[systemd-devel] How safe are D and R directives for systemd-tmpfiles?
Lennart Poettering
lennart at poettering.net
Tue Oct 16 13:33:07 UTC 2018
On Di, 16.10.18 18:14, Amish (anon.amish at gmail.com) wrote:
> Hello,
>
> I am interested in knowing how safe D and R directives for tmpfiles.d are?
>
> If by some accident OR some packagers malicious intent - someone places a
> file with "R /" in tmpfiles.d, would this erase everything?
We refuse requests to delete the root dir:
https://github.com/systemd/systemd/blob/master/src/basic/rm-rf.c#L168
> Does systemd have a way of specifying that R and D should be applicable only
> for /tmp or /var/{cache,run,tmp} only?
When you invoke the systemd-tmpfiles binary you could specify
--prefix= to drop it's effect on non-listed prefixes.
> I could not locate anything on man page.
see systemd-tmpfiles(8).
Generally though: the directories where systemd-tmpfiles reads its
configuration from are owned by root and not writable by unprivileged
users. Moreover, the snippets are nothing you sloppily enter on the
command line, it's not a user-facing concept. Hence there's much less
chance to be misused on purpose or by accident.
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list