tmpfiles: introduce the concept of unsafe operations

Various operations done by systemd-tmpfiles may only be safely done at
boot (e.g. removal of X lockfiles in /tmp, creation of /run/nologin).
Other operations may be done at any point in time (e.g. setting the
ownership on /{run,var}/log/journal). This distinction is largely
orthogonal to the type of operation.

A new switch --unsafe is added, and operations which should only be
executed during bootup are marked with an exclamation mark in the
configuration files. systemd-tmpfiles.service is modified to use this
switch, and guards are added so it is hard to re-start it by mistake.

If we install a new version of systemd, we actually want to enforce
some changes to tmpfiles configuration immediately. This should now be
possible to do safely, so distribution packages can be modified to
execute the "safe" subset at package installation time.

/run/nologin creation is split out into a separate service, to make it
easy to override.

https://bugzilla.redhat.com/show_bug.cgi?id=1043212
https://bugzilla.redhat.com/show_bug.cgi?id=1045849

1 files changed, 11 insertions, 0 deletions

diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf
new file mode 100644
index 000000000..d61232b53
--- /dev/null
+++ b/tmpfiles.d/systemd-nologin.conf
@@ -0,0 +1,11 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See tmpfiles.d(5) and systemd-forbid-user-logins.service(5).
+# This file has special suffix so it is not run by mistake.
+
+F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"