summaryrefslogtreecommitdiffstats
path: root/tmpfiles.d (follow)
Commit message (Collapse)AuthorAgeFilesLines
* tmpfiles.d: Remove purge flag from lines that don't support itDaan De Meyer2024-09-172-5/+5
| | | | Fixes db15657dfb8100c3c6cd8cf60fa68521e019d47a
* tmpfiles.d: add $ flag to all lines which are clearly private to our ↵Lennart Poettering2024-09-157-16/+16
| | | | | | | | | packages, and should be removed on package removal (This excludes any dirs that contain resources placed there by the user) (I also didn't bother marking resources belonging to components that are really not optional for us)
* tmpfiles: add separate fragment for stuff we copy from .extra/ into /run/systemdLennart Poettering2024-09-103-15/+30
| | | | | | | | | | | Let's move copying out the PCR signature/key into its own tmpfiles snippet. And then let's add support for copying out the profile + os-release information systemd-stub now places in the invoked initrd. That way these four pieces of information are available even after the initrd→host transition.
* shell: define three system credentials we can propagate into shell prompts ↵Lennart Poettering2024-09-092-0/+13
| | | | and welcome messages
* meson: don't put a symlink pointing to '20-systemd-userdb.conf' in /etc in ↵Franck Bui2024-05-271-0/+2
| | | | | | | all cases It's only needed on distros where sshd doesn't support drop-ins in /usr, which is not the case on SUSE.
* meson: don't put a symlink pointing to '20-systemd-ssh-proxy.conf' in /etc ↵Franck Bui2024-05-271-0/+2
| | | | | | | | in all cases On distros like SUSE where ssh config dropins in /usr are supported, there's no need for a symlink in /etc/ssh/ssh_config.d/ that points to the dropin installed somewhere in /usr (that is not reachable by ssh).
* ssh-generator: create privsep dir via tmpfiles.d/ if we are told toLennart Poettering2024-04-031-0/+3
| | | | | | | | | | | | | | | | | | To make it easy to have a workable ssh-generator on various distros, let's optionally generate the ssh privsep dir via tmpfiles.d/ drop-in. This enables the concept with a path of /run/sshd/ as default. This is the path Debian/Ubuntu uses, and means that we just work on those distros. Debian/Ubuntu is the only distro (apparently?) that puts the privsep dir under /run/, hence always needs the dir to be created manually. Other distros don't need it that much, because they place the dir in /usr/ (fedora, best choice!) or /var/ (others, not ideal, because still mutable). Also adds a longer explanation about this in NEWS, in the hope that distro maintaines read that and maybe start cleaning this up. Alternative to: #31543
* networkctl: introduce "persistent-storage" commandYu Watanabe2024-03-111-2/+3
| | | | | | | | | | | | | Then, this introduces systemd-networkd-persistent-storage.service. systemd-networkd.service is an early starting service. So, at the time it is started, the persistent storage for the service may not be ready, and we cannot use StateDirectory=systemd/network in systemd-networkd.service. The newly added systemd-networkd-persistent-storage.service creates the state directory for networkd, and notify systemd-networkd that the directory is usable.
* tmpfiles.d/systemd: use ACL 'X' bit where appropriateMike Yuan2024-03-061-6/+3
|
* network/lldp: do not save LLDP neighbors under /run/systemdYu Watanabe2024-03-011-1/+0
| | | | | Now LLDP neighbors are exposed through varlink. Hence, it is not necessary to save to a file.
* tmpfiles.d: avoid deprecated, undocumented syntax (s/F/f+/)Štěpán Němec2024-02-271-1/+1
| | | | Fixes: eccebf4b0dcb ("systemd-tmpfiles: deprecate F for f+")
* meson: don't install broken tmpfiles config with sshd?confdir == 'no'Frantisek Sumsal2024-01-301-2/+2
| | | | | | | | 20-systemd-ssh-generator.conf expands SSHCONFDIR, which is bogus when we build with -Dsshconfdir=no. Similarly, avoid expanding SSHDCONFDIR in 20-systemd-userdb.conf when building with -Dsshconfdir=no. Follow-up 6c7fc5d5f2.
* ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK ↵Lennart Poettering2024-01-112-0/+11
| | | | | | | | | | | | | | | | | | | | sockets This adds a tiny binary that is hooked into SSH client config via ProxyCommand and which simply connects to an AF_UNIX or AF_VSOCK socket of choice. The syntax is as simple as this: ssh unix/some/path # (this connects to AF_UNIX socket /some/path) or: ssh vsock/4711 I used "/" as separator of the protocol ID and the value since ":" is already taken by SSH itself when doing sftp. And "@" is already taken for separating the user name.
* tmpfiles.d/systemd-nologin.conf: use f+ instead of F (deprecated)Mike Yuan2023-12-081-1/+1
| | | | Fixes #30368
* userdbctl: enable ssh-authorized-keys logic by defaultLennart Poettering2023-12-062-0/+11
| | | | | | | | | | | | sshd now supports config file drop-ins, hence let's install one to hook up "userdb ssh-authorized-keys", so that things just work. We put the drop-in relatively early, so that other drop-ins generally will override this. Ideally sshd would support such drop-ins in /usr/ rather than /etc/, but let's take what we can get. It's not that sshd's upstream was particularly open to weird ideas from Linux people.
* coredump: keep core files for two weeksZbigniew Jędrzejewski-Szmek2023-12-061-1/+1
| | | | | | | | | | | | We have two mechanisms that remove old coredumps: systemd-coredump has parameters based on disk use / remaining disk free, and systemd-tmpfiles does cleanup based on time. The first mechanism should prevent us from using too much disk space in case something is crashing continuously or there are very large core files. The limit of 3 days makes it likely that the core file will be gone by the time the admin looks at the issue. E.g. if something crashes on Friday, the coredump would likely be gone before people are back on Monday to look at it.
* Revert "Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode""Yu Watanabe2023-08-091-0/+1
| | | | | | | | | | | | | | | This reverts commit 33b91308c26ca5d512e43b6b32d596a2c9237d04. The commit b42482af904ae0b94a6e4501ec595448f0ba1c06 dropped '--exclude-prefix=/dev' from systemd-tmpfiles-setup.service. So, the possibly later invocation of the service changes the permission set by udevd. As commmented in the head of this file, settings should be consistent with udev rules. Only missing entry here is vfio. Let's re-add the entry for the device. Addresses https://github.com/systemd/systemd/pull/28681#issuecomment-1666949888.
* meson: use install_emptydir() and drop meson-make-symlink.shYu Watanabe2023-08-081-2/+1
| | | | | | The script is mostly equivalent to 'mkdir -p' and 'ln -sfr'. Let's replace it with install_emptydir() builtin function and inline meson call.
* Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode"Yu Watanabe2023-08-041-1/+0
| | | | | | | | | | The issue needs to be fixed by setting proper ordering between the tmpfiles and udevd. See issue #28653, especially https://github.com/systemd/systemd/issues/28653#issuecomment-1665181625. This reverts commit a3d610998ad3b4c88224fe89a048a84dbceb652b.
* tmpfiles.d: adjust /dev/vfio/vfio access modeFrantisek Sumsal2023-07-301-0/+1
| | | | | | | kmod-static-nodes.service sets the mode to 0600, but we want it to be 0666 as specified in 50-udev-default.rules. Resolves: #28588
* core: Add RootEphemeral= settingDaan De Meyer2023-06-211-0/+4
| | | | | | | | | | | This setting allows services to run in an ephemeral copy of the root directory or root image. To make sure the ephemeral copies are always cleaned up, we add a tmpfiles snippet to unconditionally clean up /var/lib/systemd/ephemeral. To prevent in use ephemeral copies from being cleaned up by tmpfiles, we use the newly added COPY_LOCK_BSD and BTRFS_SNAPSHOT_LOCK_BSD flags to take a BSD lock on the ephemeral copies which instruct tmpfiles to not touch those ephemeral copies as long as the BSD lock is held.
* tmpfiles: use same credstore perms everywhereLennart Poettering2023-05-311-4/+4
| | | | | | | | | | | | | | | | | | | | | In b6033b706028a64e9affb79050ced1ad9a4f5b43 support was added to create {/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These perms are so restrictive that not even root can access them unless it has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time In 24039e1207c169b18adf5234ad300ea3ba1b671e support was added to create /etc/credstore with perm 0700 from meson.build at build time. This patch makes unifies the two parts: 1. creates both /etc/credstore *and* /etc/credstore.encrypted in both places (the build system still won't create them in /run/, since that's pointless since not shipped, and the runtime won't create the dirs below /usr/lib/, since that's not generically writable anyway). 2. Both at runtime and at build time we'll create the dirs with mode 0700. This is easier for packaging tools to handle since they generally react pretty negatively on dirs they can't enumerate.
* tmpfiles.d: drop misleading commentZbigniew Jędrzejewski-Szmek2023-02-211-1/+0
| | | | | | I'm not sure what "suffix" was meant by this comment, but the file has the usual suffix. The file was added with the current name back in c4708f132381e4bbc864d5241381b5cde4f54878. Maybe an earlier version of the patch did something different.
* vconsole: allow setting default keymap through build optionMike Yuan2023-02-151-0/+1
| | | | | | | Allow defining the default keymap to be used by vconsole-setup through a build option. A template vconsole.conf also gets populated by tmpfiles if it doesn't exist.
* tmpfiles: automatically create /etc/credstore/ and friendsLennart Poettering2023-01-272-0/+14
| | | | | | | | | | | | | | | | | | | This adds a tmpfiles.d/ snippet for LoadCredential= style credentials directories in /etc/ and /run/. This is done primarily to ensure that the access modes for the dirs are set up properly, in the most restrictive ways. Specifically these are set to 0000, so that CAP_DAC_OVERRIDE is necessary to enumerate and read the credentials, and being UID=0 is not sufficient to do so. This creates /etc/credstore/, but leaves /run/credstore/ absent if missing, for now. Thinking is: the latter being non-persistent is created by software usually, not manually by users, and hence more likely right. But dunno, we might want to revisit this sooner or later. This is ultimately an exercise to advertise the LoadCredential= concept a bit, and do so in a reasonably secure way, underlining the safety of the concept.
* tmpfiles.d: do not fail if provision.conf failsLuca Boccassi2022-11-041-2/+2
| | | | | | On a read-only filesystem creating /root/.ssh might fail, but that's ok. Do not fail the run, as this is only needed to add the credential, which is a separate step.
* Remove duplicated wordJochen Sprickerhof2022-10-291-1/+1
|
* tree-wide: replace "plural(s)" by "plurals"Zbigniew Jędrzejewski-Szmek2022-10-171-1/+1
| | | | | | | | (s) is just ugly with a vibe of DOS. In most cases just using the normal plural form is more natural and gramatically correct. There are some log_debug() statements left, and texts in foreign licenses or headers. Those are not touched on purpose.
* tmpfiles: add lines for provisioning ssh keys for root by defaultLennart Poettering2022-09-231-0/+5
| | | | | | | | With this, I can now easily do: systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot To boot into an image with my SSH key copied in. Yay!
* tmpfiles: copy PCR sig/pkey from initrd /.extra/ into /run/Lennart Poettering2022-09-091-0/+6
| | | | | | | | | | | | | | | Now that sd-stub will place the PCR signature and its public key in the initrd's /.extra/ directory, let's copy it from there into /run/ from userspace. This is done because /.extra/ is on the initrd's tmpfs which will be emptied during the initrd → host transition. Since we want these two files to survive we'll copy them – if they exist – into /run/ where they will survive the transition. Thus, with this last change the files will have safely propagated from their PE sections into files in /run/ where userspace can find them The paths in /run/ happen to be the exact ones that systemd-cryptenroll/systemd-cryptsetup/systemd-creds look for them.
* tree-wide: fix typoYu Watanabe2022-08-011-1/+1
|
* tmpfiles: automatically provision /etc/issue.d/ + /etc/motd.d/ + /etc/hosts ↵Lennart Poettering2022-07-212-0/+18
| | | | from credentials
* meson: Sort lines in tmpfiles.d/meson.buildDaan De Meyer2022-05-031-3/+3
|
* tmpfiles: Split networkd entries into a separate fileDaan De Meyer2022-05-033-6/+14
| | | | | | | Many distributions ship systemd-networkd as a separate file so we need to be able to ship the tmpfiles networkd entries as part of that separate networkd package. Let's split the networkd entries into a separate file to make that possible.
* meson: also allow setting GIT_VERSION via templatesZbigniew Jędrzejewski-Szmek2022-04-051-1/+1
| | | | | | | | | GIT_VERSION is not available as a config.h variable, because it's rendered into version.h during builds. Let's rework jinja2 rendering to also parse version.h. No functional change, the new variable is so far unused. I guess this will make partial rebuilds a bit slower, but it's useful to be able to use the full version string.
* factory: populate /etc/locale.conf with systemd build-time settingLuca BRUNO2021-12-231-0/+1
| | | | | | | | | | | | | This adds /etc/locale.conf to the set of configuration files populated by tmpfiles.d factory /etc handling. In particular, the build-time locale configuration in systemd is now wired to a /usr factory file, and installed to the system. On boot, if other locale customization tools did not write /etc/locale.conf on the system, the factory default file gets copied to /etc by systemd-tmpfiles. This is done in order to avoid skews between different system components when no locale settings are configured. At that point, systemd can safely act as the fallback owner of /etc/locale.conf.
* tmpfiles: split out config for systemd-resolveZbigniew Jędrzejewski-Szmek2021-11-163-3/+11
| | | | | | | | | This mirrors what was done in 564761fcaeda8c013210f7c6934847a6d0228ec9 for sysusers.d. If we allow separating resolved sysusers config in a subpackage, we should do the same for the symlink that is only useful when resolved is installed. Related to #21317.
* build: preserve correct mode when generating files via jinja2Christian Brauner2021-11-081-2/+1
| | | | | | | | | When using "capture : true" in custom_target()s the mode of the source file is not preserved when the generated file is not installed and so needs to be tweaked manually. Switch from output capture to creating the target file and copy the permissions from the input file. Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
* tmpfiles.d: remove .Test-unix, it's obsoletePeter Hutterer2021-08-311-1/+0
| | | | | | | | | | See libxtrans commit 0794b1b712a90b40e2b019c9edc6f96874493c52. The code to generate this socket was removed 5 years ago and even before it was conditional on #define TEST_t. There is no reference to that #define in either the X server nor libX11's git history, or in any of the current libX*. Let's assume this is well and truly obsolete.
* meson: use a/b instead of join_paths(a,b)Zbigniew Jędrzejewski-Szmek2021-07-271-2/+1
| | | | It is nicer and shorter.
* meson: require 0.53.2 and drop some workarounds for old mesonZbigniew Jędrzejewski-Szmek2021-07-271-2/+1
| | | | | | Ubuntu Bionic 18.04 has 0.45, so it was below the previously required minimum version already. Focal 20.04 has 0.53.2. Let's require that and use various features that are available.
* docs: move /var/log/README to a tmpfiles.d symlinkLuca BRUNO2021-07-212-15/+26
| | | | | | This moves the /var/log/README content out of /var and into the docs location, replacing the previous file with a symlink created through a tmpfiles.d entry.
* meson: add workaround for old mesonZbigniew Jędrzejewski-Szmek2021-05-191-1/+2
| | | | | | | Recent meson versions include the directory name in the target name, so there is no conflict for files with the same name in different directories. But at least with meson-0.49.2 in buster we have conflict with sysusers.d/systemd.conf.
* meson: use jinja2 for tmpfiles.d templatesZbigniew Jędrzejewski-Szmek2021-05-195-54/+38
| | | | | | HAVE_SMACK_RUN_LABEL was dropped back in 348b44372f36010d48d9a7dda14ef67155753a71, so one line in etc.conf was not rendered as expected ;( Checking if names are defined is paying for itself!
* Add READMEs in all .d directoriesZbigniew Jędrzejewski-Szmek2021-03-262-13/+22
|
* udev: allow kvm group to access vhost-net deviceMarc-André Lureau2021-01-131-0/+1
| | | | | | | /dev/vhost-net is a host accelerator for virtio net devices. It has been long available and used, thus should be safe to all KVM users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* udev: allow kvm group to access vhost-vsock deviceMarc-André Lureau2021-01-131-0/+1
| | | | | | | | | /dev/vhost-vsock allows to setup a guest CID and running state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING) All this should be legitimate and safe for KVM users. Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
* meson: add option to skip installing to $sysconfdirJörg Thalheim2020-11-121-1/+1
| | | | | | | | | | | | | | | | | | | | | This is useful for development where overwriting files out side the configured prefix will affect the host as well as stateless systems such as NixOS that don't let packages install to /etc but handle configuration on their own. Alternative to https://github.com/systemd/systemd/pull/17501 tested with: $ mkdir inst build && cd build $ meson \ -Dcreate-log-dirs=false \ -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \ -Dsysvinit-path=$(realpath ../inst)/etc/init.d \ -Drootprefix=$(realpath ../inst) \ -Dinstall-sysconfdir=false \ --prefix=$(realpath ../inst) .. $ ninja install
* license: LGPL-2.1+ -> LGPL-2.1-or-laterYu Watanabe2020-11-093-3/+3
|
* pstore: don't enable crash_kexec_post_notifiers by defaultKairui Song2020-10-221-3/+8
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | commit f00c36641a253f4ea659ec3def5d87ba1336eb3b enabled crash_kexec_post_notifiers by default regardless of whether pstore is enabled or not. The original intention to enabled this option by default is that it only affects kernel post-panic behavior, so should have no harm. But this is not true if the user wants a reliable kdump. crash_kexec_post_notifiers is known to cause problem with kdump, and it's documented in kernel. It's not easy to fix the problem because of how kdump works. Kdump expects the crashed kernel to jump to an pre-loaded crash kernel, so doing any extra job before the jump will increase the risk. It depends on the user to choose between having a reliable kdump or some other post-panic debug mechanic. So it's better to keep this config untouched by default, or it may put kdump at higher risk of failing silently. User should enable it by uncommenting the config line manually if pstore is always needed. Also add a inline comment inform user about the potential issue. Thanks to Dave Young for finding out this issue. Fixes #16661 Signed-off-by: Kairui Song <kasong@redhat.com>