1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-26 03:22:00 +03:00
Commit Graph

14 Commits

Author SHA1 Message Date
Yu Watanabe
5b5d826150 sysusers,tmpfiles: re-create systemd-network, systemd-resolve and systemd-timesync
This partially reverts d4e9e574ea,
0187368cad, and
4240cb02fd.
The services systemd-networkd, systemd-resolved, and systemd-timesyncd
enable DynamicUsers= and have bus interfaces. Unfortunately, these
has many problems now. Let us create the relevant users, at least,
tentatively.

Fixes #9503.
2018-07-16 17:11:50 +02:00
Yu Watanabe
400d846138 tmpfiles: specify access mode for /run/systemd/netif
This partially reverts 2af7677294.
As the directories are certainly readable and not-writable by
non-privileged users.
2018-06-25 10:32:13 +02:00
Yu Watanabe
2af7677294 tmpfile: do not specify mode and owner to /run/systemd/netif
Fixes #9369.
2018-06-22 12:00:52 +02:00
Yu Watanabe
d4e9e574ea network: set DynamicUser= to systemd-networkd.service 2018-05-22 22:37:34 +09:00
Lennart Poettering
a78388e1cb tmpfiles: create /var/{lib,log,cache}/private during early boot
This directory is used by the DynamicUer= stuff when used in combination
with StateDirectory=/LogDirectory=/CacheDirectory=. Let's make sure the
dir exists early on with the right perms. This is not strictly necessary
as we'll also create the dir on demand if it is missing, but in the
interest of grabbing the name early on, and making things more explicit
let's also list this in a tmpfiles.d/ snippet.
2018-05-18 11:00:42 +09:00
lewo
15fcdc98cf tmpfiles.d: set primary group rights to r-w (#5265)
If the /var/log/journal directory is created with rigths 700, the application
of an ACL rules without any primary group right sets it to 0. A chmod 755 on
this file will then only set the ACL mask and let the ACL primary group right
to 0. The directory is then unreadable for the primary group.

This patch explicitly sets the primary group to avoid this problem.

Fixes #5264.
2017-02-07 18:56:55 -05:00
Franck Bui
d428dd6ac9 tmpfiles: don't set the x bit for volatile system journal when ACL support is enabled (#3079)
When ACL support is enabled, systemd-tmpfiles-setup service sets the following
ACL entries to the volatile system journal:

   $ getfacl /run/log/journal/*/system.journal
   getfacl: Removing leading '/' from absolute path names
   # file: run/log/journal/xxx/system.journal
   # owner: root
   # group: systemd-journal
   user::rwx
   group::r--
   group🛞r-x
   group:adm:r-x
   mask::r-x
   other::---

This patch makes sure that the exec bit is not set anymore for the volatile
system journals.
2016-05-03 19:29:11 -04:00
Franck Bui
7178cd76f2 build-sys: allow references to adm group to be omitted (#3150) 2016-05-01 00:02:17 -04:00
Zbigniew Jędrzejewski-Szmek
2a998ffa1e build-sys: allow references to wheel group to be omitted
https://github.com/systemd/systemd/issues/2492
2016-02-17 23:47:23 -05:00
Zbigniew Jędrzejewski-Szmek
afae249efa tmpfiles: set acls on system.journal explicitly
https://github.com/systemd/systemd/issues/1397
2015-11-29 23:38:09 -05:00
Zbigniew Jędrzejewski-Szmek
57d5b3130c tmpfiles: also set acls on /var/log/journal
This way, directories created later for containers or for
journald-remote, will be readable by adm & wheel groups by default,
similarly to /var/log/journal/%m itself.

https://github.com/systemd/systemd/issues/1971
2015-11-29 18:37:01 -05:00
Lennart Poettering
8b258a645a tmpfiles: don't recursively descend into journal directories in /var
Do so only in /run. We shouldn't alter ACLs for existing files in /var,
but only for new files. If the admin made changes to the ACLs they
shouls stay in place.

We should still do recursive ACL changes for files in /run, since those
are not persistent, and will hence lack ACLs on every boot.

Also, /var/log/journal might be quit large, /run/log/journal is usually
not, hence we should avoid the recursive descending on /var, but not on
/run.

Fixes #534
2015-07-09 18:46:01 -03:00
Zbigniew Jędrzejewski-Szmek
a48a62a1af tmpfiles: use ACL magic on journal directories 2015-01-22 01:14:53 -05:00
Łukasz Stelmach
5a16bc264c build-sys: configure the list of system users, files and directories
Choose which system users defined in sysusers.d/systemd.conf and files
or directories in tmpfiles.d/systemd.conf, should be provided depending
on comile-time configuration.
2014-11-30 23:50:19 -05:00