tmpfiles.c revision 3785ba6966c6f42ed1109bd238f001862736ff73
/*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
/***
This file is part of systemd.
Copyright 2010 Lennart Poettering, Kay Sievers
under the terms of the GNU Lesser General Public License as published by
the Free Software Foundation; either version 2.1 of the License, or
(at your option) any later version.
systemd is distributed in the hope that it will be useful, but
WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
Lesser General Public License for more details.
You should have received a copy of the GNU Lesser General Public License
along with systemd; If not, see <http://www.gnu.org/licenses/>.
***/
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
#include <string.h>
#include <limits.h>
#include <dirent.h>
#include <grp.h>
#include <pwd.h>
#include <stdio.h>
#include <stdlib.h>
#include <stddef.h>
#include <getopt.h>
#include <stdbool.h>
#include <time.h>
#include <glob.h>
#include <fnmatch.h>
#include <sys/capability.h>
#include "log.h"
#include "util.h"
#include "macro.h"
#include "mkdir.h"
#include "path-util.h"
#include "strv.h"
#include "label.h"
#include "set.h"
#include "conf-files.h"
#include "capability.h"
/* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
* them in the file system. This is intended to be used to create
* volatile and hence need to be recreated on bootup. */
typedef enum ItemType {
/* These ones take file names */
CREATE_FILE = 'f',
TRUNCATE_FILE = 'F',
WRITE_FILE = 'w',
CREATE_DIRECTORY = 'd',
TRUNCATE_DIRECTORY = 'D',
CREATE_FIFO = 'p',
CREATE_SYMLINK = 'L',
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
/* These ones take globs */
IGNORE_PATH = 'x',
REMOVE_PATH = 'r',
RECURSIVE_REMOVE_PATH = 'R',
RELABEL_PATH = 'z',
RECURSIVE_RELABEL_PATH = 'Z'
} ItemType;
typedef struct Item {
char *path;
char *argument;
bool uid_set:1;
bool gid_set:1;
bool mode_set:1;
bool age_set:1;
bool keep_first_level:1;
} Item;
static bool arg_create = false;
static bool arg_clean = false;
static bool arg_remove = false;
static const char *arg_prefix = NULL;
static const char * const conf_file_dirs[] = {
"/etc/tmpfiles.d",
"/run/tmpfiles.d",
"/usr/local/lib/tmpfiles.d",
"/usr/lib/tmpfiles.d",
#ifdef HAVE_SPLIT_USR
"/lib/tmpfiles.d",
#endif
};
#define MAX_DEPTH 256
static bool needs_glob(ItemType t) {
return t == IGNORE_PATH || t == REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RELABEL_PATH || t == RECURSIVE_RELABEL_PATH;
}
Item *j;
Iterator i;
HASHMAP_FOREACH(j, h, i)
return j;
return NULL;
}
static void load_unix_sockets(void) {
if (unix_sockets)
return;
/* We maintain a cache of the sockets we found in
if (!unix_sockets)
return;
if (!f)
return;
/* Skip header */
goto fail;
for (;;) {
char *p, *s;
int k;
break;
if (!p)
continue;
if (strlen(p) < 37)
continue;
p += 37;
p += strspn(p, WHITESPACE);
p += strspn(p, WHITESPACE);
if (*p != '/')
continue;
s = strdup(p);
if (!s)
goto fail;
k = set_put(unix_sockets, s);
if (k < 0) {
free(s);
if (k != -EEXIST)
goto fail;
}
}
fclose(f);
return;
fail:
unix_sockets = NULL;
if (f)
fclose(f);
}
static bool unix_socket_alive(const char *fn) {
if (unix_sockets)
/* We don't know, so assume yes */
return true;
}
static int dir_cleanup(
const char *p,
DIR *d,
bool mountpoint,
int maxdepth,
bool keep_this_level)
{
bool deleted = false;
int r = 0;
struct stat s;
continue;
r = -errno;
}
continue;
}
/* Stay on the same filesystem */
continue;
/* Do not delete read-only files owned by root */
continue;
r = log_oom();
goto finish;
}
/* Is there an item configured for this path? */
continue;
continue;
if (mountpoint &&
s.st_uid == 0)
continue;
if (maxdepth <= 0)
else {
int q;
r = -errno;
}
continue;
}
if (q < 0)
r = q;
}
/* Note: if you are wondering why we don't
* support the sticky bit for excluding
* directories from cleaning like we do it for
* other file system objects: well, the sticky
* bit already has a meaning for directories,
* so we don't want to overload that. */
if (keep_this_level)
continue;
/* Ignore ctime, we change it when deleting */
timespec_load(&s.st_atim));
continue;
r = -errno;
}
}
} else {
/* Skip files for which the sticky bit is
* set. These are semantics we define, and are
* unknown elsewhere. See XDG_RUNTIME_DIR
* specification for details. */
continue;
s.st_uid == 0)
continue;
continue;
}
continue;
/* Ignore device nodes */
continue;
/* Keep files on this level around if this is
* requested */
if (keep_this_level)
continue;
timespec_load(&s.st_atim),
timespec_load(&s.st_ctim));
continue;
r = -errno;
}
}
deleted = true;
}
}
if (deleted) {
/* Restore original directory timestamps */
log_error("utimensat(%s): %m", p);
}
return r;
}
static int clean_item(Item *i) {
DIR *d;
bool mountpoint;
int r;
assert(i);
if (i->type != CREATE_DIRECTORY &&
i->type != TRUNCATE_DIRECTORY &&
i->type != IGNORE_PATH)
return 0;
if (!i->age_set)
return 0;
n = now(CLOCK_REALTIME);
if (n < i->age)
return 0;
if (!d) {
return 0;
return -errno;
}
r = -errno;
goto finish;
}
r = -ENOTDIR;
goto finish;
}
r = -errno;
goto finish;
}
if (d)
closedir(d);
return r;
}
/* not using i->path directly because it may be a glob */
if (i->mode_set)
return -errno;
}
return -errno;
}
}
mode_t u;
u = umask(0);
e = errno;
umask(u);
errno = e;
if (fd < 0) {
return 0;
return -errno;
}
if (i->argument) {
ssize_t n;
size_t l;
_cleanup_free_ char *unescaped;
return log_oom();
}
if (n < 0 || (size_t) n < l) {
return n < 0 ? n : -EIO;
}
}
return -errno;
}
return -EEXIST;
}
r = item_set_perms(i, path);
if (r < 0)
return r;
return 0;
}
DIR *d;
int ret = 0;
/* This returns the first error we run into, but nevertheless
* tries to go on */
if (!d)
for (;;) {
union dirent_storage buf;
bool is_dir;
int r;
char *entry_path;
if (r != 0) {
if (ret == 0)
ret = -r;
break;
}
if (!de)
break;
continue;
if (ret == 0)
continue;
}
continue;
}
} else
r = item_set_perms(i, entry_path);
if (r < 0) {
ret = r;
continue;
}
if (is_dir) {
r = recursive_relabel_children(i, entry_path);
if (r < 0 && ret == 0)
ret = r;
}
}
closedir(d);
return ret;
}
int r;
r = item_set_perms(i, path);
if (r < 0)
return r;
return -errno;
r = recursive_relabel_children(i, path);
return r;
}
int r = 0, k;
glob_t g;
char **fn;
zero(g);
errno = 0;
if (k != GLOB_NOMATCH) {
if (errno != 0)
return -errno;
}
}
r = k;
globfree(&g);
return r;
}
static int create_item(Item *i) {
int r, e;
mode_t u;
assert(i);
switch (i->type) {
case IGNORE_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
return 0;
case CREATE_FILE:
case TRUNCATE_FILE:
r = write_one_file(i, i->path);
if (r < 0)
return r;
break;
case WRITE_FILE:
r = glob_item(i, write_one_file);
if (r < 0)
return r;
break;
case TRUNCATE_DIRECTORY:
case CREATE_DIRECTORY:
u = umask(0);
umask(u);
return -errno;
}
return -errno;
}
return -EEXIST;
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
case CREATE_FIFO:
u = umask(0);
umask(u);
return -errno;
}
return -errno;
}
return -EEXIST;
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
case CREATE_SYMLINK: {
char *x;
e = errno;
errno = e;
return -errno;
}
r = readlink_malloc(i->path, &x);
if (r < 0) {
return -errno;
}
free(x);
return -EEXIST;
}
free(x);
break;
}
case CREATE_BLOCK_DEVICE:
case CREATE_CHAR_DEVICE: {
if (have_effective_cap(CAP_MKNOD) == 0) {
/* In a container we lack CAP_MKNOD. We
shouldnt attempt to create the device node in
that case to avoid noise, and we don't support
virtualized devices in containers anyway. */
return 0;
}
u = umask(0);
e = errno;
umask(u);
errno = e;
return -errno;
}
return -errno;
}
return -EEXIST;
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
break;
}
case RELABEL_PATH:
r = glob_item(i, item_set_perms);
if (r < 0)
return 0;
break;
case RECURSIVE_RELABEL_PATH:
r = glob_item(i, recursive_relabel);
if (r < 0)
return r;
}
return 0;
}
int r;
assert(i);
switch (i->type) {
case CREATE_FILE:
case TRUNCATE_FILE:
case CREATE_DIRECTORY:
case CREATE_FIFO:
case CREATE_SYMLINK:
case CREATE_BLOCK_DEVICE:
case CREATE_CHAR_DEVICE:
case IGNORE_PATH:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
break;
case REMOVE_PATH:
return -errno;
}
break;
case TRUNCATE_DIRECTORY:
case RECURSIVE_REMOVE_PATH:
/* FIXME: we probably should use dir_cleanup() here
* instead of rm_rf() so that 'x' is honoured. */
if (r < 0 && r != -ENOENT) {
return r;
}
break;
}
return 0;
}
static int remove_item(Item *i) {
int r = 0;
assert(i);
switch (i->type) {
case CREATE_FILE:
case TRUNCATE_FILE:
case CREATE_DIRECTORY:
case CREATE_FIFO:
case CREATE_SYMLINK:
case CREATE_CHAR_DEVICE:
case CREATE_BLOCK_DEVICE:
case IGNORE_PATH:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
break;
case REMOVE_PATH:
case TRUNCATE_DIRECTORY:
case RECURSIVE_REMOVE_PATH:
r = glob_item(i, remove_item_instance);
break;
}
return r;
}
static int process_item(Item *i) {
int r, q, p;
assert(i);
r = arg_create ? create_item(i) : 0;
q = arg_remove ? remove_item(i) : 0;
p = arg_clean ? clean_item(i) : 0;
if (r < 0)
return r;
if (q < 0)
return q;
return p;
}
assert(i);
free(i);
}
assert(a);
assert(b);
return false;
return false;
return false;
return false;
return false;
return false;
if ((a->type == CREATE_FILE ||
a->type == TRUNCATE_FILE ||
a->type == WRITE_FILE ||
a->type == CREATE_SYMLINK) &&
return false;
if ((a->type == CREATE_CHAR_DEVICE ||
a->type == CREATE_BLOCK_DEVICE) &&
a->major_minor != b->major_minor)
return false;
return true;
}
char type;
Hashmap *h;
int r, n = -1;
if (!i)
return log_oom();
"%c "
"%ms "
"%ms "
"%ms "
"%ms "
"%ms "
"%n",
&type,
&i->path,
&mode,
&user,
&group,
&age,
&n) < 2) {
r = -EIO;
goto finish;
}
if (n >= 0) {
if (!i->argument)
return log_oom();
}
}
switch(type) {
case CREATE_FILE:
case TRUNCATE_FILE:
case CREATE_DIRECTORY:
case TRUNCATE_DIRECTORY:
case CREATE_FIFO:
case IGNORE_PATH:
case REMOVE_PATH:
case RECURSIVE_REMOVE_PATH:
case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
break;
case CREATE_SYMLINK:
if (!i->argument) {
r = -EBADMSG;
goto finish;
}
break;
case WRITE_FILE:
if (!i->argument) {
r = -EBADMSG;
goto finish;
}
break;
case CREATE_CHAR_DEVICE:
case CREATE_BLOCK_DEVICE: {
if (!i->argument) {
r = -EBADMSG;
goto finish;
}
r = -EBADMSG;
goto finish;
}
break;
}
default:
r = -EBADMSG;
goto finish;
}
if (!path_is_absolute(i->path)) {
r = -EBADMSG;
goto finish;
}
path_kill_slashes(i->path);
r = 0;
goto finish;
}
const char *u = user;
if (r < 0) {
goto finish;
}
i->uid_set = true;
}
const char *g = group;
r = get_group_creds(&g, &i->gid);
if (r < 0) {
goto finish;
}
i->gid_set = true;
}
unsigned m;
r = -ENOENT;
goto finish;
}
i->mode = m;
i->mode_set = true;
} else
i->mode =
i->type == CREATE_DIRECTORY ||
const char *a = age;
if (*a == '~') {
i->keep_first_level = true;
a++;
}
if (parse_usec(a, &i->age) < 0) {
r = -EBADMSG;
goto finish;
}
i->age_set = true;
}
if (existing) {
/* Two identical items are fine */
if (!item_equal(existing, i))
r = 0;
goto finish;
}
r = hashmap_put(h, i->path, i);
if (r < 0) {
goto finish;
}
i = NULL;
r = 0;
if (i)
item_free(i);
return r;
}
static int help(void) {
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
" -h --help Show this help\n"
" --create Create marked files/directories\n"
" --clean Clean up marked directories\n"
" --remove Remove marked files/directories\n"
" --prefix=PATH Only apply rules that apply to paths with the specified prefix\n",
return 0;
}
enum {
};
};
int c;
switch (c) {
case 'h':
help();
return 0;
case ARG_CREATE:
arg_create = true;
break;
case ARG_CLEAN:
arg_clean = true;
break;
case ARG_REMOVE:
arg_remove = true;
break;
case ARG_PREFIX:
arg_prefix = optarg;
break;
case '?':
return -EINVAL;
default:
log_error("Unknown option code %c", c);
return -EINVAL;
}
}
log_error("You need to specify at least one of --clean, --create or --remove.");
return -EINVAL;
}
return 1;
}
FILE *f;
unsigned v = 0;
int r = 0;
if (!f) {
return 0;
return -errno;
}
for (;;) {
int k;
break;
v++;
if (*l == '#' || *l == 0)
continue;
if ((k = parse_line(fn, v, l)) < 0)
if (r == 0)
r = k;
}
if (ferror(f)) {
if (r == 0)
r = -EIO;
}
fclose(f);
return r;
}
const char **p;
char *resolved_path;
STRV_FOREACH(p, search_paths) {
if (resolved_path == NULL) {
log_oom();
return NULL;
}
return resolved_path;
}
return NULL;
}
int r;
Item *i;
if (r <= 0)
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
log_open();
umask(0022);
log_oom();
r = EXIT_FAILURE;
goto finish;
}
r = EXIT_SUCCESS;
int j;
char *fragment;
if (!fragment) {
r = EXIT_FAILURE;
goto finish;
}
if (read_config_file(fragment, false) < 0)
r = EXIT_FAILURE;
}
} else {
char **files, **f;
if (r < 0) {
r = EXIT_FAILURE;
goto finish;
}
STRV_FOREACH(f, files) {
if (read_config_file(*f, true) < 0)
r = EXIT_FAILURE;
}
}
process_item(i);
process_item(i);
while ((i = hashmap_steal_first(items)))
item_free(i);
while ((i = hashmap_steal_first(globs)))
item_free(i);
label_finish();
return r;
}