[systemd-devel] [PATCH] TODO: Simple conditionals in tmpfiles

Lennart Poettering lennart at poettering.net
Sun Mar 2 15:14:50 PST 2014 

On Fri, 28.02.14 06:36, Josh Triplett (josh at joshtriplett.org) wrote:

> ---
> 
> Strawman proposal, open to suggestions.  A change like this would make
> tmpfiles flexible enough to detect what permission configuration an
> admin wants to use and go along with that.  In general, "set a
> directory's permissions based on the set{u,g}id status of the binary"
> seems common enough to want to support; tmpfiles can implement this with
> a simple stat and comparison.
> 
> Could potentially be more configurable, by capturing the mode, user, and
> group of the item listed as the conditional path, and making them
> available as placeholders within the subitem, but that seems like
> overkill for the most common cases.

> 
>  TODO | 4 ++++
>  1 file changed, 4 insertions(+)
> 
> diff --git a/TODO b/TODO
> index 6cac3e2..988f855 100644
> --- a/TODO
> +++ b/TODO
> @@ -570,6 +570,10 @@ Features:
>  * tmpfiles:
>    - check systemd-tmpfiles for selinux context hookup for mknod(), symlink() and similar
>    - apply "x" on "D" too (see patch from William Douglas)
> +  - Simple conditionals: "C path mode user group - (tmpfiles-line)" does tmpfiles-line if path has mode, user, and group:
> +    C /usr/bin/screen 2755 root utmp - d /var/run/screen 0775 root utmp
> +    C /usr/bin/screen 4755 root utmp - d /var/run/screen 0755 root utmp
> +    C /usr/bin/screen 0755 root utmp - d /var/run/screen 1777 root utmp


Hmm, I don't really grok the use case here. /usr/bin/screen is not owned
by the admin, but by the OS/packager. It really doesn't sound like
asking to much if the OS/packer ships a tmpfiles snippet that's in sync
with the mode of the binary file... Or alternatively, if the admin
really chooses to override the package manager here, then he can also
just drop-in another tmpfiles snippet that overrides the shipped one?

It sounds really strange to add a hook to make something configurable
depending on something else that is not really configuration...

Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list