1 /*-*- Mode: C; c-basic-offset: 8; indent-tabs-mode: nil -*-*/
4 This file is part of systemd.
6 Copyright 2010 Lennart Poettering, Kay Sievers
8 systemd is free software; you can redistribute it and/or modify it
9 under the terms of the GNU Lesser General Public License as published by
10 the Free Software Foundation; either version 2.1 of the License, or
11 (at your option) any later version.
13 systemd is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16 Lesser General Public License for more details.
18 You should have received a copy of the GNU Lesser General Public License
19 along with systemd; If not, see <http://www.gnu.org/licenses/>.
37 #include <sys/types.h>
38 #include <sys/param.h>
41 #include <sys/capability.h>
47 #include "path-util.h"
51 #include "conf-files.h"
52 #include "capability.h"
54 /* This reads all files listed in /etc/tmpfiles.d/?*.conf and creates
55 * them in the file system. This is intended to be used to create
56 * properly owned directories beneath /tmp, /var/tmp, /run, which are
57 * volatile and hence need to be recreated on bootup. */
59 typedef enum ItemType {
60 /* These ones take file names */
64 CREATE_DIRECTORY = 'd',
65 TRUNCATE_DIRECTORY = 'D',
68 CREATE_CHAR_DEVICE = 'c',
69 CREATE_BLOCK_DEVICE = 'b',
71 /* These ones take globs */
74 RECURSIVE_REMOVE_PATH = 'R',
76 RECURSIVE_RELABEL_PATH = 'Z'
96 bool keep_first_level:1;
99 static Hashmap *items = NULL, *globs = NULL;
100 static Set *unix_sockets = NULL;
102 static bool arg_create = false;
103 static bool arg_clean = false;
104 static bool arg_remove = false;
106 static const char *arg_prefix = NULL;
108 static const char * const conf_file_dirs[] = {
111 "/usr/local/lib/tmpfiles.d",
112 "/usr/lib/tmpfiles.d",
113 #ifdef HAVE_SPLIT_USR
119 #define MAX_DEPTH 256
121 static bool needs_glob(ItemType t) {
122 return t == IGNORE_PATH || t == REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RELABEL_PATH || t == RECURSIVE_RELABEL_PATH;
125 static struct Item* find_glob(Hashmap *h, const char *match) {
129 HASHMAP_FOREACH(j, h, i)
130 if (fnmatch(j->path, match, FNM_PATHNAME|FNM_PERIOD) == 0)
136 static void load_unix_sockets(void) {
143 /* We maintain a cache of the sockets we found in
144 * /proc/net/unix to speed things up a little. */
146 unix_sockets = set_new(string_hash_func, string_compare_func);
150 f = fopen("/proc/net/unix", "re");
155 if (!fgets(line, sizeof(line), f))
162 if (!fgets(line, sizeof(line), f))
167 p = strchr(line, ':');
175 p += strspn(p, WHITESPACE);
176 p += strcspn(p, WHITESPACE); /* skip one more word */
177 p += strspn(p, WHITESPACE);
186 path_kill_slashes(s);
188 k = set_put(unix_sockets, s);
201 set_free_free(unix_sockets);
208 static bool unix_socket_alive(const char *fn) {
214 return !!set_get(unix_sockets, (char*) fn);
216 /* We don't know, so assume yes */
220 static int dir_cleanup(
223 const struct stat *ds,
228 bool keep_this_level)
231 struct timespec times[2];
232 bool deleted = false;
233 char *sub_path = NULL;
236 while ((dent = readdir(d))) {
240 if (streq(dent->d_name, ".") ||
241 streq(dent->d_name, ".."))
244 if (fstatat(dirfd(d), dent->d_name, &s, AT_SYMLINK_NOFOLLOW) < 0) {
246 if (errno != ENOENT) {
247 log_error("stat(%s/%s) failed: %m", p, dent->d_name);
254 /* Stay on the same filesystem */
255 if (s.st_dev != rootdev)
258 /* Do not delete read-only files owned by root */
259 if (s.st_uid == 0 && !(s.st_mode & S_IWUSR))
265 if (asprintf(&sub_path, "%s/%s", p, dent->d_name) < 0) {
270 /* Is there an item configured for this path? */
271 if (hashmap_get(items, sub_path))
274 if (find_glob(globs, sub_path))
277 if (S_ISDIR(s.st_mode)) {
280 streq(dent->d_name, "lost+found") &&
285 log_warning("Reached max depth on %s.", sub_path);
290 sub_dir = xopendirat(dirfd(d), dent->d_name, O_NOFOLLOW|O_NOATIME);
291 if (sub_dir == NULL) {
292 if (errno != ENOENT) {
293 log_error("opendir(%s/%s) failed: %m", p, dent->d_name);
300 q = dir_cleanup(sub_path, sub_dir, &s, cutoff, rootdev, false, maxdepth-1, false);
307 /* Note: if you are wondering why we don't
308 * support the sticky bit for excluding
309 * directories from cleaning like we do it for
310 * other file system objects: well, the sticky
311 * bit already has a meaning for directories,
312 * so we don't want to overload that. */
317 /* Ignore ctime, we change it when deleting */
318 age = MAX(timespec_load(&s.st_mtim),
319 timespec_load(&s.st_atim));
323 log_debug("rmdir '%s'\n", sub_path);
325 if (unlinkat(dirfd(d), dent->d_name, AT_REMOVEDIR) < 0) {
326 if (errno != ENOENT && errno != ENOTEMPTY) {
327 log_error("rmdir(%s): %m", sub_path);
333 /* Skip files for which the sticky bit is
334 * set. These are semantics we define, and are
335 * unknown elsewhere. See XDG_RUNTIME_DIR
336 * specification for details. */
337 if (s.st_mode & S_ISVTX)
340 if (mountpoint && S_ISREG(s.st_mode)) {
341 if (streq(dent->d_name, ".journal") &&
345 if (streq(dent->d_name, "aquota.user") ||
346 streq(dent->d_name, "aquota.group"))
350 /* Ignore sockets that are listed in /proc/net/unix */
351 if (S_ISSOCK(s.st_mode) && unix_socket_alive(sub_path))
354 /* Ignore device nodes */
355 if (S_ISCHR(s.st_mode) || S_ISBLK(s.st_mode))
358 /* Keep files on this level around if this is
363 age = MAX3(timespec_load(&s.st_mtim),
364 timespec_load(&s.st_atim),
365 timespec_load(&s.st_ctim));
370 log_debug("unlink '%s'\n", sub_path);
372 if (unlinkat(dirfd(d), dent->d_name, 0) < 0) {
373 if (errno != ENOENT) {
374 log_error("unlink(%s): %m", sub_path);
385 /* Restore original directory timestamps */
386 times[0] = ds->st_atim;
387 times[1] = ds->st_mtim;
389 if (futimens(dirfd(d), times) < 0)
390 log_error("utimensat(%s): %m", p);
398 static int clean_item(Item *i) {
407 if (i->type != CREATE_DIRECTORY &&
408 i->type != TRUNCATE_DIRECTORY &&
409 i->type != IGNORE_PATH)
412 if (!i->age_set || i->age <= 0)
415 n = now(CLOCK_REALTIME);
421 d = opendir(i->path);
426 log_error("Failed to open directory %s: %m", i->path);
430 if (fstat(dirfd(d), &s) < 0) {
431 log_error("stat(%s) failed: %m", i->path);
436 if (!S_ISDIR(s.st_mode)) {
437 log_error("%s is not a directory.", i->path);
442 if (fstatat(dirfd(d), "..", &ps, AT_SYMLINK_NOFOLLOW) != 0) {
443 log_error("stat(%s/..) failed: %m", i->path);
448 mountpoint = s.st_dev != ps.st_dev ||
449 (s.st_dev == ps.st_dev && s.st_ino == ps.st_ino);
451 r = dir_cleanup(i->path, d, &s, cutoff, s.st_dev, mountpoint, MAX_DEPTH, i->keep_first_level);
460 static int item_set_perms(Item *i, const char *path) {
461 /* not using i->path directly because it may be a glob */
463 if (chmod(path, i->mode) < 0) {
464 log_error("chmod(%s) failed: %m", path);
468 if (i->uid_set || i->gid_set)
470 i->uid_set ? i->uid : (uid_t) -1,
471 i->gid_set ? i->gid : (gid_t) -1) < 0) {
473 log_error("chown(%s) failed: %m", path);
477 return label_fix(path, false, false);
480 static int write_one_file(Item *i, const char *path) {
485 flags = i->type == CREATE_FILE ? O_CREAT|O_APPEND :
486 i->type == TRUNCATE_FILE ? O_CREAT|O_TRUNC : 0;
489 label_context_set(path, S_IFREG);
490 fd = open(path, flags|O_NDELAY|O_CLOEXEC|O_WRONLY|O_NOCTTY|O_NOFOLLOW, i->mode);
492 label_context_clear();
497 if (i->type == WRITE_FILE && errno == ENOENT)
500 log_error("Failed to create file %s: %m", path);
507 _cleanup_free_ char *unescaped;
509 unescaped = cunescape(i->argument);
510 if (unescaped == NULL)
513 l = strlen(unescaped);
514 n = write(fd, unescaped, l);
516 if (n < 0 || (size_t) n < l) {
517 log_error("Failed to write file %s: %s", path, n < 0 ? strerror(-n) : "Short write");
518 close_nointr_nofail(fd);
519 return n < 0 ? n : -EIO;
523 close_nointr_nofail(fd);
525 if (stat(path, &st) < 0) {
526 log_error("stat(%s) failed: %m", path);
530 if (!S_ISREG(st.st_mode)) {
531 log_error("%s is not a file.", path);
535 r = item_set_perms(i, path);
542 static int recursive_relabel_children(Item *i, const char *path) {
546 /* This returns the first error we run into, but nevertheless
551 return errno == ENOENT ? 0 : -errno;
555 union dirent_storage buf;
560 r = readdir_r(d, &buf.de, &de);
570 if (streq(de->d_name, ".") || streq(de->d_name, ".."))
573 if (asprintf(&entry_path, "%s/%s", path, de->d_name) < 0) {
579 if (de->d_type == DT_UNKNOWN) {
582 if (lstat(entry_path, &st) < 0) {
583 if (ret == 0 && errno != ENOENT)
589 is_dir = S_ISDIR(st.st_mode);
592 is_dir = de->d_type == DT_DIR;
594 r = item_set_perms(i, entry_path);
596 if (ret == 0 && r != -ENOENT)
603 r = recursive_relabel_children(i, entry_path);
604 if (r < 0 && ret == 0)
616 static int recursive_relabel(Item *i, const char *path) {
620 r = item_set_perms(i, path);
624 if (lstat(path, &st) < 0)
627 if (S_ISDIR(st.st_mode))
628 r = recursive_relabel_children(i, path);
633 static int glob_item(Item *i, int (*action)(Item *, const char *)) {
641 if ((k = glob(i->path, GLOB_NOSORT|GLOB_BRACE, NULL, &g)) != 0) {
643 if (k != GLOB_NOMATCH) {
647 log_error("glob(%s) failed: %m", i->path);
652 STRV_FOREACH(fn, g.gl_pathv)
653 if ((k = action(i, *fn)) < 0)
660 static int create_item(Item *i) {
671 case RECURSIVE_REMOVE_PATH:
676 r = write_one_file(i, i->path);
681 r = glob_item(i, write_one_file);
687 case TRUNCATE_DIRECTORY:
688 case CREATE_DIRECTORY:
691 mkdir_parents_label(i->path, 0755);
692 r = mkdir(i->path, i->mode);
695 if (r < 0 && errno != EEXIST) {
696 log_error("Failed to create directory %s: %m", i->path);
700 if (stat(i->path, &st) < 0) {
701 log_error("stat(%s) failed: %m", i->path);
705 if (!S_ISDIR(st.st_mode)) {
706 log_error("%s is not a directory.", i->path);
710 r = item_set_perms(i, i->path);
719 r = mkfifo(i->path, i->mode);
722 if (r < 0 && errno != EEXIST) {
723 log_error("Failed to create fifo %s: %m", i->path);
727 if (stat(i->path, &st) < 0) {
728 log_error("stat(%s) failed: %m", i->path);
732 if (!S_ISFIFO(st.st_mode)) {
733 log_error("%s is not a fifo.", i->path);
737 r = item_set_perms(i, i->path);
743 case CREATE_SYMLINK: {
746 label_context_set(i->path, S_IFLNK);
747 r = symlink(i->argument, i->path);
749 label_context_clear();
752 if (r < 0 && errno != EEXIST) {
753 log_error("symlink(%s, %s) failed: %m", i->argument, i->path);
757 r = readlink_malloc(i->path, &x);
759 log_error("readlink(%s) failed: %s", i->path, strerror(-r));
763 if (!streq(i->argument, x)) {
765 log_error("%s is not the right symlinks.", i->path);
773 case CREATE_BLOCK_DEVICE:
774 case CREATE_CHAR_DEVICE: {
777 if (have_effective_cap(CAP_MKNOD) == 0) {
778 /* In a container we lack CAP_MKNOD. We
779 shouldnt attempt to create the device node in
780 that case to avoid noise, and we don't support
781 virtualized devices in containers anyway. */
783 log_debug("We lack CAP_MKNOD, skipping creation of device node %s.", i->path);
787 file_type = (i->type == CREATE_BLOCK_DEVICE ? S_IFBLK : S_IFCHR);
790 label_context_set(i->path, file_type);
791 r = mknod(i->path, i->mode | file_type, i->major_minor);
793 label_context_clear();
797 if (r < 0 && errno != EEXIST) {
798 log_error("Failed to create device node %s: %m", i->path);
802 if (stat(i->path, &st) < 0) {
803 log_error("stat(%s) failed: %m", i->path);
807 if ((st.st_mode & S_IFMT) != file_type) {
808 log_error("%s is not a device node.", i->path);
812 r = item_set_perms(i, i->path);
821 r = glob_item(i, item_set_perms);
826 case RECURSIVE_RELABEL_PATH:
828 r = glob_item(i, recursive_relabel);
833 log_debug("%s created successfully.", i->path);
838 static int remove_item_instance(Item *i, const char *instance) {
847 case CREATE_DIRECTORY:
850 case CREATE_BLOCK_DEVICE:
851 case CREATE_CHAR_DEVICE:
854 case RECURSIVE_RELABEL_PATH:
859 if (remove(instance) < 0 && errno != ENOENT) {
860 log_error("remove(%s): %m", instance);
866 case TRUNCATE_DIRECTORY:
867 case RECURSIVE_REMOVE_PATH:
868 /* FIXME: we probably should use dir_cleanup() here
869 * instead of rm_rf() so that 'x' is honoured. */
870 r = rm_rf_dangerous(instance, false, i->type == RECURSIVE_REMOVE_PATH, false);
871 if (r < 0 && r != -ENOENT) {
872 log_error("rm_rf(%s): %s", instance, strerror(-r));
882 static int remove_item(Item *i) {
891 case CREATE_DIRECTORY:
894 case CREATE_CHAR_DEVICE:
895 case CREATE_BLOCK_DEVICE:
898 case RECURSIVE_RELABEL_PATH:
903 case TRUNCATE_DIRECTORY:
904 case RECURSIVE_REMOVE_PATH:
905 r = glob_item(i, remove_item_instance);
912 static int process_item(Item *i) {
917 r = arg_create ? create_item(i) : 0;
918 q = arg_remove ? remove_item(i) : 0;
919 p = arg_clean ? clean_item(i) : 0;
930 static void item_free(Item *i) {
938 static bool item_equal(Item *a, Item *b) {
942 if (!streq_ptr(a->path, b->path))
945 if (a->type != b->type)
948 if (a->uid_set != b->uid_set ||
949 (a->uid_set && a->uid != b->uid))
952 if (a->gid_set != b->gid_set ||
953 (a->gid_set && a->gid != b->gid))
956 if (a->mode_set != b->mode_set ||
957 (a->mode_set && a->mode != b->mode))
960 if (a->age_set != b->age_set ||
961 (a->age_set && a->age != b->age))
964 if ((a->type == CREATE_FILE ||
965 a->type == TRUNCATE_FILE ||
966 a->type == WRITE_FILE ||
967 a->type == CREATE_SYMLINK) &&
968 !streq_ptr(a->argument, b->argument))
971 if ((a->type == CREATE_CHAR_DEVICE ||
972 a->type == CREATE_BLOCK_DEVICE) &&
973 a->major_minor != b->major_minor)
979 static int parse_line(const char *fname, unsigned line, const char *buffer) {
981 char *mode = NULL, *user = NULL, *group = NULL, *age = NULL;
1009 log_error("[%s:%u] Syntax error.", fname, line);
1015 n += strspn(buffer+n, WHITESPACE);
1016 if (buffer[n] != 0 && (buffer[n] != '-' || buffer[n+1] != 0)) {
1017 i->argument = unquote(buffer+n, "\"");
1027 case CREATE_DIRECTORY:
1028 case TRUNCATE_DIRECTORY:
1032 case RECURSIVE_REMOVE_PATH:
1034 case RECURSIVE_RELABEL_PATH:
1037 case CREATE_SYMLINK:
1039 log_error("[%s:%u] Symlink file requires argument.", fname, line);
1047 log_error("[%s:%u] Write file requires argument.", fname, line);
1053 case CREATE_CHAR_DEVICE:
1054 case CREATE_BLOCK_DEVICE: {
1055 unsigned major, minor;
1058 log_error("[%s:%u] Device file requires argument.", fname, line);
1063 if (sscanf(i->argument, "%u:%u", &major, &minor) != 2) {
1064 log_error("[%s:%u] Can't parse device file major/minor '%s'.", fname, line, i->argument);
1069 i->major_minor = makedev(major, minor);
1074 log_error("[%s:%u] Unknown file type '%c'.", fname, line, type);
1081 if (!path_is_absolute(i->path)) {
1082 log_error("[%s:%u] Path '%s' not absolute.", fname, line, i->path);
1087 path_kill_slashes(i->path);
1089 if (arg_prefix && !path_startswith(i->path, arg_prefix)) {
1094 if (user && !streq(user, "-")) {
1095 const char *u = user;
1097 r = get_user_creds(&u, &i->uid, NULL, NULL, NULL);
1099 log_error("[%s:%u] Unknown user '%s'.", fname, line, user);
1106 if (group && !streq(group, "-")) {
1107 const char *g = group;
1109 r = get_group_creds(&g, &i->gid);
1111 log_error("[%s:%u] Unknown group '%s'.", fname, line, group);
1118 if (mode && !streq(mode, "-")) {
1121 if (sscanf(mode, "%o", &m) != 1) {
1122 log_error("[%s:%u] Invalid mode '%s'.", fname, line, mode);
1131 i->type == CREATE_DIRECTORY ||
1132 i->type == TRUNCATE_DIRECTORY ? 0755 : 0644;
1134 if (age && !streq(age, "-")) {
1135 const char *a = age;
1138 i->keep_first_level = true;
1142 if (parse_usec(a, &i->age) < 0) {
1143 log_error("[%s:%u] Invalid age '%s'.", fname, line, age);
1151 h = needs_glob(i->type) ? globs : items;
1153 existing = hashmap_get(h, i->path);
1156 /* Two identical items are fine */
1157 if (!item_equal(existing, i))
1158 log_warning("Two or more conflicting lines for %s configured, ignoring.", i->path);
1164 r = hashmap_put(h, i->path, i);
1166 log_error("Failed to insert item %s: %s", i->path, strerror(-r));
1185 static int help(void) {
1187 printf("%s [OPTIONS...] [CONFIGURATION FILE...]\n\n"
1188 "Creates, deletes and cleans up volatile and temporary files and directories.\n\n"
1189 " -h --help Show this help\n"
1190 " --create Create marked files/directories\n"
1191 " --clean Clean up marked directories\n"
1192 " --remove Remove marked files/directories\n"
1193 " --prefix=PATH Only apply rules that apply to paths with the specified prefix\n",
1194 program_invocation_short_name);
1199 static int parse_argv(int argc, char *argv[]) {
1208 static const struct option options[] = {
1209 { "help", no_argument, NULL, 'h' },
1210 { "create", no_argument, NULL, ARG_CREATE },
1211 { "clean", no_argument, NULL, ARG_CLEAN },
1212 { "remove", no_argument, NULL, ARG_REMOVE },
1213 { "prefix", required_argument, NULL, ARG_PREFIX },
1214 { NULL, 0, NULL, 0 }
1222 while ((c = getopt_long(argc, argv, "h", options, NULL)) >= 0) {
1243 arg_prefix = optarg;
1250 log_error("Unknown option code %c", c);
1255 if (!arg_clean && !arg_create && !arg_remove) {
1256 log_error("You need to specify at least one of --clean, --create or --remove.");
1263 static int read_config_file(const char *fn, bool ignore_enoent) {
1270 f = fopen(fn, "re");
1273 if (ignore_enoent && errno == ENOENT)
1276 log_error("Failed to open %s: %m", fn);
1280 log_debug("apply: %s\n", fn);
1282 char line[LINE_MAX], *l;
1285 if (!(fgets(line, sizeof(line), f)))
1291 if (*l == '#' || *l == 0)
1294 if ((k = parse_line(fn, v, l)) < 0)
1300 log_error("Failed to read from file %s: %m", fn);
1310 static char *resolve_fragment(const char *fragment, const char **search_paths) {
1312 char *resolved_path;
1314 if (is_path(fragment))
1315 return strdup(fragment);
1317 STRV_FOREACH(p, search_paths) {
1318 resolved_path = strjoin(*p, "/", fragment, NULL);
1319 if (resolved_path == NULL) {
1324 if (access(resolved_path, F_OK) == 0)
1325 return resolved_path;
1327 free(resolved_path);
1334 int main(int argc, char *argv[]) {
1339 r = parse_argv(argc, argv);
1341 return r < 0 ? EXIT_FAILURE : EXIT_SUCCESS;
1343 log_set_target(LOG_TARGET_AUTO);
1344 log_parse_environment();
1351 items = hashmap_new(string_hash_func, string_compare_func);
1352 globs = hashmap_new(string_hash_func, string_compare_func);
1354 if (!items || !globs) {
1362 if (optind < argc) {
1365 for (j = optind; j < argc; j++) {
1368 fragment = resolve_fragment(argv[j], (const char**) conf_file_dirs);
1370 log_error("Failed to find a %s file: %m", argv[j]);
1374 if (read_config_file(fragment, false) < 0)
1382 r = conf_files_list_strv(&files, ".conf",
1383 (const char **) conf_file_dirs);
1385 log_error("Failed to enumerate tmpfiles.d files: %s", strerror(-r));
1390 STRV_FOREACH(f, files) {
1391 if (read_config_file(*f, true) < 0)
1398 HASHMAP_FOREACH(i, globs, iterator)
1401 HASHMAP_FOREACH(i, items, iterator)
1405 while ((i = hashmap_steal_first(items)))
1408 while ((i = hashmap_steal_first(globs)))
1411 hashmap_free(items);
1412 hashmap_free(globs);
1414 set_free_free(unix_sockets);
~ianmdlvl / elogind.git / blob