tmpfiles: introduce the concept of unsafe operations

Various operations done by systemd-tmpfiles may only be safely done at boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin). Other operations may be done at any point in time (e.g. setting the ownership on /{run,var}/log/journal). This distinction is largely orthogonal to the type of operation. A new switch --unsafe is added, and operations which should only be executed during bootup are marked with an exclamation mark in the configuration files. systemd-tmpfiles.service is modified to use this switch, and guards are added so it is hard to re-start it by mistake. If we install a new version of systemd, we actually want to enforce some changes to tmpfiles configuration immediately. This should now be possible to do safely, so distribution packages can be modified to execute the "safe" subset at package installation time. /run/nologin creation is split out into a separate service, to make it easy to override. https://bugzilla.redhat.com/show_bug.cgi?id=1043212 https://bugzilla.redhat.com/show_bug.cgi?id=1045849
author: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-12-20 20:25:39 -0500
committer: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> 2013-12-24 15:48:06 -0500
commit: c4708f132381e4bbc864d5241381b5cde4f54878 (patch)
tree: 1802c55a1aa92e3855748a0e6463ee6020f0286c /src/tmpfiles/tmpfiles.c
parent: ef72c1f06e2bc696a799cd31a1e0ed25cc999ea4 (diff)
1 files changed, 19 insertions, 3 deletions
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 02351e18f..881c3b0d7 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -107,6 +107,7 @@ static Set *unix_sockets = NULL;
 static bool arg_create = false;
 static bool arg_clean = false;
 static bool arg_remove = false;
+static bool arg_unsafe = false;
 
 static char **include_prefixes = NULL;
 static char **exclude_prefixes = NULL;
@@ -1077,7 +1078,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
         _cleanup_item_free_ Item *i = NULL;
         Item *existing;
         _cleanup_free_ char
-                *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
+                *action = NULL, *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
         char type;
         Hashmap *h;
         int r, n = -1;
@@ -1087,8 +1088,8 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
         assert(buffer);
 
         r = sscanf(buffer,
-                   "%c %ms %ms %ms %ms %ms %n",
-                   &type,
+                   "%ms %ms %ms %ms %ms %ms %n",
+                   &action,
                    &path,
                    &mode,
                    &user,
@@ -1100,6 +1101,14 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
                 return -EIO;
         }
 
+        if (strlen(action) > 2 || (strlen(action) > 1 && action[1] != '!')) {
+                log_error("[%s:%u] Unknown modifier '%s'", fname, line, action);
+                return -EINVAL;
+        } else if (strlen(action) > 1 && !arg_unsafe)
+                return 0;
+
+        type = action[0];
+
         i = new0(Item, 1);
         if (!i)
                 return log_oom();
@@ -1271,6 +1280,7 @@ static int help(void) {
                "     --create               Create marked files/directories\n"
                "     --clean                Clean up marked directories\n"
                "     --remove               Remove marked files/directories\n"
+               "     --unsafe               Execute actions only safe at boot\n"
                "     --prefix=PATH          Only apply rules that apply to paths with the specified prefix\n"
                "     --exclude-prefix=PATH  Ignore rules that apply to paths with the specified prefix\n",
                program_invocation_short_name);
@@ -1285,6 +1295,7 @@ static int parse_argv(int argc, char *argv[]) {
                 ARG_CREATE,
                 ARG_CLEAN,
                 ARG_REMOVE,
+                ARG_UNSAFE,
                 ARG_PREFIX,
                 ARG_EXCLUDE_PREFIX,
         };
@@ -1295,6 +1306,7 @@ static int parse_argv(int argc, char *argv[]) {
                 { "create",         no_argument,         NULL, ARG_CREATE         },
                 { "clean",          no_argument,         NULL, ARG_CLEAN          },
                 { "remove",         no_argument,         NULL, ARG_REMOVE         },
+                { "unsafe",         no_argument,         NULL, ARG_UNSAFE         },
                 { "prefix",         required_argument,   NULL, ARG_PREFIX         },
                 { "exclude-prefix", required_argument,   NULL, ARG_EXCLUDE_PREFIX },
                 {}
@@ -1329,6 +1341,10 @@ static int parse_argv(int argc, char *argv[]) {
                         arg_remove = true;
                         break;
 
+                case ARG_UNSAFE:
+                        arg_unsafe = true;
+                        break;
+
                 case ARG_PREFIX:
                         if (strv_extend(&include_prefixes, optarg) < 0)
                                 return log_oom();
author	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-12-20 20:25:39 -0500
committer	Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>	2013-12-24 15:48:06 -0500
commit	c4708f132381e4bbc864d5241381b5cde4f54878 (patch)
tree	1802c55a1aa92e3855748a0e6463ee6020f0286c /src/tmpfiles/tmpfiles.c
parent	ef72c1f06e2bc696a799cd31a1e0ed25cc999ea4 (diff)