1
0
mirror of https://github.com/systemd/systemd.git synced 2024-11-02 02:21:44 +03:00
Commit Graph

18 Commits

Author SHA1 Message Date
Lennart Poettering
fb38a7beb8 tmpfiles: apply ACLs to top-level journal directory in /run, too
We already apply them to the directory in /var. Let's do the same in
/run too. That's because due to the log namespace logic we nowadays can
gain additional subdirs there during regular operation.
2020-01-31 15:04:12 +01:00
Lennart Poettering
0f5a4f9cd9 tmpfiles: merge lines for the same inodes 2020-01-31 15:04:08 +01:00
Topi Miettinen
07317d6e34
resolved, networkd: don't resolve the user if not root
If a daemon is not started as root, most likely it also can't create its
directory and let's not try to resolve the user in that case either.

Create /run/systemd/netif/lldp with tmpfiles.d like other netif directories.

This is also very helpful for preparing a RootImage for the daemons as NSS crud
is not needed.
2019-12-07 18:55:54 +02:00
Donald A. Cupp Jr
d34a58222d Update m4 for selective utmp support.
modified:   tmpfiles.d/systemd.conf.m4
2019-09-16 21:11:44 +02:00
Yu Watanabe
5b5d826150 sysusers,tmpfiles: re-create systemd-network, systemd-resolve and systemd-timesync
This partially reverts d4e9e574ea,
0187368cad, and
4240cb02fd.
The services systemd-networkd, systemd-resolved, and systemd-timesyncd
enable DynamicUsers= and have bus interfaces. Unfortunately, these
has many problems now. Let us create the relevant users, at least,
tentatively.

Fixes #9503.
2018-07-16 17:11:50 +02:00
Yu Watanabe
400d846138 tmpfiles: specify access mode for /run/systemd/netif
This partially reverts 2af7677294.
As the directories are certainly readable and not-writable by
non-privileged users.
2018-06-25 10:32:13 +02:00
Yu Watanabe
2af7677294 tmpfile: do not specify mode and owner to /run/systemd/netif
Fixes #9369.
2018-06-22 12:00:52 +02:00
Yu Watanabe
d4e9e574ea network: set DynamicUser= to systemd-networkd.service 2018-05-22 22:37:34 +09:00
Lennart Poettering
a78388e1cb tmpfiles: create /var/{lib,log,cache}/private during early boot
This directory is used by the DynamicUer= stuff when used in combination
with StateDirectory=/LogDirectory=/CacheDirectory=. Let's make sure the
dir exists early on with the right perms. This is not strictly necessary
as we'll also create the dir on demand if it is missing, but in the
interest of grabbing the name early on, and making things more explicit
let's also list this in a tmpfiles.d/ snippet.
2018-05-18 11:00:42 +09:00
lewo
15fcdc98cf tmpfiles.d: set primary group rights to r-w (#5265)
If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.

This patch explicitly sets the primary group to avoid this problem.

Fixes #5264.
2017-02-07 18:56:55 -05:00
Franck Bui
d428dd6ac9 tmpfiles: don't set the x bit for volatile system journal when ACL support is enabled (#3079)
When ACL support is enabled, systemd-tmpfiles-setup service sets the following
ACL entries to the volatile system journal:

   $ getfacl /run/log/journal/*/system.journal
   getfacl: Removing leading '/' from absolute path names
   # file: run/log/journal/xxx/system.journal
   # owner: root
   # group: systemd-journal
   user::rwx
   group::r--
   group🛞r-x
   group:adm:r-x
   mask::r-x
   other::---

This patch makes sure that the exec bit is not set anymore for the volatile
system journals.
2016-05-03 19:29:11 -04:00
Franck Bui
7178cd76f2 build-sys: allow references to adm group to be omitted (#3150) 2016-05-01 00:02:17 -04:00
Zbigniew Jędrzejewski-Szmek
2a998ffa1e build-sys: allow references to wheel group to be omitted
https://github.com/systemd/systemd/issues/2492
2016-02-17 23:47:23 -05:00
Zbigniew Jędrzejewski-Szmek
afae249efa tmpfiles: set acls on system.journal explicitly
https://github.com/systemd/systemd/issues/1397
2015-11-29 23:38:09 -05:00
Zbigniew Jędrzejewski-Szmek
57d5b3130c tmpfiles: also set acls on /var/log/journal
This way, directories created later for containers or for
journald-remote, will be readable by adm & wheel groups by default,
similarly to /var/log/journal/%m itself.

https://github.com/systemd/systemd/issues/1971
2015-11-29 18:37:01 -05:00
Lennart Poettering
8b258a645a tmpfiles: don't recursively descend into journal directories in /var
Do so only in /run. We shouldn't alter ACLs for existing files in /var,
but only for new files. If the admin made changes to the ACLs they
shouls stay in place.

We should still do recursive ACL changes for files in /run, since those
are not persistent, and will hence lack ACLs on every boot.

Also, /var/log/journal might be quit large, /run/log/journal is usually
not, hence we should avoid the recursive descending on /var, but not on
/run.

Fixes #534
2015-07-09 18:46:01 -03:00
Zbigniew Jędrzejewski-Szmek
a48a62a1af tmpfiles: use ACL magic on journal directories 2015-01-22 01:14:53 -05:00
Łukasz Stelmach
5a16bc264c build-sys: configure the list of system users, files and directories
Choose which system users defined in sysusers.d/systemd.conf and files
or directories in tmpfiles.d/systemd.conf, should be provided depending
on comile-time configuration.
2014-11-30 23:50:19 -05:00