systemd.git / commitdiff
