shaba/systemd-stable
1
1
Fork 0
mirror of https://github.com/systemd/systemd-stable.git synced 2025-03-10 00:58:20 +03:00
Code

tmpfiles: add new switch -E for quickly excluding /proc, /dev, /sys and /run

Browse Source
This commit is contained in:
Lennart Poettering 2020-07-28 17:52:23 +02:00
parent 28365e88d0
commit dd04fb3268
2 changed files with 46 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

17
man/systemd-tmpfiles.xml
View File

@ -149,6 +149,7 @@
the specified prefix. This option can be specified multiple the specified prefix. This option can be specified multiple
times.</para></listitem> times.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>
<term><option>--exclude-prefix=<replaceable>path</replaceable></option></term> <term><option>--exclude-prefix=<replaceable>path</replaceable></option></term>
<listitem><para>Ignore rules with paths that start with the <listitem><para>Ignore rules with paths that start with the
@ -156,6 +157,16 @@
times.</para></listitem> times.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry>
<term><option>-E</option></term>
<listitem><para>A shortcut for <literal>--exclude-prefix=/dev --exclude-prefix=/proc
--exclude-prefix=/run --exclude-prefix=/sys</literal>, i.e. exclude the hierarchies typically backed
by virtual or memory file systems. This is useful in combination with <option>--root=</option>, if
the specified directory tree contains an OS tree without these virtual/memory file systems mounted
in, as it is typically not desirable to create any files and directories below these subdirectories
if they are supposed to be overmounted during runtime.</para></listitem>
</varlistentry>
<varlistentry> <varlistentry>
<term><option>--root=<replaceable>root</replaceable></option></term> <term><option>--root=<replaceable>root</replaceable></option></term>
<listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate <listitem><para>Takes a directory path as an argument. All paths will be prefixed with the given alternate
@ -164,7 +175,11 @@
<para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users <para>When this option is used, the libc Name Service Switch (NSS) is bypassed for resolving users
and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename> and groups. Instead the files <filename>/etc/passwd</filename> and <filename>/etc/group</filename>
inside the alternate root are read directly. This means that users/groups not listed in these files inside the alternate root are read directly. This means that users/groups not listed in these files
will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para></listitem> will not be resolved, i.e. LDAP NIS and other complex databases are not considered.</para>
<para>Consider combining this with <option>-E</option> to ensure the invocation does not create files
or directories below mount points in the OS image operated on that are typically overmounted during
runtime.</para></listitem>
</varlistentry> </varlistentry>
<varlistentry> <varlistentry>

31
src/tmpfiles/tmpfiles.c
View File

@ -2884,6 +2884,27 @@ static int cat_config(char **config_dirs, char **args) {
return cat_files(NULL, files, 0); return cat_files(NULL, files, 0);
} }
static int exclude_default_prefixes(void) {
int r;
/* Provide an easy way to exclude virtual/memory file systems from what we do here. Useful in
* combination with --root= where we probably don't want to apply stuff to these dirs as they are
* likely over-mounted if the root directory is actually used, and it wouldbe less than ideal to have
* all kinds of files created/adjusted underneath these mount points. */
r = strv_extend_strv(
&arg_exclude_prefixes,
STRV_MAKE("/dev",
"/proc",
"/run",
"/sys"),
true);
if (r < 0)
return log_oom();
return 0;
}
static int help(void) { static int help(void) {
_cleanup_free_ char *link = NULL; _cleanup_free_ char *link = NULL;
int r; int r;
@ -2904,6 +2925,7 @@ static int help(void) {
" --boot Execute actions only safe at boot\n" " --boot Execute actions only safe at boot\n"
" --prefix=PATH Only apply rules with the specified prefix\n" " --prefix=PATH Only apply rules with the specified prefix\n"
" --exclude-prefix=PATH Ignore rules with the specified prefix\n" " --exclude-prefix=PATH Ignore rules with the specified prefix\n"
" -E Ignore rules prefixed with /dev, /proc, /run, /sys\n"
" --root=PATH Operate on an alternate filesystem root\n" " --root=PATH Operate on an alternate filesystem root\n"
" --replace=PATH Treat arguments as replacement for PATH\n" " --replace=PATH Treat arguments as replacement for PATH\n"
" --no-pager Do not pipe output into a pager\n" " --no-pager Do not pipe output into a pager\n"
@ -2954,7 +2976,7 @@ static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0); assert(argc >= 0);
assert(argv); assert(argv);
while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) while ((c = getopt_long(argc, argv, "hE", options, NULL)) >= 0)
switch (c) { switch (c) {
@ -2998,6 +3020,13 @@ static int parse_argv(int argc, char *argv[]) {
return log_oom(); return log_oom();
break; break;
case 'E':
r = exclude_default_prefixes();
if (r < 0)
return r;
break;
case ARG_ROOT: case ARG_ROOT:
r = parse_path_argument_and_warn(optarg, /* suppress_root= */ false, &arg_root); r = parse_path_argument_and_warn(optarg, /* suppress_root= */ false, &arg_root);
if (r < 0) if (r < 0)