[systemd-devel] How safe are D and R directives for systemd-tmpfiles?
Amish
anon.amish at gmail.com
Tue Oct 16 14:33:58 UTC 2018
On 16/10/18 7:03 PM, Lennart Poettering wrote:
> On Di, 16.10.18 18:14, Amish (anon.amish at gmail.com) wrote:
>
>> Does systemd have a way of specifying that R and D should be applicable only
>> for /tmp or /var/{cache,run,tmp} only?
> When you invoke the systemd-tmpfiles binary you could specify
> --prefix= to drop it's effect on non-listed prefixes.
Ah! Thank you. I overlooked this.
But is there a config file where this can be mentioned? (separate prefix
for create and remove)
OR can the default unit file be changed?
https://github.com/systemd/systemd/blob/master/units/systemd-tmpfiles-setup.service.in
to:
[Service]
Type=oneshot
RemainAfterExit=yes
EnvironmentFile=/etc/systemd/systemd-tmpfiles.env
ExecStart=@rootbindir@/systemd-tmpfiles --create --boot
--exclude-prefix=/dev $CREATEPREFIX
ExecStart=@rootbindir@/systemd-tmpfiles --remove --boot
--exclude-prefix=/dev $REMOVEPREFIX
SuccessExitStatus=65 73
I know I can setup an override file but just curious if above (or
similar) should be default.
> Generally though: the directories where systemd-tmpfiles reads its
> configuration from are owned by root and not writable by unprivileged
> users. Moreover, the snippets are nothing you sloppily enter on the
> command line, it's not a user-facing concept. Hence there's much less
> chance to be misused on purpose or by accident.
I know but just wanted to be extra-safe.
And thank you for the prompt reply,
Amish.
More information about the systemd-devel
mailing list