[systemd-commits] 3 commits - man/systemd-tmpfiles.xml man/tmpfiles.d.xml src/service.c src/tmpfiles.c
Michal Schmidt
michich at kemper.freedesktop.org
Fri Dec 16 09:33:25 PST 2011
man/systemd-tmpfiles.xml | 5 +-
man/tmpfiles.d.xml | 26 ++++++++++---
src/service.c | 2 -
src/tmpfiles.c | 89 +++++++++++++++++++++++++++--------------------
4 files changed, 76 insertions(+), 46 deletions(-)
New commits:
commit 777b87e702197ad1f2d0f2a3aea5271d18062c5c
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Fri Dec 16 18:27:35 2011 +0100
tmpfiles: add 'z', like 'Z' but not recursive
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index 74dfd5a..bbb80b2 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -84,8 +84,8 @@
<listitem><para>If this option is passed all
files and directories marked with f,
F, d, D in the configuration files are
- created. Files and directories marked with Z
- have their ownership, access mode and security
+ created. Files and directories marked with z,
+ Z have their ownership, access mode and security
labels set.</para></listitem>
</varlistentry>
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index e137967..4a8e831 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -157,6 +157,16 @@ d /run/user 0755 root root 10d</programlisting>
</varlistentry>
<varlistentry>
+ <term><varname>z</varname></term>
+ <listitem><para>Set ownership, access
+ mode and relabel security context of
+ a file or directory if it exists.
+ Lines of this type accept shell-style
+ globs in place of normal path names.
+ </para></listitem>
+ </varlistentry>
+
+ <varlistentry>
<term><varname>Z</varname></term>
<listitem><para>Recursively set
ownership, access mode and relabel
@@ -175,7 +185,7 @@ d /run/user 0755 root root 10d</programlisting>
<para>The file access mode to use when
creating this file or directory. If omitted or
when set to - the default is used: 0755 for
- directories, 0644 for files. For Z lines
+ directories, 0644 for files. For z, Z lines
if omitted or when set to - the file access mode will
not be modified. This parameter is ignored for x, r, R
lines.</para>
@@ -188,7 +198,7 @@ d /run/user 0755 root root 10d</programlisting>
or directory. This may either be a numeric
user/group ID or a user or group name. If
omitted or when set to - the default 0 (root)
- is used. For Z lines when omitted or when set to -
+ is used. For z, Z lines when omitted or when set to -
the file ownership will not be modified.
These parameters are ignored for x, r, R lines.</para>
</refsect2>
diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 1395082..19a7c08 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -62,6 +62,7 @@ typedef enum ItemType {
IGNORE_PATH = 'x',
REMOVE_PATH = 'r',
RECURSIVE_REMOVE_PATH = 'R',
+ RELABEL_PATH = 'z',
RECURSIVE_RELABEL_PATH = 'Z'
} ItemType;
@@ -92,7 +93,7 @@ static const char *arg_prefix = NULL;
#define MAX_DEPTH 256
static bool needs_glob(ItemType t) {
- return t == IGNORE_PATH || t == REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RECURSIVE_RELABEL_PATH;
+ return t == IGNORE_PATH || t == REMOVE_PATH || t == RECURSIVE_REMOVE_PATH || t == RELABEL_PATH || t == RECURSIVE_RELABEL_PATH;
}
static struct Item* find_glob(Hashmap *h, const char *match) {
@@ -646,6 +647,13 @@ static int create_item(Item *i) {
break;
+ case RELABEL_PATH:
+
+ r = glob_item(i, item_set_perms);
+ if (r < 0)
+ return 0;
+ break;
+
case RECURSIVE_RELABEL_PATH:
r = glob_item(i, recursive_relabel);
@@ -670,6 +678,7 @@ static int remove_item_instance(Item *i, const char *instance) {
case CREATE_DIRECTORY:
case CREATE_FIFO:
case IGNORE_PATH:
+ case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
break;
@@ -707,6 +716,7 @@ static int remove_item(Item *i) {
case CREATE_DIRECTORY:
case CREATE_FIFO:
case IGNORE_PATH:
+ case RELABEL_PATH:
case RECURSIVE_RELABEL_PATH:
break;
@@ -808,15 +818,19 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
goto finish;
}
- if (type != CREATE_FILE &&
- type != TRUNCATE_FILE &&
- type != CREATE_DIRECTORY &&
- type != TRUNCATE_DIRECTORY &&
- type != CREATE_FIFO &&
- type != IGNORE_PATH &&
- type != REMOVE_PATH &&
- type != RECURSIVE_REMOVE_PATH &&
- type != RECURSIVE_RELABEL_PATH) {
+ switch(type) {
+ case CREATE_FILE:
+ case TRUNCATE_FILE:
+ case CREATE_DIRECTORY:
+ case TRUNCATE_DIRECTORY:
+ case CREATE_FIFO:
+ case IGNORE_PATH:
+ case REMOVE_PATH:
+ case RECURSIVE_REMOVE_PATH:
+ case RELABEL_PATH:
+ case RECURSIVE_RELABEL_PATH:
+ break;
+ default:
log_error("[%s:%u] Unknown file type '%c'.", fname, line, type);
r = -EBADMSG;
goto finish;
commit 062e01bbdbc3201e4c99bc0b702cb04a0ae2190c
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Fri Dec 16 18:00:11 2011 +0100
tmpfiles: apply chown, chmod for 'Z' entries too
If changing ownership or permissions is not desired, they can be
configured to '-' or omitted entirely.
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index 20e399b..74dfd5a 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -85,7 +85,8 @@
files and directories marked with f,
F, d, D in the configuration files are
created. Files and directories marked with Z
- are relabeled.</para></listitem>
+ have their ownership, access mode and security
+ labels set.</para></listitem>
</varlistentry>
<varlistentry>
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 6a2a377..e137967 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -158,8 +158,9 @@ d /run/user 0755 root root 10d</programlisting>
<varlistentry>
<term><varname>Z</varname></term>
- <listitem><para>Recursively
- relabel security context of a path and
+ <listitem><para>Recursively set
+ ownership, access mode and relabel
+ security context of a path and
all its subdirectories (if it is a
directory). Lines of this type accept
shell-style globs in place of normal
@@ -174,8 +175,10 @@ d /run/user 0755 root root 10d</programlisting>
<para>The file access mode to use when
creating this file or directory. If omitted or
when set to - the default is used: 0755 for
- directories, 0644 for files. This parameter is
- ignored for x, r, R, Z lines.</para>
+ directories, 0644 for files. For Z lines
+ if omitted or when set to - the file access mode will
+ not be modified. This parameter is ignored for x, r, R
+ lines.</para>
</refsect2>
<refsect2>
@@ -185,8 +188,9 @@ d /run/user 0755 root root 10d</programlisting>
or directory. This may either be a numeric
user/group ID or a user or group name. If
omitted or when set to - the default 0 (root)
- is used. . These parameters are ignored for x,
- r, R, Z lines.</para>
+ is used. For Z lines when omitted or when set to -
+ the file ownership will not be modified.
+ These parameters are ignored for x, r, R lines.</para>
</refsect2>
<refsect2>
diff --git a/src/tmpfiles.c b/src/tmpfiles.c
index 18067c4..1395082 100644
--- a/src/tmpfiles.c
+++ b/src/tmpfiles.c
@@ -406,7 +406,27 @@ finish:
return r;
}
-static int recursive_relabel_children(const char *path) {
+static int item_set_perms(Item *i, const char *path) {
+ /* not using i->path directly because it may be a glob */
+ if (i->mode_set)
+ if (chmod(path, i->mode) < 0) {
+ log_error("chmod(%s) failed: %m", path);
+ return -errno;
+ }
+
+ if (i->uid_set || i->gid_set)
+ if (chown(path,
+ i->uid_set ? i->uid : (uid_t) -1,
+ i->gid_set ? i->gid : (gid_t) -1) < 0) {
+
+ log_error("chown(%s) failed: %m", path);
+ return -errno;
+ }
+
+ return label_fix(path, false);
+}
+
+static int recursive_relabel_children(Item *i, const char *path) {
DIR *d;
int ret = 0;
@@ -457,7 +477,7 @@ static int recursive_relabel_children(const char *path) {
} else
is_dir = de->d_type == DT_DIR;
- r = label_fix(entry_path, false);
+ r = item_set_perms(i, entry_path);
if (r < 0) {
if (ret == 0 && r != -ENOENT)
ret = r;
@@ -466,7 +486,7 @@ static int recursive_relabel_children(const char *path) {
}
if (is_dir) {
- r = recursive_relabel_children(entry_path);
+ r = recursive_relabel_children(i, entry_path);
if (r < 0 && ret == 0)
ret = r;
}
@@ -483,7 +503,7 @@ static int recursive_relabel(Item *i, const char *path) {
int r;
struct stat st;
- r = label_fix(path, false);
+ r = item_set_perms(i, path);
if (r < 0)
return r;
@@ -491,7 +511,7 @@ static int recursive_relabel(Item *i, const char *path) {
return -errno;
if (S_ISDIR(st.st_mode))
- r = recursive_relabel_children(path);
+ r = recursive_relabel_children(i, path);
return r;
}
@@ -523,25 +543,6 @@ static int glob_item(Item *i, int (*action)(Item *, const char *)) {
return r;
}
-static int item_set_perms(Item *i) {
- if (i->mode_set)
- if (chmod(i->path, i->mode) < 0) {
- log_error("chmod(%s) failed: %m", i->path);
- return -errno;
- }
-
- if (i->uid_set || i->gid_set)
- if (chown(i->path,
- i->uid_set ? i->uid : (uid_t) -1,
- i->gid_set ? i->gid : (gid_t) -1) < 0) {
-
- log_error("chown(%s) failed: %m", i->path);
- return -errno;
- }
-
- return label_fix(i->path, false);
-}
-
static int create_item(Item *i) {
int r;
mode_t u;
@@ -582,7 +583,7 @@ static int create_item(Item *i) {
return -EEXIST;
}
- r = item_set_perms(i);
+ r = item_set_perms(i, i->path);
if (r < 0)
return r;
@@ -612,7 +613,7 @@ static int create_item(Item *i) {
return -EEXIST;
}
- r = item_set_perms(i);
+ r = item_set_perms(i, i->path);
if (r < 0)
return r;
@@ -639,7 +640,7 @@ static int create_item(Item *i) {
return -EEXIST;
}
- r = item_set_perms(i);
+ r = item_set_perms(i, i->path);
if (r < 0)
return r;
commit 18d01523c88d59293d5bd1c199d41ce587e4856e
Author: Michal Schmidt <mschmidt at redhat.com>
Date: Fri Dec 16 17:38:01 2011 +0100
service: use 'syslog+console' for sysv_console
The default output to 'tty' for SysV service was making it hard to debug
problems because error messages were missing from syslog.
diff --git a/src/service.c b/src/service.c
index 5243e69..feecbbe 100644
--- a/src/service.c
+++ b/src/service.c
@@ -841,7 +841,7 @@ static int service_load_sysv_path(Service *s, const char *path) {
s->restart = SERVICE_RESTART_NO;
if (s->meta.manager->sysv_console)
- s->exec_context.std_output = EXEC_OUTPUT_TTY;
+ s->exec_context.std_output = EXEC_OUTPUT_SYSLOG_AND_CONSOLE;
s->exec_context.kill_mode = KILL_PROCESS;
More information about the systemd-commits
mailing list