1
0
mirror of https://github.com/systemd/systemd.git synced 2024-12-22 17:35:35 +03:00
systemd/tmpfiles.d/systemd.conf.in
Lennart Poettering a859d0d378 tmpfiles.d: add $ flag to all lines which are clearly private to our packages, and should be removed on package removal
(This excludes any dirs that contain resources placed there by the user)

(I also didn't bother marking resources belonging to components that are
really not optional for us)
2024-09-15 19:44:05 +02:00

68 lines
2.9 KiB
Plaintext

# This file is part of systemd.
#
# systemd is free software; you can redistribute it and/or modify it
# under the terms of the GNU Lesser General Public License as published by
# the Free Software Foundation; either version 2.1 of the License, or
# (at your option) any later version.
# See tmpfiles.d(5) for details
d /run/user 0755 root root -
{% if ENABLE_UTMP %}
f+! /run/utmp 0664 root utmp -
{% endif %}
d /run/systemd/ask-password 0755 root root -
d$ /run/systemd/seats 0755 root root -
d$ /run/systemd/sessions 0755 root root -
d$ /run/systemd/users 0755 root root -
d /run/systemd/machines 0755 root root -
d$ /run/systemd/shutdown 0755 root root -
d /run/log 0755 root root -
z /run/log/journal 2755 root systemd-journal - -
Z /run/log/journal/%m ~2750 root systemd-journal - -
{% if HAVE_ACL %}
{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %}
a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x
A+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-X,group:wheel:r-X
{% elif ENABLE_ADM_GROUP %}
a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x
A+ /run/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-X
{% elif ENABLE_WHEEL_GROUP %}
a+ /run/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x
A+ /run/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-X
{% endif %}
{% endif %}
z /var/log/journal 2755 root systemd-journal - -
z /var/log/journal/%m 2755 root systemd-journal - -
z /var/log/journal/%m/system.journal 0640 root systemd-journal - -
{% if HAVE_ACL %}
{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %}
a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r--
{% elif ENABLE_ADM_GROUP %}
a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x
a+ /var/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x
a+ /var/log/journal/%m/system.journal - - - - group:adm:r--
{% elif ENABLE_WHEEL_GROUP %}
a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x
a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x
a+ /var/log/journal/%m/system.journal - - - - group:wheel:r--
{% endif %}
{% endif %}
d /var/lib/systemd 0755 root root -
d /var/lib/systemd/coredump 0755 root root 2w
# Files and directories in /var/lib/systemd/ephemeral-trees are locked by pid 1 to prevent tmpfiles from
# removing them, and tmpfiles is told to clean up anything in /var/lib/systemd/ephemeral-trees that isn't
# locked unconditionally.
d /var/lib/systemd/ephemeral-trees 0755 root root 0
d /var/lib/private 0700 root root -
d /var/log/private 0700 root root -
d /var/cache/private 0700 root root -