tmpfiles.d: change all subvolumes to use quota Let's make sure the subvolumes we create fit into a sensible definition of a quota tree.

tmpfiles.d: upgrade a couple of directories we create at boot to subvolumes In particular we upgrade /var/lib/container, /var/tmp and /tmp to subvolumes.

namespace: include boot id in private tmp directories This way it is easy to only exclude directories from the current boot from automatic clean up in /var/tmp. Also, pick a longer name for the directories so that are globs in tmp.conf can be simpler yet equally accurate.

tmpfiles: adjust excludes for the new per-service private dirs In d8c9d3a (systemd: use unit name in PrivateTmp directories) I forgot to update the tmpfiles config.

Make PrivateTmp dirs also inaccessible from the outside Currently, PrivateTmp=yes means that the service cannot see the /tmp shared by rest of the system and is isolated from other services using PrivateTmp, but users can access and modify /tmp as seen by the service. Move the private /tmp and /var/tmp directories into a 0077-mode directory. This way unpriviledged users on the system cannot see (or modify) /tmp as seen by the service.

tmpfiles: exclude /var/tmp/systemd-private-* too

tmpfiles: exclude /tmp/systemd-private-* from cleanup See http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/6874/focus=6891 Should fix https://bugzilla.redhat.com/show_bug.cgi?id=866693

relicense to LGPLv2.1 (with exceptions) We finally got the OK from all contributors with non-trivial commits to relicense systemd from GPL2+ to LGPL2.1+. Some udev bits continue to be GPL2+ for now, but we are looking into relicensing them too, to allow free copy/paste of all code within systemd. The bits that used to be MIT continue to be MIT. The big benefit of the relicensing is that closed source code may now link against libsystemd-login.so and friends.

tmpfiles: Move /tmp and /var/tmp to a separate tmpfiles.d file to ease overrides via /etc Many people prefer to avoid clearing /tmp and /var/tmp, and distributions often have explicit settings for how often to clear them if at all. Overriding those with systemd currently requires overriding all of /usr/lib/tmpfiles.d/systemd.conf via /etc/tmpfiles.d/systemd.conf, copying across all the other entries, and updating that override when systemd.conf changes. Move the /tmp and /var/tmp entries from systemd.conf to a separate tmp.conf, making them easier to override without affecting the rest of systemd.conf.