1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering, Kay Sievers
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
37 #include <sys/types.h>
38 #include <sys/param.h>
41 #include <sys/capability.h>
48 #include "path-util.h"
52 #include "conf-files.h"
53 #include "capability.h"
54 #include "specifier.h"
58 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
59 * them in the file system. This is intended to be used to create
60 * properly owned directories beneath /tmp, /var/tmp, /run, which are
61 * volatile and hence need to be recreated on bootup. */
63 typedef enum ItemType {
64 /* These ones take file names */
67 CREATE_DIRECTORY = 'd',
68 TRUNCATE_DIRECTORY = 'D',
71 CREATE_CHAR_DEVICE = 'c',
72 CREATE_BLOCK_DEVICE = 'b',
75 /* These ones take globs */
78 IGNORE_DIRECTORY_PATH = 'X',
80 RECURSIVE_REMOVE_PATH = 'R',
81 ADJUST_MODE = 'm', /* legacy, 'z' is identical to this */
83 RECURSIVE_RELABEL_PATH = 'Z',
104 bool keep_first_level:1;
111 static bool arg_create = false;
112 static bool arg_clean = false;
113 static bool arg_remove = false;
114 static bool arg_boot = false;
116 static char **arg_include_prefixes = NULL;
117 static char **arg_exclude_prefixes = NULL;
118 static char *arg_root = NULL;
120 static const char conf_file_dirs[] = CONF_DIRS_NULSTR("tmpfiles");
122 #define MAX_DEPTH 256
124 static Hashmap *items = NULL, *globs = NULL;
125 static Set *unix_sockets = NULL;
127 static bool needs_glob(ItemType t) {
131 IGNORE_DIRECTORY_PATH,
133 RECURSIVE_REMOVE_PATH,
136 RECURSIVE_RELABEL_PATH);
139 static struct Item* find_glob(Hashmap *h, const char *match) {
143 HASHMAP_FOREACH(j, h, i)
144 if (fnmatch(j->path, match, FNM_PATHNAME|FNM_PERIOD) == 0)
150 static void load_unix_sockets(void) {
151 _cleanup_fclose_ FILE *f = NULL;
157 /* We maintain a cache of the sockets we found in
158 * /proc/net/unix to speed things up a little. */
160 unix_sockets = set_new(&string_hash_ops);
164 f = fopen("/proc/net/unix", "re");
169 if (!fgets(line, sizeof(line), f))
176 if (!fgets(line, sizeof(line), f))
181 p = strchr(line, ':');
189 p += strspn(p, WHITESPACE);
190 p += strcspn(p, WHITESPACE); /* skip one more word */
191 p += strspn(p, WHITESPACE);
200 path_kill_slashes(s);
202 k = set_consume(unix_sockets, s);
203 if (k < 0 && k != -EEXIST)
210 set_free_free(unix_sockets);
214 static bool unix_socket_alive(const char *fn) {
220 return !!set_get(unix_sockets, (char*) fn);
222 /* We don't know, so assume yes */
226 static int dir_is_mount_point(DIR *d, const char *subdir) {
228 union file_handle_union h = {
229 .handle.handle_bytes = MAX_HANDLE_SZ
232 int mount_id_parent, mount_id;
235 r_p = name_to_handle_at(dirfd(d), ".", &h.handle, &mount_id_parent, 0);
239 h.handle.handle_bytes = MAX_HANDLE_SZ;
240 r = name_to_handle_at(dirfd(d), subdir, &h.handle, &mount_id, 0);
244 /* got no handle; make no assumptions, return error */
245 if (r_p < 0 && r < 0)
248 /* got both handles; if they differ, it is a mount point */
249 if (r_p >= 0 && r >= 0)
250 return mount_id_parent != mount_id;
252 /* got only one handle; assume different mount points if one
253 * of both queries was not supported by the filesystem */
254 if (r_p == -ENOSYS || r_p == -EOPNOTSUPP || r == -ENOSYS || r == -EOPNOTSUPP)
263 static int dir_cleanup(
267 const struct stat *ds,
272 bool keep_this_level) {
275 struct timespec times[2];
276 bool deleted = false;
279 while ((dent = readdir(d))) {
282 _cleanup_free_ char *sub_path = NULL;
284 if (streq(dent->d_name, ".") ||
285 streq(dent->d_name, ".."))
288 if (fstatat(dirfd(d), dent->d_name, &s, AT_SYMLINK_NOFOLLOW) < 0) {
292 /* FUSE, NFS mounts, SELinux might return EACCES */
294 log_debug_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
296 log_error_errno(errno, "stat(%s/%s) failed: %m", p, dent->d_name);
301 /* Stay on the same filesystem */
302 if (s.st_dev != rootdev)
305 /* Try to detect bind mounts of the same filesystem instance; they
306 * do not differ in device major/minors. This type of query is not
307 * supported on all kernels or filesystem types though. */
308 if (S_ISDIR(s.st_mode) && dir_is_mount_point(d, dent->d_name) > 0)
311 /* Do not delete read-only files owned by root */
312 if (s.st_uid == 0 && !(s.st_mode & S_IWUSR))
315 sub_path = strjoin(p, "/", dent->d_name, NULL);
321 /* Is there an item configured for this path? */
322 if (hashmap_get(items, sub_path))
325 if (find_glob(globs, sub_path))
328 if (S_ISDIR(s.st_mode)) {
331 streq(dent->d_name, "lost+found") &&
336 log_warning("Reached max depth on %s.", sub_path);
338 _cleanup_closedir_ DIR *sub_dir;
341 sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW|O_NOATIME);
343 if (errno != ENOENT) {
344 log_error_errno(errno, "opendir(%s/%s) failed: %m", p, dent->d_name);
351 q = dir_cleanup(i, sub_path, sub_dir, &s, cutoff, rootdev, false, maxdepth-1, false);
356 /* Note: if you are wondering why we don't
357 * support the sticky bit for excluding
358 * directories from cleaning like we do it for
359 * other file system objects: well, the sticky
360 * bit already has a meaning for directories,
361 * so we don't want to overload that. */
366 /* Ignore ctime, we change it when deleting */
367 age = MAX(timespec_load(&s.st_mtim),
368 timespec_load(&s.st_atim));
372 if (i->type != IGNORE_DIRECTORY_PATH || !streq(dent->d_name, p)) {
373 log_debug("rmdir '%s'", sub_path);
375 if (unlinkat(dirfd(d), dent->d_name, AT_REMOVEDIR) < 0) {
376 if (errno != ENOENT && errno != ENOTEMPTY) {
377 log_error_errno(errno, "rmdir(%s): %m", sub_path);
384 /* Skip files for which the sticky bit is
385 * set. These are semantics we define, and are
386 * unknown elsewhere. See XDG_RUNTIME_DIR
387 * specification for details. */
388 if (s.st_mode & S_ISVTX)
391 if (mountpoint && S_ISREG(s.st_mode)) {
392 if (streq(dent->d_name, ".journal") &&
396 if (streq(dent->d_name, "aquota.user") ||
397 streq(dent->d_name, "aquota.group"))
401 /* Ignore sockets that are listed in /proc/net/unix */
402 if (S_ISSOCK(s.st_mode) && unix_socket_alive(sub_path))
405 /* Ignore device nodes */
406 if (S_ISCHR(s.st_mode) || S_ISBLK(s.st_mode))
409 /* Keep files on this level around if this is
414 age = MAX3(timespec_load(&s.st_mtim),
415 timespec_load(&s.st_atim),
416 timespec_load(&s.st_ctim));
421 log_debug("unlink '%s'", sub_path);
423 if (unlinkat(dirfd(d), dent->d_name, 0) < 0) {
424 if (errno != ENOENT) {
425 log_error_errno(errno, "unlink(%s): %m", sub_path);
436 /* Restore original directory timestamps */
437 times[0] = ds->st_atim;
438 times[1] = ds->st_mtim;
440 if (futimens(dirfd(d), times) < 0)
441 log_error_errno(errno, "utimensat(%s): %m", p);
447 static int item_set_perms(Item *i, const char *path) {
454 st_valid = stat(path, &st) == 0;
456 /* not using i->path directly because it may be a glob */
460 if (i->mask_perms && st_valid) {
461 if (!(st.st_mode & 0111))
463 if (!(st.st_mode & 0222))
465 if (!(st.st_mode & 0444))
467 if (!S_ISDIR(st.st_mode))
468 m &= ~07000; /* remove sticky/sgid/suid bit, unless directory */
471 if (!st_valid || m != (st.st_mode & 07777)) {
472 if (chmod(path, m) < 0)
473 return log_error_errno(errno, "chmod(%s) failed: %m", path);
477 if ((!st_valid || (i->uid != st.st_uid || i->gid != st.st_gid)) &&
478 (i->uid_set || i->gid_set))
480 i->uid_set ? i->uid : UID_INVALID,
481 i->gid_set ? i->gid : GID_INVALID) < 0) {
483 log_error_errno(errno, "chown(%s) failed: %m", path);
487 return label_fix(path, false, false);
490 static int write_one_file(Item *i, const char *path) {
491 _cleanup_close_ int fd = -1;
498 flags = i->type == CREATE_FILE ? O_CREAT|O_APPEND|O_NOFOLLOW :
499 i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC|O_NOFOLLOW : 0;
501 RUN_WITH_UMASK(0000) {
502 mac_selinux_create_file_prepare(path, S_IFREG);
503 fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY, i->mode);
504 mac_selinux_create_file_clear();
508 if (i->type == WRITE_FILE && errno == ENOENT)
511 log_error_errno(errno, "Failed to create file %s: %m", path);
516 _cleanup_free_ char *unescaped;
520 unescaped = cunescape(i->argument);
524 l = strlen(unescaped);
525 n = write(fd, unescaped, l);
527 if (n < 0 || (size_t) n < l) {
528 log_error("Failed to write file %s: %s", path, n < 0 ? strerror(-n) : "Short write");
529 return n < 0 ? n : -EIO;
535 if (stat(path, &st) < 0)
536 return log_error_errno(errno, "stat(%s) failed: %m", path);
538 if (!S_ISREG(st.st_mode)) {
539 log_error("%s is not a file.", path);
543 r = item_set_perms(i, path);
550 static int item_set_perms_children(Item *i, const char *path) {
551 _cleanup_closedir_ DIR *d;
557 /* This returns the first error we run into, but nevertheless
562 return errno == ENOENT || errno == ENOTDIR ? 0 : -errno;
565 _cleanup_free_ char *p = NULL;
572 if (errno != 0 && r == 0)
578 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
581 p = strjoin(path, "/", de->d_name, NULL);
585 q = item_set_perms(i, p);
586 if (q < 0 && q != -ENOENT && r == 0)
589 if (IN_SET(de->d_type, DT_UNKNOWN, DT_DIR)) {
590 q = item_set_perms_children(i, p);
599 static int item_set_perms_recursive(Item *i, const char *path) {
605 r = item_set_perms(i, path);
609 q = item_set_perms_children(i, path);
616 static int glob_item(Item *i, int (*action)(Item *, const char *)) {
617 _cleanup_globfree_ glob_t g = {};
622 k = glob(i->path, GLOB_NOSORT|GLOB_BRACE, NULL, &g);
623 if (k != 0 && k != GLOB_NOMATCH) {
627 log_error_errno(errno, "glob(%s) failed: %m", i->path);
631 STRV_FOREACH(fn, g.gl_pathv) {
640 static int create_item(Item *i) {
649 case IGNORE_DIRECTORY_PATH:
651 case RECURSIVE_REMOVE_PATH:
656 r = write_one_file(i, i->path);
662 r = copy_tree(i->argument, i->path, false);
667 return log_error_errno(r, "Failed to copy files to %s: %m", i->path);
669 if (stat(i->argument, &a) < 0)
670 return log_error_errno(errno, "stat(%s) failed: %m", i->argument);
672 if (stat(i->path, &b) < 0)
673 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
675 if ((a.st_mode ^ b.st_mode) & S_IFMT) {
676 log_debug("Can't copy to %s, file exists already and is of different type", i->path);
681 r = item_set_perms(i, i->path);
688 r = glob_item(i, write_one_file);
694 case TRUNCATE_DIRECTORY:
695 case CREATE_DIRECTORY:
697 RUN_WITH_UMASK(0000) {
698 mkdir_parents_label(i->path, 0755);
699 r = mkdir_label(i->path, i->mode);
704 return log_error_errno(r, "Failed to create directory %s: %m", i->path);
706 if (stat(i->path, &st) < 0)
707 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
709 if (!S_ISDIR(st.st_mode)) {
710 log_debug("%s already exists and is not a directory.", i->path);
715 r = item_set_perms(i, i->path);
723 RUN_WITH_UMASK(0000) {
724 mac_selinux_create_file_prepare(i->path, S_IFIFO);
725 r = mkfifo(i->path, i->mode);
726 mac_selinux_create_file_clear();
731 return log_error_errno(errno, "Failed to create fifo %s: %m", i->path);
733 if (stat(i->path, &st) < 0)
734 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
736 if (!S_ISFIFO(st.st_mode)) {
740 RUN_WITH_UMASK(0000) {
741 mac_selinux_create_file_prepare(i->path, S_IFIFO);
742 r = mkfifo_atomic(i->path, i->mode);
743 mac_selinux_create_file_clear();
747 return log_error_errno(r, "Failed to create fifo %s: %m", i->path);
749 log_debug("%s is not a fifo.", i->path);
755 r = item_set_perms(i, i->path);
763 mac_selinux_create_file_prepare(i->path, S_IFLNK);
764 r = symlink(i->argument, i->path);
765 mac_selinux_create_file_clear();
768 _cleanup_free_ char *x = NULL;
771 return log_error_errno(errno, "symlink(%s, %s) failed: %m", i->argument, i->path);
773 r = readlink_malloc(i->path, &x);
774 if (r < 0 || !streq(i->argument, x)) {
777 mac_selinux_create_file_prepare(i->path, S_IFLNK);
778 r = symlink_atomic(i->argument, i->path);
779 mac_selinux_create_file_clear();
782 return log_error_errno(r, "symlink(%s, %s) failed: %m", i->argument, i->path);
784 log_debug("%s is not a symlink or does not point to the correct path.", i->path);
792 case CREATE_BLOCK_DEVICE:
793 case CREATE_CHAR_DEVICE: {
796 if (have_effective_cap(CAP_MKNOD) == 0) {
797 /* In a container we lack CAP_MKNOD. We
798 shouldn't attempt to create the device node in
799 that case to avoid noise, and we don't support
800 virtualized devices in containers anyway. */
802 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i->path);
806 file_type = i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR;
808 RUN_WITH_UMASK(0000) {
809 mac_selinux_create_file_prepare(i->path, file_type);
810 r = mknod(i->path, i->mode | file_type, i->major_minor);
811 mac_selinux_create_file_clear();
815 if (errno == EPERM) {
816 log_debug("We lack permissions, possibly because of cgroup configuration; "
817 "skipping creation of device node %s.", i->path);
822 return log_error_errno(errno, "Failed to create device node %s: %m", i->path);
824 if (stat(i->path, &st) < 0)
825 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
827 if ((st.st_mode & S_IFMT) != file_type) {
831 RUN_WITH_UMASK(0000) {
832 mac_selinux_create_file_prepare(i->path, file_type);
833 r = mknod_atomic(i->path, i->mode | file_type, i->major_minor);
834 mac_selinux_create_file_clear();
838 return log_error_errno(r, "Failed to create device node %s: %m", i->path);
840 log_debug("%s is not a device node.", i->path);
846 r = item_set_perms(i, i->path);
856 r = glob_item(i, item_set_perms);
861 case RECURSIVE_RELABEL_PATH:
863 r = glob_item(i, item_set_perms_recursive);
870 log_debug("%s created successfully.", i->path);
875 static int remove_item_instance(Item *i, const char *instance) {
884 case CREATE_DIRECTORY:
887 case CREATE_BLOCK_DEVICE:
888 case CREATE_CHAR_DEVICE:
890 case IGNORE_DIRECTORY_PATH:
893 case RECURSIVE_RELABEL_PATH:
899 if (remove(instance) < 0 && errno != ENOENT)
900 return log_error_errno(errno, "remove(%s): %m", instance);
904 case TRUNCATE_DIRECTORY:
905 case RECURSIVE_REMOVE_PATH:
906 /* FIXME: we probably should use dir_cleanup() here
907 * instead of rm_rf() so that 'x' is honoured. */
908 r = rm_rf_dangerous(instance, false, i->type == RECURSIVE_REMOVE_PATH, false);
909 if (r < 0 && r != -ENOENT)
910 return log_error_errno(r, "rm_rf(%s): %m", instance);
918 static int remove_item(Item *i) {
927 case CREATE_DIRECTORY:
930 case CREATE_CHAR_DEVICE:
931 case CREATE_BLOCK_DEVICE:
933 case IGNORE_DIRECTORY_PATH:
936 case RECURSIVE_RELABEL_PATH:
942 case TRUNCATE_DIRECTORY:
943 case RECURSIVE_REMOVE_PATH:
944 r = glob_item(i, remove_item_instance);
951 static int clean_item_instance(Item *i, const char* instance) {
952 _cleanup_closedir_ DIR *d = NULL;
963 n = now(CLOCK_REALTIME);
969 d = opendir(instance);
971 if (errno == ENOENT || errno == ENOTDIR)
974 log_error_errno(errno, "Failed to open directory %s: %m", i->path);
978 if (fstat(dirfd(d), &s) < 0)
979 return log_error_errno(errno, "stat(%s) failed: %m", i->path);
981 if (!S_ISDIR(s.st_mode)) {
982 log_error("%s is not a directory.", i->path);
986 if (fstatat(dirfd(d), "..", &ps, AT_SYMLINK_NOFOLLOW) != 0)
987 return log_error_errno(errno, "stat(%s/..) failed: %m", i->path);
989 mountpoint = s.st_dev != ps.st_dev ||
990 (s.st_dev == ps.st_dev && s.st_ino == ps.st_ino);
992 r = dir_cleanup(i, instance, d, &s, cutoff, s.st_dev, mountpoint,
993 MAX_DEPTH, i->keep_first_level);
997 static int clean_item(Item *i) {
1003 case CREATE_DIRECTORY:
1004 case TRUNCATE_DIRECTORY:
1007 clean_item_instance(i, i->path);
1009 case IGNORE_DIRECTORY_PATH:
1010 r = glob_item(i, clean_item_instance);
1019 static int process_item(Item *i) {
1021 _cleanup_free_ char *prefix = NULL;
1030 prefix = malloc(strlen(i->path) + 1);
1034 PATH_FOREACH_PREFIX(prefix, i->path) {
1037 j = hashmap_get(items, prefix);
1042 r = arg_create ? create_item(i) : 0;
1043 q = arg_remove ? remove_item(i) : 0;
1044 p = arg_clean ? clean_item(i) : 0;
1055 static void item_free(Item *i) {
1065 DEFINE_TRIVIAL_CLEANUP_FUNC(Item*, item_free);
1067 static bool item_equal(Item *a, Item *b) {
1071 if (!streq_ptr(a->path, b->path))
1074 if (a->type != b->type)
1077 if (a->uid_set != b->uid_set ||
1078 (a->uid_set && a->uid != b->uid))
1081 if (a->gid_set != b->gid_set ||
1082 (a->gid_set && a->gid != b->gid))
1085 if (a->mode_set != b->mode_set ||
1086 (a->mode_set && a->mode != b->mode))
1089 if (a->age_set != b->age_set ||
1090 (a->age_set && a->age != b->age))
1093 if ((a->type == CREATE_FILE ||
1094 a->type == TRUNCATE_FILE ||
1095 a->type == WRITE_FILE ||
1096 a->type == CREATE_SYMLINK ||
1097 a->type == COPY_FILES) &&
1098 !streq_ptr(a->argument, b->argument))
1101 if ((a->type == CREATE_CHAR_DEVICE ||
1102 a->type == CREATE_BLOCK_DEVICE) &&
1103 a->major_minor != b->major_minor)
1109 static bool should_include_path(const char *path) {
1112 STRV_FOREACH(prefix, arg_exclude_prefixes)
1113 if (path_startswith(path, *prefix))
1116 STRV_FOREACH(prefix, arg_include_prefixes)
1117 if (path_startswith(path, *prefix))
1120 /* no matches, so we should include this path only if we
1121 * have no whitelist at all */
1122 return strv_length(arg_include_prefixes) == 0;
1125 static int parse_line(const char *fname, unsigned line, const char *buffer) {
1127 static const Specifier specifier_table[] = {
1128 { 'm', specifier_machine_id, NULL },
1129 { 'b', specifier_boot_id, NULL },
1130 { 'H', specifier_host_name, NULL },
1131 { 'v', specifier_kernel_release, NULL },
1135 _cleanup_free_ char *action = NULL, *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
1136 _cleanup_(item_freep) Item *i = NULL;
1147 "%ms %ms %ms %ms %ms %ms %n",
1156 log_error("[%s:%u] Syntax error.", fname, line);
1160 if (isempty(action)) {
1161 log_error("[%s:%u] Command too short '%s'.", fname, line, action);
1165 if (strlen(action) > 1 && !in_charset(action+1, "!+")) {
1166 log_error("[%s:%u] Unknown modifiers in command '%s'", fname, line, action);
1170 if (strchr(action+1, '!') && !arg_boot)
1179 i->force = !!strchr(action+1, '+');
1181 r = specifier_printf(path, specifier_table, NULL, &i->path);
1183 log_error("[%s:%u] Failed to replace specifiers: %s", fname, line, path);
1188 n += strspn(buffer+n, WHITESPACE);
1189 if (buffer[n] != 0 && (buffer[n] != '-' || buffer[n+1] != 0)) {
1190 i->argument = unquote(buffer+n, "\"");
1200 case CREATE_DIRECTORY:
1201 case TRUNCATE_DIRECTORY:
1204 case IGNORE_DIRECTORY_PATH:
1206 case RECURSIVE_REMOVE_PATH:
1209 case RECURSIVE_RELABEL_PATH:
1212 case CREATE_SYMLINK:
1214 i->argument = strappend("/usr/share/factory", i->path);
1222 log_error("[%s:%u] Write file requires argument.", fname, line);
1229 i->argument = strappend("/usr/share/factory", i->path);
1234 if (!path_is_absolute(i->argument)) {
1235 log_error("[%s:%u] Source path is not absolute.", fname, line);
1239 path_kill_slashes(i->argument);
1242 case CREATE_CHAR_DEVICE:
1243 case CREATE_BLOCK_DEVICE: {
1244 unsigned major, minor;
1247 log_error("[%s:%u] Device file requires argument.", fname, line);
1251 if (sscanf(i->argument, "%u:%u", &major, &minor) != 2) {
1252 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname, line, i->argument);
1256 i->major_minor = makedev(major, minor);
1261 log_error("[%s:%u] Unknown command type '%c'.", fname, line, type);
1267 if (!path_is_absolute(i->path)) {
1268 log_error("[%s:%u] Path '%s' not absolute.", fname, line, i->path);
1272 path_kill_slashes(i->path);
1274 if (!should_include_path(i->path))
1280 p = strappend(arg_root, i->path);
1288 if (user && !streq(user, "-")) {
1289 const char *u = user;
1291 r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
1293 log_error("[%s:%u] Unknown user '%s'.", fname, line, user);
1300 if (group && !streq(group, "-")) {
1301 const char *g = group;
1303 r = get_group_creds(&g, &i->gid);
1305 log_error("[%s:%u] Unknown group '%s'.", fname, line, group);
1312 if (mode && !streq(mode, "-")) {
1313 const char *mm = mode;
1317 i->mask_perms = true;
1321 if (sscanf(mm, "%o", &m) != 1) {
1322 log_error("[%s:%u] Invalid mode '%s'.", fname, line, mode);
1330 i->type == CREATE_DIRECTORY ||
1331 i->type == TRUNCATE_DIRECTORY ? 0755 : 0644;
1333 if (age && !streq(age, "-")) {
1334 const char *a = age;
1337 i->keep_first_level = true;
1341 if (parse_sec(a, &i->age) < 0) {
1342 log_error("[%s:%u] Invalid age '%s'.", fname, line, age);
1349 h = needs_glob(i->type) ? globs : items;
1351 existing = hashmap_get(h, i->path);
1354 /* Two identical items are fine */
1355 if (!item_equal(existing, i))
1356 log_warning("Two or more conflicting lines for %s configured, ignoring.", i->path);
1361 r = hashmap_put(h, i->path, i);
1363 return log_error_errno(r, "Failed to insert item %s: %m", i->path);
1365 i = NULL; /* avoid cleanup */
1370 static void help(void) {
1371 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
1372 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
1373 " -h --help Show this help\n"
1374 " --version Show package version\n"
1375 " --create Create marked files/directories\n"
1376 " --clean Clean up marked directories\n"
1377 " --remove Remove marked files/directories\n"
1378 " --boot Execute actions only safe at boot\n"
1379 " --prefix=PATH Only apply rules that apply to paths with the specified prefix\n"
1380 " --exclude-prefix=PATH Ignore rules that apply to paths with the specified prefix\n"
1381 " --root=PATH Operate on an alternate filesystem root\n",
1382 program_invocation_short_name);
1385 static int parse_argv(int argc, char *argv[]) {
1388 ARG_VERSION = 0x100,
1398 static const struct option options[] = {
1399 { "help", no_argument, NULL, 'h' },
1400 { "version", no_argument, NULL, ARG_VERSION },
1401 { "create", no_argument, NULL, ARG_CREATE },
1402 { "clean", no_argument, NULL, ARG_CLEAN },
1403 { "remove", no_argument, NULL, ARG_REMOVE },
1404 { "boot", no_argument, NULL, ARG_BOOT },
1405 { "prefix", required_argument, NULL, ARG_PREFIX },
1406 { "exclude-prefix", required_argument, NULL, ARG_EXCLUDE_PREFIX },
1407 { "root", required_argument, NULL, ARG_ROOT },
1416 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0)
1425 puts(PACKAGE_STRING);
1426 puts(SYSTEMD_FEATURES);
1446 if (strv_push(&arg_include_prefixes, optarg) < 0)
1450 case ARG_EXCLUDE_PREFIX:
1451 if (strv_push(&arg_exclude_prefixes, optarg) < 0)
1457 arg_root = path_make_absolute_cwd(optarg);
1461 path_kill_slashes(arg_root);
1468 assert_not_reached("Unhandled option");
1471 if (!arg_clean && !arg_create && !arg_remove) {
1472 log_error("You need to specify at least one of --clean, --create or --remove.");
1479 static int read_config_file(const char *fn, bool ignore_enoent) {
1480 _cleanup_fclose_ FILE *f = NULL;
1481 char line[LINE_MAX];
1489 r = search_and_fopen_nulstr(fn, "re", arg_root, conf_file_dirs, &f);
1491 if (ignore_enoent && r == -ENOENT)
1494 return log_error_errno(r, "Failed to open '%s', ignoring: %m", fn);
1497 FOREACH_LINE(line, f, break) {
1504 if (*l == '#' || *l == 0)
1507 k = parse_line(fn, v, l);
1508 if (k < 0 && r == 0)
1512 /* we have to determine age parameter for each entry of type X */
1513 HASHMAP_FOREACH(i, globs, iterator) {
1515 Item *j, *candidate_item = NULL;
1517 if (i->type != IGNORE_DIRECTORY_PATH)
1520 HASHMAP_FOREACH(j, items, iter) {
1521 if (j->type != CREATE_DIRECTORY && j->type != TRUNCATE_DIRECTORY)
1524 if (path_equal(j->path, i->path)) {
1529 if ((!candidate_item && path_startswith(i->path, j->path)) ||
1530 (candidate_item && path_startswith(j->path, candidate_item->path) && (fnmatch(i->path, j->path, FNM_PATHNAME | FNM_PERIOD) == 0)))
1534 if (candidate_item && candidate_item->age_set) {
1535 i->age = candidate_item->age;
1541 log_error_errno(errno, "Failed to read from file %s: %m", fn);
1549 int main(int argc, char *argv[]) {
1554 r = parse_argv(argc, argv);
1558 log_set_target(LOG_TARGET_AUTO);
1559 log_parse_environment();
1564 mac_selinux_init(NULL);
1566 items = hashmap_new(&string_hash_ops);
1567 globs = hashmap_new(&string_hash_ops);
1569 if (!items || !globs) {
1576 if (optind < argc) {
1579 for (j = optind; j < argc; j++) {
1580 k = read_config_file(argv[j], false);
1581 if (k < 0 && r == 0)
1586 _cleanup_strv_free_ char **files = NULL;
1589 r = conf_files_list_nulstr(&files, ".conf", arg_root, conf_file_dirs);
1591 log_error_errno(r, "Failed to enumerate tmpfiles.d files: %m");
1595 STRV_FOREACH(f, files) {
1596 k = read_config_file(*f, true);
1597 if (k < 0 && r == 0)
1602 HASHMAP_FOREACH(i, globs, iterator)
1605 HASHMAP_FOREACH(i, items, iterator)
1609 while ((i = hashmap_steal_first(items)))
1612 while ((i = hashmap_steal_first(globs)))
1615 hashmap_free(items);
1616 hashmap_free(globs);
1618 free(arg_include_prefixes);
1619 free(arg_exclude_prefixes);
1622 set_free_free(unix_sockets);
1624 mac_selinux_finish();
1626 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
~ianmdlvl / elogind.git / blob