#include <glob.h>
#include <fnmatch.h>
#include <sys/capability.h>
+#include <sys/xattr.h>
#include "log.h"
#include "util.h"
CREATE_CHAR_DEVICE = 'c',
CREATE_BLOCK_DEVICE = 'b',
COPY_FILES = 'C',
+ SET_XATTR = 't',
/* These ones take globs */
WRITE_FILE = 'w',
char *path;
char *argument;
+ char **xattrs;
uid_t uid;
gid_t gid;
mode_t mode;
static char **arg_exclude_prefixes = NULL;
static char *arg_root = NULL;
-static const char conf_file_dirs[] =
- "/etc/tmpfiles.d\0"
- "/run/tmpfiles.d\0"
- "/usr/local/lib/tmpfiles.d\0"
- "/usr/lib/tmpfiles.d\0"
-#ifdef HAVE_SPLIT_USR
- "/lib/tmpfiles.d\0"
-#endif
- ;
+static const char conf_file_dirs[] = CONF_DIRS_NULSTR("tmpfiles");
#define MAX_DEPTH 256
/* We maintain a cache of the sockets we found in
* /proc/net/unix to speed things up a little. */
- unix_sockets = set_new(string_hash_func, string_compare_func);
+ unix_sockets = set_new(&string_hash_ops);
if (!unix_sockets)
return;
/* got only one handle; assume different mount points if one
* of both queries was not supported by the filesystem */
- if (r_p == -ENOSYS || r_p == -ENOTSUP || r == -ENOSYS || r == -ENOTSUP)
+ if (r_p == -ENOSYS || r_p == -EOPNOTSUPP || r == -ENOSYS || r == -EOPNOTSUPP)
return true;
/* return error */
/* FUSE, NFS mounts, SELinux might return EACCES */
if (errno == EACCES)
- log_debug("stat(%s/%s) failed: %m", p, dent->d_name);
+ log_debug_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
else
- log_error("stat(%s/%s) failed: %m", p, dent->d_name);
+ log_error_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
r = -errno;
continue;
}
sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW|O_NOATIME);
if (!sub_dir) {
if (errno != ENOENT) {
- log_error("opendir(%s/%s) failed: %m", p, dent->d_name);
+ log_error_errno(errno, "opendir(%s/%s) failed: %m", p, dent->d_name);
r = -errno;
}
if (unlinkat(dirfd(d), dent->d_name, AT_REMOVEDIR) < 0) {
if (errno != ENOENT && errno != ENOTEMPTY) {
- log_error("rmdir(%s): %m", sub_path);
+ log_error_errno(errno, "rmdir(%s): %m", sub_path);
r = -errno;
}
}
if (unlinkat(dirfd(d), dent->d_name, 0) < 0) {
if (errno != ENOENT) {
- log_error("unlink(%s): %m", sub_path);
+ log_error_errno(errno, "unlink(%s): %m", sub_path);
r = -errno;
}
}
times[1] = ds->st_mtim;
if (futimens(dirfd(d), times) < 0)
- log_error("utimensat(%s): %m", p);
+ log_error_errno(errno, "utimensat(%s): %m", p);
}
return r;
}
static int item_set_perms(Item *i, const char *path) {
+ struct stat st;
+ bool st_valid;
+
assert(i);
assert(path);
+ st_valid = stat(path, &st) == 0;
+
/* not using i->path directly because it may be a glob */
if (i->mode_set) {
mode_t m = i->mode;
- if (i->mask_perms) {
- struct stat st;
-
- if (stat(path, &st) >= 0) {
- if (!(st.st_mode & 0111))
- m &= ~0111;
- if (!(st.st_mode & 0222))
- m &= ~0222;
- if (!(st.st_mode & 0444))
- m &= ~0444;
- if (!S_ISDIR(st.st_mode))
- m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */
- }
+ if (i->mask_perms && st_valid) {
+ if (!(st.st_mode & 0111))
+ m &= ~0111;
+ if (!(st.st_mode & 0222))
+ m &= ~0222;
+ if (!(st.st_mode & 0444))
+ m &= ~0444;
+ if (!S_ISDIR(st.st_mode))
+ m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */
}
- if (chmod(path, m) < 0) {
- log_error("chmod(%s) failed: %m", path);
- return -errno;
+ if (!st_valid || m != (st.st_mode & 07777)) {
+ if (chmod(path, m) < 0)
+ return log_error_errno(errno, "chmod(%s) failed: %m", path);
}
}
- if (i->uid_set || i->gid_set)
+ if ((!st_valid || (i->uid != st.st_uid || i->gid != st.st_gid)) &&
+ (i->uid_set || i->gid_set))
if (chown(path,
- i->uid_set ? i->uid : (uid_t) -1,
- i->gid_set ? i->gid : (gid_t) -1) < 0) {
+ i->uid_set ? i->uid : UID_INVALID,
+ i->gid_set ? i->gid : GID_INVALID) < 0) {
- log_error("chown(%s) failed: %m", path);
+ log_error_errno(errno, "chown(%s) failed: %m", path);
return -errno;
}
return label_fix(path, false, false);
}
+static int get_xattrs_from_arg(Item *i) {
+ char *xattr;
+ const char *p;
+ int r;
+
+ assert(i);
+
+ if (!i->argument) {
+ log_error("%s: Argument can't be empty!", i->path);
+ return -EBADMSG;
+ }
+ p = i->argument;
+
+ while ((r = unquote_first_word(&p, &xattr, false)) > 0) {
+ _cleanup_free_ char *tmp = NULL, *name = NULL, *value = NULL;
+ r = split_pair(xattr, "=", &name, &value);
+ if (r < 0) {
+ log_warning("Illegal xattr found: \"%s\" - ignoring.", xattr);
+ free(xattr);
+ continue;
+ }
+ free(xattr);
+ if (streq(name, "") || streq(value, "")) {
+ log_warning("Malformed xattr found: \"%s=%s\" - ignoring.", name, value);
+ continue;
+ }
+ tmp = unquote(value, "\"");
+ if (!tmp)
+ return log_oom();
+ free(value);
+ value = cunescape(tmp);
+ if (!value)
+ return log_oom();
+ if (strv_consume_pair(&i->xattrs, name, value) < 0)
+ return log_oom();
+ name = value = NULL;
+ }
+
+ return r;
+}
+
+static int item_set_xattrs(Item *i, const char *path) {
+ char **name, **value;
+
+ assert(i);
+ assert(path);
+
+ if (strv_isempty(i->xattrs))
+ return 0;
+
+ STRV_FOREACH_PAIR(name, value, i->xattrs) {
+ int n;
+ n = strlen(*value);
+ if (lsetxattr(path, *name, *value, n, 0) < 0) {
+ log_error("Setting extended attribute %s=%s on %s failed: %m", *name, *value, path);
+ return -errno;
+ }
+ }
+ return 0;
+}
+
static int write_one_file(Item *i, const char *path) {
_cleanup_close_ int fd = -1;
int flags, r = 0;
i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC|O_NOFOLLOW : 0;
RUN_WITH_UMASK(0000) {
- label_context_set(path, S_IFREG);
+ mac_selinux_create_file_prepare(path, S_IFREG);
fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode);
- label_context_clear();
+ mac_selinux_create_file_clear();
}
if (fd < 0) {
if (i->type == WRITE_FILE && errno == ENOENT)
return 0;
- log_error("Failed to create file %s: %m", path);
+ log_error_errno(errno, "Failed to create file %s: %m", path);
return -errno;
}
fd = safe_close(fd);
- if (stat(path, &st) < 0) {
- log_error("stat(%s) failed: %m", path);
- return -errno;
- }
+ if (stat(path, &st) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", path);
if (!S_ISREG(st.st_mode)) {
log_error("%s is not a file.", path);
if (r < 0)
return r;
+ r = item_set_xattrs(i, i->path);
+ if (r < 0)
+ return r;
+
return 0;
}
if (errno == 0)
errno = EIO;
- log_error("glob(%s) failed: %m", i->path);
+ log_error_errno(errno, "glob(%s) failed: %m", i->path);
return -errno;
}
break;
case COPY_FILES:
- r = copy_tree(i->argument, i->path);
+ r = copy_tree(i->argument, i->path, false);
if (r < 0) {
- log_error("Failed to copy files: %s", strerror(-r));
- return r;
+ struct stat a, b;
+
+ if (r != -EEXIST)
+ return log_error_errno(r, "Failed to copy files to %s: %m", i->path);
+
+ if (stat(i->argument, &a) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", i->argument);
+
+ if (stat(i->path, &b) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", i->path);
+
+ if ((a.st_mode ^ b.st_mode) & S_IFMT) {
+ log_debug("Can't copy to %s, file exists already and is of different type", i->path);
+ return 0;
+ }
}
r = item_set_perms(i, i->path);
RUN_WITH_UMASK(0000) {
mkdir_parents_label(i->path, 0755);
- r = mkdir(i->path, i->mode);
+ r = mkdir_label(i->path, i->mode);
}
- if (r < 0 && errno != EEXIST) {
- log_error("Failed to create directory %s: %m", i->path);
- return -errno;
- }
+ if (r < 0) {
+ if (r != -EEXIST)
+ return log_error_errno(r, "Failed to create directory %s: %m", i->path);
- if (stat(i->path, &st) < 0) {
- log_error("stat(%s) failed: %m", i->path);
- return -errno;
- }
+ if (stat(i->path, &st) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", i->path);
- if (!S_ISDIR(st.st_mode)) {
- log_error("%s is not a directory.", i->path);
- return -EEXIST;
+ if (!S_ISDIR(st.st_mode)) {
+ log_debug("%s already exists and is not a directory.", i->path);
+ return 0;
+ }
}
r = item_set_perms(i, i->path);
if (r < 0)
return r;
+ r = item_set_xattrs(i, i->path);
+ if (r < 0)
+ return r;
+
break;
case CREATE_FIFO:
RUN_WITH_UMASK(0000) {
- label_context_set(i->path, S_IFIFO);
+ mac_selinux_create_file_prepare(i->path, S_IFIFO);
r = mkfifo(i->path, i->mode);
- label_context_clear();
+ mac_selinux_create_file_clear();
}
if (r < 0) {
- if (errno != EEXIST) {
- log_error("Failed to create fifo %s: %m", i->path);
- return -errno;
- }
+ if (errno != EEXIST)
+ return log_error_errno(errno, "Failed to create fifo %s: %m", i->path);
- if (stat(i->path, &st) < 0) {
- log_error("stat(%s) failed: %m", i->path);
- return -errno;
- }
+ if (stat(i->path, &st) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", i->path);
if (!S_ISFIFO(st.st_mode)) {
if (i->force) {
RUN_WITH_UMASK(0000) {
- label_context_set(i->path, S_IFIFO);
+ mac_selinux_create_file_prepare(i->path, S_IFIFO);
r = mkfifo_atomic(i->path, i->mode);
- label_context_clear();
+ mac_selinux_create_file_clear();
}
- if (r < 0) {
- log_error("Failed to create fifo %s: %s", i->path, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to create fifo %s: %m", i->path);
} else {
log_debug("%s is not a fifo.", i->path);
return 0;
if (r < 0)
return r;
+ r = item_set_xattrs(i, i->path);
+ if (r < 0)
+ return r;
+
break;
case CREATE_SYMLINK:
- label_context_set(i->path, S_IFLNK);
+ mac_selinux_create_file_prepare(i->path, S_IFLNK);
r = symlink(i->argument, i->path);
- label_context_clear();
+ mac_selinux_create_file_clear();
if (r < 0) {
_cleanup_free_ char *x = NULL;
- if (errno != EEXIST) {
- log_error("symlink(%s, %s) failed: %m", i->argument, i->path);
- return -errno;
- }
+ if (errno != EEXIST)
+ return log_error_errno(errno, "symlink(%s, %s) failed: %m", i->argument, i->path);
r = readlink_malloc(i->path, &x);
if (r < 0 || !streq(i->argument, x)) {
if (i->force) {
- label_context_set(i->path, S_IFLNK);
+ mac_selinux_create_file_prepare(i->path, S_IFLNK);
r = symlink_atomic(i->argument, i->path);
- label_context_clear();
+ mac_selinux_create_file_clear();
- if (r < 0) {
- log_error("symlink(%s, %s) failed: %s", i->argument, i->path, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "symlink(%s, %s) failed: %m", i->argument, i->path);
} else {
log_debug("%s is not a symlink or does not point to the correct path.", i->path);
return 0;
}
}
+ r = item_set_xattrs(i, i->path);
+ if (r < 0)
+ return r;
+
break;
case CREATE_BLOCK_DEVICE:
file_type = i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR;
RUN_WITH_UMASK(0000) {
- label_context_set(i->path, file_type);
+ mac_selinux_create_file_prepare(i->path, file_type);
r = mknod(i->path, i->mode | file_type, i->major_minor);
- label_context_clear();
+ mac_selinux_create_file_clear();
}
if (r < 0) {
return 0;
}
- if (errno != EEXIST) {
- log_error("Failed to create device node %s: %m", i->path);
- return -errno;
- }
+ if (errno != EEXIST)
+ return log_error_errno(errno, "Failed to create device node %s: %m", i->path);
- if (stat(i->path, &st) < 0) {
- log_error("stat(%s) failed: %m", i->path);
- return -errno;
- }
+ if (stat(i->path, &st) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", i->path);
if ((st.st_mode & S_IFMT) != file_type) {
if (i->force) {
RUN_WITH_UMASK(0000) {
- label_context_set(i->path, file_type);
+ mac_selinux_create_file_prepare(i->path, file_type);
r = mknod_atomic(i->path, i->mode | file_type, i->major_minor);
- label_context_clear();
+ mac_selinux_create_file_clear();
}
- if (r < 0) {
- log_error("Failed to create device node %s: %s", i->path, strerror(-r));
- return r;
- }
+ if (r < 0)
+ return log_error_errno(r, "Failed to create device node %s: %m", i->path);
} else {
log_debug("%s is not a device node.", i->path);
return 0;
if (r < 0)
return r;
+ r = item_set_xattrs(i, i->path);
+ if (r < 0)
+ return r;
+
break;
}
r = glob_item(i, item_set_perms_recursive);
if (r < 0)
return r;
+ break;
+ case SET_XATTR:
+ r = item_set_xattrs(i, i->path);
+ if (r < 0)
+ return r;
break;
}
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
case COPY_FILES:
+ case SET_XATTR:
break;
case REMOVE_PATH:
- if (remove(instance) < 0 && errno != ENOENT) {
- log_error("remove(%s): %m", instance);
- return -errno;
- }
+ if (remove(instance) < 0 && errno != ENOENT)
+ return log_error_errno(errno, "remove(%s): %m", instance);
break;
/* FIXME: we probably should use dir_cleanup() here
* instead of rm_rf() so that 'x' is honoured. */
r = rm_rf_dangerous(instance, false, i->type == RECURSIVE_REMOVE_PATH, false);
- if (r < 0 && r != -ENOENT) {
- log_error("rm_rf(%s): %s", instance, strerror(-r));
- return r;
- }
+ if (r < 0 && r != -ENOENT)
+ return log_error_errno(r, "rm_rf(%s): %m", instance);
break;
}
case RECURSIVE_RELABEL_PATH:
case WRITE_FILE:
case COPY_FILES:
+ case SET_XATTR:
break;
case REMOVE_PATH:
if (errno == ENOENT || errno == ENOTDIR)
return 0;
- log_error("Failed to open directory %s: %m", i->path);
+ log_error_errno(errno, "Failed to open directory %s: %m", i->path);
return -errno;
}
- if (fstat(dirfd(d), &s) < 0) {
- log_error("stat(%s) failed: %m", i->path);
- return -errno;
- }
+ if (fstat(dirfd(d), &s) < 0)
+ return log_error_errno(errno, "stat(%s) failed: %m", i->path);
if (!S_ISDIR(s.st_mode)) {
log_error("%s is not a directory.", i->path);
return -ENOTDIR;
}
- if (fstatat(dirfd(d), "..", &ps, AT_SYMLINK_NOFOLLOW) != 0) {
- log_error("stat(%s/..) failed: %m", i->path);
- return -errno;
- }
+ if (fstatat(dirfd(d), "..", &ps, AT_SYMLINK_NOFOLLOW) != 0)
+ return log_error_errno(errno, "stat(%s/..) failed: %m", i->path);
mountpoint = s.st_dev != ps.st_dev ||
(s.st_dev == ps.st_dev && s.st_ino == ps.st_ino);
static int process_item(Item *i) {
int r, q, p;
- char prefix[PATH_MAX];
+ _cleanup_free_ char *prefix = NULL;
assert(i);
i->done = true;
+ prefix = malloc(strlen(i->path) + 1);
+ if (!prefix)
+ return log_oom();
+
PATH_FOREACH_PREFIX(prefix, i->path) {
Item *j;
free(i->path);
free(i->argument);
+ strv_free(i->xattrs);
free(i);
}
case CREATE_SYMLINK:
if (!i->argument) {
- log_error("[%s:%u] Symlink file requires argument.", fname, line);
- return -EBADMSG;
+ i->argument = strappend("/usr/share/factory", i->path);
+ if (!i->argument)
+ return log_oom();
}
-
break;
case WRITE_FILE:
case COPY_FILES:
if (!i->argument) {
- log_error("[%s:%u] Copy files requires argument.", fname, line);
- return -EBADMSG;
+ i->argument = strappend("/usr/share/factory", i->path);
+ if (!i->argument)
+ return log_oom();
}
if (!path_is_absolute(i->argument)) {
break;
}
+ case SET_XATTR:
+ if (!i->argument) {
+ log_error("[%s:%u] Set extended attribute requires argument.", fname, line);
+ return -EBADMSG;
+ }
+ r = get_xattrs_from_arg(i);
+ if (r < 0)
+ return r;
+ break;
+
default:
log_error("[%s:%u] Unknown command type '%c'.", fname, line, type);
return -EBADMSG;
existing = hashmap_get(h, i->path);
if (existing) {
-
- /* Two identical items are fine */
- if (!item_equal(existing, i))
- log_warning("Two or more conflicting lines for %s configured, ignoring.", i->path);
-
- return 0;
- }
-
- r = hashmap_put(h, i->path, i);
- if (r < 0) {
- log_error("Failed to insert item %s: %s", i->path, strerror(-r));
- return r;
+ if (i->type == SET_XATTR) {
+ r = strv_extend_strv(&existing->xattrs, i->xattrs);
+ if (r < 0)
+ return log_oom();
+ return 0;
+ } else if (existing->type == SET_XATTR) {
+ r = strv_extend_strv(&i->xattrs, existing->xattrs);
+ if (r < 0)
+ return log_oom();
+ r = hashmap_replace(h, i->path, i);
+ if (r < 0) {
+ log_error("Failed to replace item for %s.", i->path);
+ return r;
+ }
+ item_free(existing);
+ } else {
+ /* Two identical items are fine */
+ if (!item_equal(existing, i))
+ log_warning("Two or more conflicting lines for %s configured, ignoring.", i->path);
+ return 0;
+ }
+ } else {
+ r = hashmap_put(h, i->path, i);
+ if (r < 0) {
+ log_error("Failed to insert item %s: %s", i->path, strerror(-r));
+ return r;
+ }
}
i = NULL; /* avoid cleanup */
return 0;
}
-static int help(void) {
-
+static void help(void) {
printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
"Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
" -h --help Show this help\n"
" --exclude-prefix=PATH Ignore rules that apply to paths with the specified prefix\n"
" --root=PATH Operate on an alternate filesystem root\n",
program_invocation_short_name);
-
- return 0;
}
static int parse_argv(int argc, char *argv[]) {
assert(argc >= 0);
assert(argv);
- while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
+ while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
switch (c) {
case 'h':
- return help();
+ help();
+ return 0;
case ARG_VERSION:
puts(PACKAGE_STRING);
default:
assert_not_reached("Unhandled option");
}
- }
if (!arg_clean && !arg_create && !arg_remove) {
log_error("You need to specify at least one of --clean, --create or --remove.");
if (ignore_enoent && r == -ENOENT)
return 0;
- log_error("Failed to open '%s', ignoring: %s", fn, strerror(-r));
- return r;
+ return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
}
FOREACH_LINE(line, f, break) {
candidate_item = j;
}
- if (candidate_item) {
+ if (candidate_item && candidate_item->age_set) {
i->age = candidate_item->age;
i->age_set = true;
}
}
if (ferror(f)) {
- log_error("Failed to read from file %s: %m", fn);
+ log_error_errno(errno, "Failed to read from file %s: %m", fn);
if (r == 0)
r = -EIO;
}
umask(0022);
- label_init(NULL);
+ mac_selinux_init(NULL);
- items = hashmap_new(string_hash_func, string_compare_func);
- globs = hashmap_new(string_hash_func, string_compare_func);
+ items = hashmap_new(&string_hash_ops);
+ globs = hashmap_new(&string_hash_ops);
if (!items || !globs) {
r = log_oom();
r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
if (r < 0) {
- log_error("Failed to enumerate tmpfiles.d files: %s", strerror(-r));
+ log_error_errno(r, "Failed to enumerate tmpfiles.d files: %m");
goto finish;
}
set_free_free(unix_sockets);
- label_finish();
+ mac_selinux_finish();
return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
}