1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-23 21:35:11 +03:00
Commit Graph

26 Commits

Author SHA1 Message Date
Zbigniew Jędrzejewski-Szmek
d34cd37490 Make PrivateTmp dirs also inaccessible from the outside
Currently, PrivateTmp=yes means that the service cannot see the /tmp
shared by rest of the system and is isolated from other services using
PrivateTmp, but users can access and modify /tmp as seen by the
service.

Move the private /tmp and /var/tmp directories into a 0077-mode
directory. This way unpriviledged users on the system cannot see (or
modify) /tmp as seen by the service.
2013-03-20 14:08:41 -04:00
Zbigniew Jędrzejewski-Szmek
b08131ec17 tmpfiles: exclude /var/tmp/systemd-private-* too 2013-01-26 10:52:32 -05:00
Zbigniew Jędrzejewski-Szmek
e4ac004c12 tmpfiles: exclude /tmp/systemd-private-* from cleanup
See http://thread.gmane.org/gmane.comp.sysutils.systemd.devel/6874/focus=6891
Should fix https://bugzilla.redhat.com/show_bug.cgi?id=866693
2013-01-25 11:46:58 -05:00
Michał Bartoszkiewicz
610d99284f tmpfiles: do not make /run/nologin executable 2013-01-19 02:11:41 +01:00
Tom Gundersen
9261bb7c50 tmpfiles: move legacy flag-files handling to legacy.conf 2013-01-07 15:21:36 +01:00
Lennart Poettering
61beaf818b tmpfiles: write /run/nologin during early boot to disallow too early user logins
systemd-user-sessoins.service will later on remove the flag file, thus
permitting user logins when the time has come.
2012-06-25 17:35:13 +02:00
Lennart Poettering
24f3a374b9 tmpfiles: exclude the first level directories in /run/user from automatic clean up
It's logind's job to maintain those user dirs, so avoid automatic clean
up for them. However, we do cover everything within them.
2012-06-20 09:05:50 +02:00
Lennart Poettering
5430f7f2bc relicense to LGPLv2.1 (with exceptions)
We finally got the OK from all contributors with non-trivial commits to
relicense systemd from GPL2+ to LGPL2.1+.

Some udev bits continue to be GPL2+ for now, but we are looking into
relicensing them too, to allow free copy/paste of all code within
systemd.

The bits that used to be MIT continue to be MIT.

The big benefit of the relicensing is that closed source code may now
link against libsystemd-login.so and friends.
2012-04-12 00:24:39 +02:00
Lennart Poettering
04ebb59567 shutdownd: rework interface, allow subscribing to scheduled shutdowns
This extends the shutdownd interface to expose schedule shutdown
information in /run/systemd/shutdown/schedule.

This also cleans up the shutdownd protocol and documents it in a header
file sd-shutdown.h.

This is supposed to be used by client code that wants to control and
monitor scheduled shutdown.
2012-04-11 02:04:46 +02:00
Lennart Poettering
87d2c1ff6a journal: add preliminary incomplete implementation 2011-10-07 22:02:05 +02:00
Josh Triplett
f08fce8820 tmpfiles: Move /tmp and /var/tmp to a separate tmpfiles.d file to ease overrides via /etc
Many people prefer to avoid clearing /tmp and /var/tmp, and
distributions often have explicit settings for how often to clear them
if at all.  Overriding those with systemd currently requires overriding
all of /usr/lib/tmpfiles.d/systemd.conf via
/etc/tmpfiles.d/systemd.conf, copying across all the other entries, and
updating that override when systemd.conf changes.

Move the /tmp and /var/tmp entries from systemd.conf to a separate
tmp.conf, making them easier to override without affecting the rest of
systemd.conf.
2011-08-24 20:39:33 +02:00
Josh Triplett
3b09f343fe tmpfiles: Remove X11 lock files for displays :10 and higher too 2011-08-24 02:35:02 +02:00
Lennart Poettering
034a2a52ac sd-login: beef up login api, to add monitoring and enumerating 2011-07-22 21:01:15 +02:00
Lennart Poettering
0e456f9781 path: optionally, create watched directories in .path units 2011-04-10 01:30:14 +02:00
Kay Sievers
5b75435328 move /var/lock to HAVE_SYSV_COMPAT 2011-04-03 22:09:25 +02:00
Lennart Poettering
cca4aeeead tmpfiles: split off rules for legacy systems into legacy.conf 2011-04-02 01:08:31 +02:00
Lennart Poettering
e1ab991283 tmpfiles: enforce new /var/lock semantics
http://lists.freedesktop.org/archives/systemd-devel/2011-March/001823.html
2011-04-01 00:43:28 +02:00
Kay Sievers
6f4ed5203a tmpfiles fix /run/lock permissions
<mbiebl> kay: just wondering: d /run/lock 0755 root lock -
<mbiebl> shouldn't that rather be 0775?
<mbiebl> otherwise it doesn't make sense
2011-03-29 00:15:14 +02:00
Kay Sievers
2b583ce657 use /run instead of /dev/.run
Instead of the /dev/.run trick we have currently implemented, we decided
to move the early-boot runtime dir to /run.

An existing /var/run directory is bind-mounted to /run. If /var/run is
already a symlink, no action is taken.

An existing /var/lock directory is bind-mounted to /run/lock.
If /var/lock is already a symlink, no action is taken.

To implement the directory vs. symlink logic, we have a:
  ConditionPathIsDirectory=
now, which is used in the mount units.

Skipped mount unit in case of symlink:
  $ systemctl status var-run.mount
  var-run.mount - Runtime Directory
    Loaded: loaded (/lib/systemd/system/var-run.mount)
    Active: inactive (dead)
            start condition failed at Fri, 25 Mar 2011 04:51:41 +0100; 6min ago
     Where: /var/run
      What: /run
    CGroup: name=systemd:/system/var-run.mount

The systemd rpm needs to make sure to add something like:
  %pre
  mkdir -p -m0755 /run >/dev/null 2>&1 || :
or it needs to be added to filesystem.rpm.

Udev -git already uses /run if that exists, and is writable at bootup.
Otherwise it falls back to the current /dev/.udev.

Dracut and plymouth need to be adopted to switch from /dev/.run to run
too.

Cheers,
Kay
2011-03-28 23:00:00 +02:00
Lennart Poettering
a49728dc8c tmpfiles: simplify default tmpfiles configuration by using globs 2011-02-13 15:11:28 +01:00
Lennart Poettering
b0734b235f tmpfiles: include reference to man page in tmpfiles files 2010-11-10 23:58:01 +01:00
Bill Nottingham
4d91b19eb6 tmpfiles: Don't clean /var/lock/subsys; it is not aged content
It will get 'cleaned' on boot due to being tmpfs anyway.
2010-10-25 23:25:51 +02:00
Bill Nottingham
f448d9e7c4 tmpfiles: Make wtmp match utmp perms, and add btmp. 2010-10-25 22:21:56 +02:00
Lennart Poettering
e10fe9ffea tmpfiles: remove forcefsck/fastboot flag files after boot 2010-10-19 19:35:04 +02:00
Lennart Poettering
3b63d2d31d tmpfiles: integrate kay's directory cleanup code and otherwise beef up tmpfiles quite a bit 2010-10-18 22:38:41 +02:00
Lennart Poettering
34c8deaae1 tmpfiles: install default tmpfiles configuration 2010-09-28 22:32:53 +02:00