tmpfiles.c revision 081043cf06cc67a327f55806039639c55acdd439
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering, Kay Sievers
Copyright 2015 Zbigniew Jędrzejewski-Szmek
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <limits.h>
#include <dirent.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <getopt.h>
#include <stdbool.h>
#include <time.h>
#include <glob.h>
#include <fnmatch.h>
#include "log.h"
#include "util.h"
#include "macro.h"
#include "missing.h"
#include "mkdir.h"
#include "path-util.h"
#include "strv.h"
#include "label.h"
#include "set.h"
#include "conf-files.h"
#include "capability.h"
#include "specifier.h"
#include "build.h"
#include "copy.h"
#include "selinux-util.h"
#include "btrfs-util.h"
#include "acl-util.h"
/* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
* them in the file system. This is intended to be used to create
* volatile and hence need to be recreated on bootup. */
typedef enum ItemType {
/* These ones take file names */
CREATE_FILE = 'f',
TRUNCATE_FILE = 'F',
CREATE_DIRECTORY = 'd',
TRUNCATE_DIRECTORY = 'D',
CREATE_SUBVOLUME = 'v',
CREATE_FIFO = 'p',
CREATE_SYMLINK = 'L',
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
SET_XATTR = 't',
SET_ACL = 'a',
/* These ones take globs */
WRITE_FILE = 'w',
IGNORE_PATH = 'x',
IGNORE_DIRECTORY_PATH = 'X',
REMOVE_PATH = 'r',
RECURSIVE_REMOVE_PATH = 'R',
RELABEL_PATH = 'z',
RECURSIVE_RELABEL_PATH = 'Z',
} ItemType;
typedef struct Item {
char *path;
char *argument;
char **xattrs;
#ifdef HAVE_ACL
#endif
bool uid_set:1;
bool gid_set:1;
bool mode_set:1;
bool age_set:1;
bool mask_perms:1;
bool keep_first_level:1;
bool force:1;
bool done:1;
} Item;
typedef struct ItemArray {
} ItemArray;
static bool arg_create = false;
static bool arg_clean = false;
static bool arg_remove = false;
static bool arg_boot = false;
static char **arg_include_prefixes = NULL;
static char **arg_exclude_prefixes = NULL;
#define MAX_DEPTH 256
static bool needs_glob(ItemType t) {
return IN_SET(t,
}
static bool takes_ownership(ItemType t) {
return IN_SET(t,
}
ItemArray *j;
Iterator i;
HASHMAP_FOREACH(j, h, i) {
unsigned n;
for (n = 0; n < j->count; n++) {
return item;
}
}
return NULL;
}
static void load_unix_sockets(void) {
if (unix_sockets)
return;
/* We maintain a cache of the sockets we found in
if (!unix_sockets)
return;
if (!f)
return;
/* Skip header */
goto fail;
for (;;) {
char *p, *s;
int k;
break;
if (!p)
continue;
if (strlen(p) < 37)
continue;
p += 37;
p += strspn(p, WHITESPACE);
p += strspn(p, WHITESPACE);
if (*p != '/')
continue;
s = strdup(p);
if (!s)
goto fail;
k = set_consume(unix_sockets, s);
if (k < 0 && k != -EEXIST)
goto fail;
}
return;
fail:
unix_sockets = NULL;
}
static bool unix_socket_alive(const char *fn) {
if (unix_sockets)
/* We don't know, so assume yes */
return true;
}
union file_handle_union h = FILE_HANDLE_INIT;
int mount_id_parent, mount_id;
int r_p, r;
if (r_p < 0)
if (r < 0)
r = -errno;
/* got no handle; make no assumptions, return error */
if (r_p < 0 && r < 0)
return r_p;
/* got both handles; if they differ, it is a mount point */
if (r_p >= 0 && r >= 0)
return mount_id_parent != mount_id;
/* got only one handle; assume different mount points if one
* of both queries was not supported by the filesystem */
return true;
/* return error */
if (r_p < 0)
return r_p;
return r;
}
static int dir_cleanup(
Item *i,
const char *p,
DIR *d,
bool mountpoint,
int maxdepth,
bool keep_this_level) {
bool deleted = false;
int r = 0;
struct stat s;
continue;
continue;
/* FUSE, NFS mounts, SELinux might return EACCES */
else
r = -errno;
continue;
}
/* Stay on the same filesystem */
continue;
/* Try to detect bind mounts of the same filesystem instance; they
* supported on all kernels or filesystem types though. */
continue;
/* Do not delete read-only files owned by root */
continue;
if (!sub_path) {
r = log_oom();
goto finish;
}
/* Is there an item configured for this path? */
continue;
continue;
if (mountpoint &&
s.st_uid == 0)
continue;
if (maxdepth <= 0)
else {
int q;
if (!sub_dir) {
r = -errno;
}
continue;
}
if (q < 0)
r = q;
}
/* Note: if you are wondering why we don't
* support the sticky bit for excluding
* directories from cleaning like we do it for
* other file system objects: well, the sticky
* bit already has a meaning for directories,
* so we don't want to overload that. */
if (keep_this_level)
continue;
/* Ignore ctime, we change it when deleting */
timespec_load(&s.st_atim));
continue;
r = -errno;
}
}
}
} else {
/* Skip files for which the sticky bit is
* set. These are semantics we define, and are
* unknown elsewhere. See XDG_RUNTIME_DIR
* specification for details. */
continue;
s.st_uid == 0)
continue;
continue;
}
continue;
/* Ignore device nodes */
continue;
/* Keep files on this level around if this is
* requested */
if (keep_this_level)
continue;
timespec_load(&s.st_atim),
timespec_load(&s.st_ctim));
continue;
r = -errno;
}
}
deleted = true;
}
}
if (deleted) {
/* Restore original directory timestamps */
}
return r;
}
bool st_valid;
assert(i);
/* not using i->path directly because it may be a glob */
if (i->mode_set) {
if (i->mask_perms && st_valid) {
m &= ~0111;
m &= ~0222;
m &= ~0444;
}
}
}
}
static int get_xattrs_from_arg(Item *i) {
char *xattr;
const char *p;
int r;
assert(i);
p = i->argument;
while ((r = unquote_first_word(&p, &xattr, false)) > 0) {
if (r < 0) {
continue;
}
continue;
}
if (!tmp)
return log_oom();
if (!value2)
return log_oom();
return log_oom();
}
return r;
}
assert(i);
int n;
log_error("Setting extended attribute %s=%s on %s failed: %m",
return -errno;
}
}
return 0;
}
#ifdef HAVE_ACL
int r;
if (r < 0)
#else
#endif
return 0;
}
#ifdef HAVE_ACL
int r;
if (item->acl_access) {
if (r < 0) {
_cleanup_(acl_free_charpp) char *t;
return log_error_errno(errno,
"Setting access ACL \"%s\" on %s failed: %m",
}
}
if (item->acl_default) {
if (r < 0) {
_cleanup_(acl_free_charpp) char *t;
return log_error_errno(errno,
"Setting default ACL \"%s\" on %s failed: %m",
}
}
#endif
return 0;
}
int flags, r = 0;
assert(i);
RUN_WITH_UMASK(0000) {
}
if (fd < 0) {
return 0;
return -errno;
}
if (i->argument) {
_cleanup_free_ char *unescaped;
ssize_t n;
size_t l;
if (!unescaped)
return log_oom();
if (n < 0 || (size_t) n < l) {
return n < 0 ? n : -EIO;
}
}
return -EEXIST;
}
r = item_set_perms(i, path);
if (r < 0)
return r;
return 0;
}
int r = 0;
assert(i);
/* This returns the first error we run into, but nevertheless
* tries to go on */
if (!d)
for (;;) {
_cleanup_free_ char *p = NULL;
int q;
errno = 0;
if (!de) {
if (errno != 0 && r == 0)
r = -errno;
break;
}
continue;
if (!p)
return -ENOMEM;
q = action(i, p);
if (q < 0 && q != -ENOENT && r == 0)
r = q;
q = item_do_children(i, p, action);
if (q < 0 && r == 0)
r = q;
}
}
return r;
}
_cleanup_globfree_ glob_t g = {};
int r = 0, k;
char **fn;
errno = 0;
if (k != 0 && k != GLOB_NOMATCH)
if (k < 0 && r == 0)
r = k;
if (recursive) {
if (k < 0 && r == 0)
r = k;
}
}
return r;
}
static int create_item(Item *i) {
int r = 0;
assert(i);
switch (i->type) {
case IGNORE_PATH:
case IGNORE_DIRECTORY_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
return 0;
case CREATE_FILE:
case TRUNCATE_FILE:
r = write_one_file(i, i->path);
if (r < 0)
return r;
break;
case COPY_FILES:
if (r < 0) {
struct stat a, b;
if (r != -EEXIST)
return 0;
}
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
case WRITE_FILE:
r = glob_item(i, write_one_file, false);
if (r < 0)
return r;
break;
case CREATE_DIRECTORY:
case TRUNCATE_DIRECTORY:
case CREATE_SUBVOLUME:
RUN_WITH_UMASK(0000)
if (i->type == CREATE_SUBVOLUME) {
r = btrfs_subvol_make(i->path);
} else
r = 0;
RUN_WITH_UMASK(0000)
}
if (r < 0) {
if (r != -EEXIST)
return 0;
}
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
case CREATE_FIFO:
RUN_WITH_UMASK(0000) {
}
if (r < 0) {
if (i->force) {
RUN_WITH_UMASK(0000) {
}
if (r < 0)
} else {
return 0;
}
}
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
case CREATE_SYMLINK:
if (r < 0) {
_cleanup_free_ char *x = NULL;
r = readlink_malloc(i->path, &x);
if (i->force) {
if (r < 0)
} else {
return 0;
}
}
}
break;
case CREATE_BLOCK_DEVICE:
case CREATE_CHAR_DEVICE: {
if (have_effective_cap(CAP_MKNOD) == 0) {
/* In a container we lack CAP_MKNOD. We
shouldn't attempt to create the device node in
that case to avoid noise, and we don't support
virtualized devices in containers anyway. */
return 0;
}
RUN_WITH_UMASK(0000) {
}
if (r < 0) {
log_debug("We lack permissions, possibly because of cgroup configuration; "
"skipping creation of device node %s.", i->path);
return 0;
}
if (i->force) {
RUN_WITH_UMASK(0000) {
}
if (r < 0)
} else {
return 0;
}
}
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
}
case ADJUST_MODE:
case RELABEL_PATH:
r = glob_item(i, item_set_perms, false);
if (r < 0)
return r;
break;
case RECURSIVE_RELABEL_PATH:
r = glob_item(i, item_set_perms, true);
if (r < 0)
return r;
break;
case SET_XATTR:
r = item_set_xattrs(i, i->path);
if (r < 0)
return r;
break;
case SET_ACL:
r = item_set_acl(i, i->path);
if (r < 0)
return r;
}
return 0;
}
int r;
assert(i);
switch (i->type) {
case CREATE_FILE:
case TRUNCATE_FILE:
case CREATE_DIRECTORY:
case CREATE_SUBVOLUME:
case CREATE_FIFO:
case CREATE_SYMLINK:
case CREATE_BLOCK_DEVICE:
case CREATE_CHAR_DEVICE:
case IGNORE_PATH:
case IGNORE_DIRECTORY_PATH:
case ADJUST_MODE:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
case SET_ACL:
break;
case REMOVE_PATH:
break;
case TRUNCATE_DIRECTORY:
case RECURSIVE_REMOVE_PATH:
/* FIXME: we probably should use dir_cleanup() here
* instead of rm_rf() so that 'x' is honoured. */
if (r < 0 && r != -ENOENT)
break;
}
return 0;
}
static int remove_item(Item *i) {
int r = 0;
assert(i);
switch (i->type) {
case CREATE_FILE:
case TRUNCATE_FILE:
case CREATE_DIRECTORY:
case CREATE_SUBVOLUME:
case CREATE_FIFO:
case CREATE_SYMLINK:
case CREATE_CHAR_DEVICE:
case CREATE_BLOCK_DEVICE:
case IGNORE_PATH:
case IGNORE_DIRECTORY_PATH:
case ADJUST_MODE:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
case COPY_FILES:
case SET_XATTR:
case SET_ACL:
break;
case REMOVE_PATH:
case TRUNCATE_DIRECTORY:
case RECURSIVE_REMOVE_PATH:
r = glob_item(i, remove_item_instance, false);
break;
}
return r;
}
bool mountpoint;
int r;
assert(i);
if (!i->age_set)
return 0;
n = now(CLOCK_REALTIME);
if (n < i->age)
return 0;
if (!d) {
return 0;
return -errno;
}
return -ENOTDIR;
}
MAX_DEPTH, i->keep_first_level);
return r;
}
static int clean_item(Item *i) {
int r = 0;
assert(i);
switch (i->type) {
case CREATE_DIRECTORY:
case CREATE_SUBVOLUME:
case TRUNCATE_DIRECTORY:
case IGNORE_PATH:
case COPY_FILES:
clean_item_instance(i, i->path);
break;
case IGNORE_DIRECTORY_PATH:
r = glob_item(i, clean_item_instance, false);
break;
default:
break;
}
return r;
}
static int process_item(Item *i) {
int r, q, p, t = 0;
assert(i);
if (i->done)
return 0;
i->done = true;
if (!prefix)
return log_oom();
ItemArray *j;
if (j) {
int s;
s = process_item_array(j);
if (s < 0 && t == 0)
t = s;
}
}
r = arg_create ? create_item(i) : 0;
q = arg_remove ? remove_item(i) : 0;
p = arg_clean ? clean_item(i) : 0;
return t < 0 ? t :
r < 0 ? r :
q < 0 ? q :
p;
}
unsigned n;
int r = 0, k;
if (k < 0 && r == 0)
r = k;
}
return r;
}
static void item_free_contents(Item *i) {
assert(i);
#ifdef HAVE_ACL
acl_free(i->acl_access);
acl_free(i->acl_default);
#endif
}
static void item_array_free(ItemArray *a) {
unsigned n;
if (!a)
return;
for (n = 0; n < a->count; n++)
item_free_contents(a->items + n);
free(a);
}
assert(a);
assert(b);
/* check if the items are the same */
a->mask_perms == b->mask_perms &&
a->keep_first_level == b->keep_first_level &&
a->major_minor == b->major_minor;
return true;
}
static bool should_include_path(const char *path) {
char **prefix;
return false;
return true;
/* no matches, so we should include this path only if we
* have no whitelist at all */
return strv_length(arg_include_prefixes) == 0;
}
static const Specifier specifier_table[] = {
{}
};
_cleanup_free_ char *action = NULL, *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
Hashmap *h;
int r, c = -1, pos;
"%ms %ms %ms %ms %ms %ms %n",
&action,
&path,
&mode,
&user,
&group,
&age,
&c);
if (r < 2) {
return -EIO;
}
return -EINVAL;
}
boot = true;
force = true;
else {
log_error("[%s:%u] Unknown modifiers in command '%s'",
return -EINVAL;
}
}
return 0;
if (r < 0) {
return r;
}
if (c >= 0) {
if (!i.argument)
return log_oom();
}
}
switch (i.type) {
case CREATE_FILE:
case TRUNCATE_FILE:
case CREATE_DIRECTORY:
case CREATE_SUBVOLUME:
case TRUNCATE_DIRECTORY:
case CREATE_FIFO:
case IGNORE_PATH:
case IGNORE_DIRECTORY_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
case ADJUST_MODE:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
break;
case CREATE_SYMLINK:
if (!i.argument) {
if (!i.argument)
return log_oom();
}
break;
case WRITE_FILE:
if (!i.argument) {
return -EBADMSG;
}
break;
case COPY_FILES:
if (!i.argument) {
if (!i.argument)
return log_oom();
} else if (!path_is_absolute(i.argument)) {
return -EBADMSG;
}
break;
case CREATE_CHAR_DEVICE:
case CREATE_BLOCK_DEVICE: {
if (!i.argument) {
return -EBADMSG;
}
return -EBADMSG;
}
break;
}
case SET_XATTR:
if (!i.argument) {
return -EBADMSG;
}
r = get_xattrs_from_arg(&i);
if (r < 0)
return r;
break;
case SET_ACL:
if (!i.argument) {
return -EBADMSG;
}
r = get_acls_from_arg(&i);
if (r < 0)
return r;
break;
default:
return -EBADMSG;
}
if (!path_is_absolute(i.path)) {
return -EBADMSG;
}
if (!should_include_path(i.path))
return 0;
if (arg_root) {
char *p;
if (!p)
return log_oom();
i.path = p;
}
const char *u = user;
if (r < 0) {
return r;
}
i.uid_set = true;
}
const char *g = group;
r = get_group_creds(&g, &i.gid);
if (r < 0) {
return r;
}
i.gid_set = true;
}
unsigned m;
if (*mm == '~') {
i.mask_perms = true;
mm++;
}
return -ENOENT;
}
i.mode = m;
i.mode_set = true;
} else
? 0755 : 0644;
const char *a = age;
if (*a == '~') {
i.keep_first_level = true;
a++;
}
return -EBADMSG;
}
i.age_set = true;
}
if (existing) {
unsigned n;
log_warning("[%s:%u] Duplicate line for path \"%s\", ignoring.",
}
} else {
if (r < 0)
return log_oom();
}
return log_oom();
zero(i);
return 0;
}
static void help(void) {
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
" -h --help Show this help\n"
" --version Show package version\n"
" --create Create marked files/directories\n"
" --clean Clean up marked directories\n"
" --remove Remove marked files/directories\n"
" --boot Execute actions only safe at boot\n"
" --prefix=PATH Only apply rules that apply to paths with the specified prefix\n"
" --exclude-prefix=PATH Ignore rules that apply to paths with the specified prefix\n"
" --root=PATH Operate on an alternate filesystem root\n",
}
enum {
ARG_VERSION = 0x100,
};
{}
};
int c;
switch (c) {
case 'h':
help();
return 0;
case ARG_VERSION:
return 0;
case ARG_CREATE:
arg_create = true;
break;
case ARG_CLEAN:
arg_clean = true;
break;
case ARG_REMOVE:
arg_remove = true;
break;
case ARG_BOOT:
arg_boot = true;
break;
case ARG_PREFIX:
return log_oom();
break;
case ARG_EXCLUDE_PREFIX:
return log_oom();
break;
case ARG_ROOT:
if (!arg_root)
return log_oom();
break;
case '?':
return -EINVAL;
default:
assert_not_reached("Unhandled option");
}
log_error("You need to specify at least one of --clean, --create or --remove.");
return -EINVAL;
}
return 1;
}
unsigned v = 0;
Item *i;
int r;
if (r < 0) {
if (ignore_enoent && r == -ENOENT)
return 0;
}
FOREACH_LINE(line, f, break) {
char *l;
int k;
v++;
if (*l == '#' || *l == 0)
continue;
k = parse_line(fn, v, l);
if (k < 0 && r == 0)
r = k;
}
/* we have to determine age parameter for each entry of type X */
if (i->type != IGNORE_DIRECTORY_PATH)
continue;
continue;
candidate_item = j;
break;
}
(candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
candidate_item = j;
}
i->age_set = true;
}
}
if (ferror(f)) {
if (r == 0)
r = -EIO;
}
return r;
}
int r, k;
ItemArray *a;
if (r <= 0)
goto finish;
log_open();
umask(0022);
r = log_oom();
goto finish;
}
r = 0;
int j;
k = read_config_file(argv[j], false);
if (k < 0 && r == 0)
r = k;
}
} else {
char **f;
if (r < 0) {
log_error_errno(r, "Failed to enumerate tmpfiles.d files: %m");
goto finish;
}
STRV_FOREACH(f, files) {
k = read_config_file(*f, true);
if (k < 0 && r == 0)
r = k;
}
}
k = process_item_array(a);
if (k < 0 && r == 0)
r = k;
}
k = process_item_array(a);
if (k < 0 && r == 0)
r = k;
}
while ((a = hashmap_steal_first(items)))
item_array_free(a);
while ((a = hashmap_steal_first(globs)))
item_array_free(a);
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}