mirror of
https://github.com/systemd/systemd.git
synced 2024-11-26 19:53:45 +08:00
Drop split-usr and unmerged-usr support
As previously announced, execute order 66: https://lists.freedesktop.org/archives/systemd-devel/2022-September/048352.html The meson options split-usr, rootlibdir and rootprefix become no-ops that print a warning if they are set to anything other than the default values. We can remove them in a future release.
This commit is contained in:
Luca Boccassi
Luca Boccassi
parent
1108285baa
commit
b0d3095fd6
@ -90,7 +90,7 @@ EOF
|
||||
# disable autopkgtests which are not for upstream
|
||||
sed -i '/# NOUPSTREAM/ q' debian/tests/control
|
||||
# enable more unit tests
|
||||
sed -i '/^CONFFLAGS =/ s/=/= --werror -Dtests=unsafe -Dsplit-usr=true -Dslow-tests=true -Dfuzz-tests=true -Dman=true /' debian/rules
|
||||
sed -i '/^CONFFLAGS =/ s/=/= --werror -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true -Dman=true /' debian/rules
|
||||
# no orig tarball
|
||||
echo '1.0' >debian/source/format
|
||||
|
||||
|
||||
35
README
35
README
@ -259,13 +259,14 @@ REQUIREMENTS:
|
||||
make use of DynamicUser= now, hence enabling nss-systemd is not
|
||||
optional.
|
||||
|
||||
Note that the build prefix for systemd must be /usr. (Moreover, packages
|
||||
Note that the build prefix for systemd must be /usr/. (Moreover, packages
|
||||
systemd relies on — such as D-Bus — really should use the same prefix,
|
||||
otherwise you are on your own.) -Dsplit-usr=false (which is the default
|
||||
and does not need to be specified) is the recommended setting.
|
||||
-Dsplit-usr=true can be used to give a semblance of support for systems
|
||||
with programs installed split between / and /usr. Moving everything
|
||||
under /usr is strongly encouraged.
|
||||
otherwise you are on your own.) Split-usr and unmerged-usr systems are no
|
||||
longer supported, and moving everything under /usr/ is required. Systems
|
||||
with a separate /usr/ partition must mount it before transitioning into it
|
||||
(i.e.: from the initrd). For more information see:
|
||||
https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
|
||||
https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
|
||||
|
||||
Additional packages are necessary to run some tests:
|
||||
- nc (used by test/TEST-12-ISSUE-3171)
|
||||
@ -404,28 +405,6 @@ SYSV INIT.D SCRIPTS:
|
||||
needs to look like, and provide an implementation at the marked places.
|
||||
|
||||
WARNINGS and TAINT FLAGS:
|
||||
systemd will warn during early boot if /usr is not already mounted at
|
||||
this point (that means: either located on the same file system as / or
|
||||
already mounted in the initrd). While in systemd itself very little
|
||||
will break if /usr is on a separate late-mounted partition, many of its
|
||||
dependencies very likely will break sooner or later in one form or
|
||||
another. For example, udev rules tend to refer to binaries in /usr,
|
||||
binaries that link to libraries in /usr, or binaries that refer to data
|
||||
files in /usr. Since these breakages are not always directly visible,
|
||||
systemd will warn about this. Such setups are not really supported by
|
||||
the basic set of Linux OS components. Taint flag 'split-usr' will be
|
||||
set when this condition is detected.
|
||||
|
||||
For more information on this issue consult
|
||||
https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken
|
||||
|
||||
systemd will warn if the filesystem is not usr-merged (i.e.: /bin, /sbin
|
||||
and /lib* are not symlinks to their counterparts under /usr). Taint flag
|
||||
'unmerged-usr' will be set when this condition is detected.
|
||||
|
||||
For more information on this issue consult
|
||||
https://www.freedesktop.org/wiki/Software/systemd/TheCaseForTheUsrMerge
|
||||
|
||||
systemd requires that the /run mount point exists. systemd also
|
||||
requires that /var/run is a symlink to /run. Taint flag 'var-run-bad'
|
||||
will be set when this condition is detected.
|
||||
|
||||
2
TODO
2
TODO
@ -116,8 +116,6 @@ Deprecations and removals:
|
||||
* rework our PID tracking in services and so on, to be strictly based on pidfd,
|
||||
once kernel baseline is 5.13.
|
||||
|
||||
* H2 2023: remove support for unmerged-usr
|
||||
|
||||
* Remove /dev/mem ACPI FPDT parsing when /sys/firmware/acpi/fpdt is ubiquitous.
|
||||
That requires distros to enable CONFIG_ACPI_FPDT, and have kernels v5.12 for
|
||||
x86 and v6.2 for arm.
|
||||
|
||||
@ -35,4 +35,4 @@ foreach file : in_files
|
||||
endforeach
|
||||
|
||||
meson.add_install_script('sh', '-c',
|
||||
'test -n "$DESTDIR" || @0@/journalctl --update-catalog'.format(rootbindir))
|
||||
'test -n "$DESTDIR" || @0@/journalctl --update-catalog'.format(bindir))
|
||||
|
||||
@ -395,8 +395,6 @@ Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
|
||||
Възможни са следните етикети:
|
||||
⁃ „split-usr“ — „/usr“ е отделна файлова система, която не е била монтирана при
|
||||
стартирането на systemd
|
||||
⁃ „cgroups-missing“ — ядрото е компилирано без поддръжка на „cgroup“ или е
|
||||
ограничен достъпът до тази подсистема
|
||||
⁃ „var-run-bad“ — „/var/run“ не е символна връзка към „/run“
|
||||
|
||||
@ -392,8 +392,6 @@ Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
|
||||
The following "tags" are possible:
|
||||
- "split-usr" — /usr is a separate file system and was not mounted when systemd
|
||||
was booted
|
||||
- "cgroups-missing" — the kernel was compiled without cgroup support or access
|
||||
to expected interface files is restricted
|
||||
- "var-run-bad" — /var/run is not a symlink to /run
|
||||
|
||||
@ -337,8 +337,6 @@ Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
|
||||
Les étiquettes suivantes sont possibles :
|
||||
- "split-usr" — /usr est un système de fichiers séparé et nétait pas
|
||||
monté quand systemd a été démarré
|
||||
- "cgroups-missing" — le noyau a été compilé sans le support des groupes
|
||||
de contrôle (cgroups) ou l'accès aux fichiers d'interface est restreint
|
||||
- "var-run-bad" — /var/run n'est pas un lien symbolique vers /run
|
||||
|
||||
@ -403,7 +403,6 @@ Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
|
||||
I seguenti "tags" sono possibili:
|
||||
- "split-usr" — /usr è un file system separato e non è stato montato all'avvio di systemd
|
||||
- "cgroups-missing" — il kernel era compilato senza supporto cgroup o l'accesso ai
|
||||
file attesi è ristretto.
|
||||
- "var-run-bad" — /var/run non è un link simbolico (symlink) a /run
|
||||
|
||||
@ -396,8 +396,6 @@ Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
|
||||
Możliwe są następujące „etykiety”:
|
||||
• „split-usr” — /usr jest oddzielnym systemem plików, który nie był
|
||||
zamontowany w czasie uruchomienia systemd,
|
||||
• „cgroups-missing” — jądro zostało skompilowane bez obsługi cgroups
|
||||
lub dostęp do oczekiwanych plików interfejsu jest ograniczony,
|
||||
• „var-run-bad” — /var/run nie jest dowiązaniem symbolicznym do /run,
|
||||
|
||||
@ -388,8 +388,6 @@ Defined-By: systemd
|
||||
Support: %SUPPORT_URL%
|
||||
|
||||
Перечень всех возможных меток, указывающих на проблемы конфигурации:
|
||||
- "split-usr" — каталог /usr расположен на отдельной файловой системе,
|
||||
которая не была смонтирована на момент запуска systemd
|
||||
- "cgroups-missing" — ядро собрано без поддержки контрольных групп, либо
|
||||
отсутствуют права для доступа к интерфейсным файлам контрольных групп
|
||||
- "var-run-bad" — /var/run не является символьной ссылкой на /run
|
||||
|
||||
@ -14,7 +14,6 @@ distribution:
|
||||
|
||||
1. Find the right configure parameters for:
|
||||
|
||||
* `-Drootprefix=`
|
||||
* `-Dsysvinit-path=`
|
||||
* `-Dsysvrcnd-path=`
|
||||
* `-Drc-local=`
|
||||
|
||||
@ -55,7 +55,7 @@ if conf.get('ENABLE_HWDB') == 1
|
||||
mkdir_p.format(sysconfdir / 'udev/hwdb.d'))
|
||||
|
||||
meson.add_install_script('sh', '-c',
|
||||
'test -n "$DESTDIR" || @0@/systemd-hwdb update'.format(rootbindir))
|
||||
'test -n "$DESTDIR" || @0@/systemd-hwdb update'.format(bindir))
|
||||
endif
|
||||
|
||||
if want_tests != 'false'
|
||||
|
||||
@ -1629,17 +1629,6 @@ node /org/freedesktop/systemd1 {
|
||||
used to lower the chance of bogus bug reports. The following taints are currently known:</para>
|
||||
|
||||
<variablelist>
|
||||
<varlistentry>
|
||||
<term><literal>split-usr</literal></term>
|
||||
|
||||
<listitem><para><filename>/usr/</filename> was not available when systemd was first invoked. It
|
||||
must either be part of the root file system, or it must be mounted before
|
||||
<command>systemd</command> is invoked. See
|
||||
<ulink url="https://www.freedesktop.org/wiki/Software/systemd/separate-usr-is-broken">
|
||||
Booting Without /usr is Broken</ulink> for details why this is bad.</para>
|
||||
</listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
<term><literal>unmerged-usr</literal></term>
|
||||
|
||||
|
||||
@ -3484,12 +3484,9 @@ StandardInputData=V2XigLJyZSBubyBzdHJhbmdlcnMgdG8gbG92ZQpZb3Uga25vdyB0aGUgcnVsZX
|
||||
<listitem><para>Colon-separated list of directories to use when launching
|
||||
executables. <command>systemd</command> uses a fixed value of
|
||||
<literal><filename>/usr/local/sbin</filename>:<filename>/usr/local/bin</filename>:<filename>/usr/sbin</filename>:<filename>/usr/bin</filename></literal>
|
||||
in the system manager. When compiled for systems with "unmerged <filename>/usr/</filename>"
|
||||
(<filename>/bin</filename> is not a symlink to <filename>/usr/bin</filename>),
|
||||
<literal>:<filename>/sbin</filename>:<filename>/bin</filename></literal> is appended. In case of
|
||||
the user manager, a different path may be configured by the distribution. It is recommended to
|
||||
not rely on the order of entries, and have only one program with a given name in
|
||||
<varname>$PATH</varname>.</para></listitem>
|
||||
in the system manager. In case of the user manager, a different path may be configured by the
|
||||
distribution. It is recommended to not rely on the order of entries, and have only one program
|
||||
with a given name in <varname>$PATH</varname>.</para></listitem>
|
||||
</varlistentry>
|
||||
|
||||
<varlistentry>
|
||||
|
||||
618
meson.build
618
meson.build
File diff suppressed because it is too large
Load Diff
@ -9,14 +9,14 @@ option('shared-lib-tag', type : 'string',
|
||||
option('mode', type : 'combo', choices : ['developer', 'release'],
|
||||
description : 'autoenable features suitable for systemd development/release builds')
|
||||
|
||||
option('split-usr', type : 'combo', choices : ['auto', 'true', 'false'],
|
||||
description : '''/bin, /sbin aren't symlinks into /usr''')
|
||||
option('split-usr', type : 'combo', choices : ['auto', 'true', 'false'], deprecated: true,
|
||||
description : '''This option is deprecated and will be removed in a future release''')
|
||||
option('split-bin', type : 'combo', choices : ['auto', 'true', 'false'],
|
||||
description : '''sbin is not a symlink to bin''')
|
||||
option('rootlibdir', type : 'string',
|
||||
description : '''[/usr]/lib/x86_64-linux-gnu or such''')
|
||||
option('rootprefix', type : 'string',
|
||||
description : '''override the root prefix [default '/' if split-usr and '/usr' otherwise]''')
|
||||
option('rootlibdir', type : 'string', deprecated: true,
|
||||
description : '''This option is deprecated and will be removed in a future release''')
|
||||
option('rootprefix', type : 'string', deprecated: true,
|
||||
description : '''This option is deprecated and will be removed in a future release''')
|
||||
option('link-udev-shared', type : 'boolean',
|
||||
description : 'link systemd-udevd and its helpers to libsystemd-shared.so')
|
||||
option('link-systemctl-shared', type: 'boolean',
|
||||
@ -69,7 +69,7 @@ option('loadkeys-path', type : 'string', description : 'path to loadkeys')
|
||||
option('setfont-path', type : 'string', description : 'path to setfont')
|
||||
option('nologin-path', type : 'string', description : 'path to nologin')
|
||||
|
||||
option('debug-shell', type : 'string', value : '/bin/sh',
|
||||
option('debug-shell', type : 'string', value : '/usr/bin/sh',
|
||||
description : 'path to debug shell binary')
|
||||
option('debug-tty', type : 'string', value : '/dev/tty9',
|
||||
description : 'specify the tty device for debug shell')
|
||||
@ -228,7 +228,7 @@ option('time-epoch', type : 'integer', value : 0,
|
||||
description : 'time epoch for time clients')
|
||||
option('clock-valid-range-usec-max', type : 'integer', value : 473364000000000, # 15 years
|
||||
description : 'maximum value in microseconds for the difference between RTC and epoch, exceeding which is considered an RTC error ["0" disables]')
|
||||
option('default-user-shell', type : 'string', value : '/bin/bash',
|
||||
option('default-user-shell', type : 'string', value : '/usr/bin/bash',
|
||||
description : 'default interactive shell')
|
||||
|
||||
option('system-alloc-uid-min', type : 'integer', value : 0,
|
||||
|
||||
@ -40,14 +40,6 @@ fi
|
||||
if [ ! -f "$BUILDDIR"/build.ninja ]; then
|
||||
sysvinit_path=$(realpath /etc/init.d)
|
||||
|
||||
init_path=$(realpath /sbin/init 2>/dev/null)
|
||||
if [ -z "$init_path" ]; then
|
||||
rootprefix=""
|
||||
else
|
||||
rootprefix=${init_path%/lib/systemd/systemd}
|
||||
rootprefix=/${rootprefix#/}
|
||||
fi
|
||||
|
||||
. /etc/os-release
|
||||
if [ "$ID" = "centos" ] && [ "$VERSION" = "8" ]; then
|
||||
UKIFY=false
|
||||
@ -64,7 +56,6 @@ if [ ! -f "$BUILDDIR"/build.ninja ]; then
|
||||
|
||||
CONFIGURE_OPTS=(
|
||||
-D sysvinit-path="$sysvinit_path"
|
||||
-D rootprefix="$rootprefix"
|
||||
-D man=false
|
||||
-D translations=false
|
||||
-D version-tag="${VERSION_TAG}"
|
||||
@ -164,7 +155,7 @@ if [ ! -f "$BUILDDIR"/build.ninja ]; then
|
||||
# installed in the wrong directory and not be found by cryptsetup. Assume native build.
|
||||
if grep -q -e "ID=debian" -e "ID_LIKE=debian" /etc/os-release && command -v dpkg 2>/dev/null; then
|
||||
CONFIGURE_OPTS+=(
|
||||
-D rootlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
|
||||
-D libdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)"
|
||||
-D pamlibdir="/usr/lib/$(dpkg-architecture -qDEB_HOST_MULTIARCH)/security"
|
||||
)
|
||||
fi
|
||||
|
||||
@ -12,6 +12,6 @@ IMPORT{builtin}="btrfs ready $devnode"
|
||||
ENV{ID_BTRFS_READY}=="0", ENV{SYSTEMD_READY}="0"
|
||||
|
||||
# reconsider pending devices in case when multidevice volume awaits
|
||||
ENV{ID_BTRFS_READY}=="1", RUN+="{{ROOTBINDIR}}/udevadm trigger -s block -p ID_BTRFS_READY=0"
|
||||
ENV{ID_BTRFS_READY}=="1", RUN+="{{BINDIR}}/udevadm trigger -s block -p ID_BTRFS_READY=0"
|
||||
|
||||
LABEL="btrfs_end"
|
||||
|
||||
@ -71,11 +71,11 @@ SUBSYSTEM=="usb", ATTR{idVendor}=="17e9", ATTR{idProduct}=="401a", ATTR{product}
|
||||
SUBSYSTEM=="usb", ATTR{idVendor}=="17e9", ATTR{idProduct}=="401a", ATTR{product}=="mimo inc", \
|
||||
ATTR{../idVendor}=="058f", ATTR{../idProduct}=="6254", \
|
||||
ENV{ID_AVOID_LOOP}=="", \
|
||||
RUN+="{{ROOTBINDIR}}/udevadm trigger --parent-match=%p/.."
|
||||
RUN+="{{BINDIR}}/udevadm trigger --parent-match=%p/.."
|
||||
|
||||
TAG=="seat", ENV{ID_PATH}=="", IMPORT{builtin}="path_id"
|
||||
TAG=="seat", ENV{ID_FOR_SEAT}=="", ENV{ID_PATH_TAG}!="", ENV{ID_FOR_SEAT}="$env{SUBSYSTEM}-$env{ID_PATH_TAG}"
|
||||
|
||||
SUBSYSTEM=="input", ATTR{name}=="Wiebetech LLC Wiebetech", RUN+="{{ROOTBINDIR}}/loginctl lock-sessions"
|
||||
SUBSYSTEM=="input", ATTR{name}=="Wiebetech LLC Wiebetech", RUN+="{{BINDIR}}/loginctl lock-sessions"
|
||||
|
||||
LABEL="seat_end"
|
||||
|
||||
@ -63,7 +63,7 @@ SUBSYSTEM=="usb", ENV{DEVTYPE}=="usb_device", ENV{ID_USB_INTERFACES}=="*:0701??:
|
||||
SUBSYSTEM=="udc", ACTION=="add", TAG+="systemd", ENV{SYSTEMD_WANTS}+="usb-gadget.target"
|
||||
|
||||
# Apply sysctl variables to network devices (and only to those) as they appear.
|
||||
ACTION=="add", SUBSYSTEM=="net", KERNEL!="lo", RUN+="{{ROOTLIBEXECDIR}}/systemd-sysctl --prefix=/net/ipv4/conf/$name --prefix=/net/ipv4/neigh/$name --prefix=/net/ipv6/conf/$name --prefix=/net/ipv6/neigh/$name"
|
||||
ACTION=="add", SUBSYSTEM=="net", KERNEL!="lo", RUN+="{{LIBEXECDIR}}/systemd-sysctl --prefix=/net/ipv4/conf/$name --prefix=/net/ipv4/neigh/$name --prefix=/net/ipv6/conf/$name --prefix=/net/ipv6/neigh/$name"
|
||||
|
||||
{% if ENABLE_BACKLIGHT %}
|
||||
# Pull in backlight save/restore for all backlight devices and
|
||||
|
||||
@ -11,7 +11,7 @@ __systemctl() {
|
||||
}
|
||||
|
||||
__systemd_properties() {
|
||||
{{ROOTLIBEXECDIR}}/systemd --dump-bus-properties
|
||||
{{LIBEXECDIR}}/systemd --dump-bus-properties
|
||||
}
|
||||
|
||||
__contains_word () {
|
||||
|
||||
@ -454,7 +454,7 @@ done
|
||||
|
||||
(( $+functions[_systemctl_unit_properties] )) ||
|
||||
_systemctl_unit_properties() {
|
||||
local -a _sys_all_properties=( ${(f)"$({{ROOTLIBEXECDIR}}/systemd --no-pager --dump-bus-properties 2>/dev/null)"} )
|
||||
local -a _sys_all_properties=( ${(f)"$({{LIBEXECDIR}}/systemd --no-pager --dump-bus-properties 2>/dev/null)"} )
|
||||
_wanted systemd-unit-properties expl 'unit property' \
|
||||
_values -s , "${_sys_all_properties[@]}"
|
||||
}
|
||||
|
||||
@ -59,22 +59,13 @@
|
||||
#define NOTIFY_FD_MAX 768
|
||||
#define NOTIFY_BUFFER_MAX PIPE_BUF
|
||||
|
||||
#if HAVE_SPLIT_USR
|
||||
# define _CONF_PATHS_SPLIT_USR_NULSTR(n) "/lib/" n "\0"
|
||||
# define _CONF_PATHS_SPLIT_USR(n) , "/lib/" n
|
||||
#else
|
||||
# define _CONF_PATHS_SPLIT_USR_NULSTR(n)
|
||||
# define _CONF_PATHS_SPLIT_USR(n)
|
||||
#endif
|
||||
|
||||
/* Return a nulstr for a standard cascade of configuration paths, suitable to pass to
|
||||
* conf_files_list_nulstr() to implement drop-in directories for extending configuration files. */
|
||||
#define CONF_PATHS_NULSTR(n) \
|
||||
"/etc/" n "\0" \
|
||||
"/run/" n "\0" \
|
||||
"/usr/local/lib/" n "\0" \
|
||||
"/usr/lib/" n "\0" \
|
||||
_CONF_PATHS_SPLIT_USR_NULSTR(n)
|
||||
"/usr/lib/" n "\0"
|
||||
|
||||
#define CONF_PATHS_USR(n) \
|
||||
"/etc/" n, \
|
||||
@ -83,8 +74,7 @@
|
||||
"/usr/lib/" n
|
||||
|
||||
#define CONF_PATHS(n) \
|
||||
CONF_PATHS_USR(n) \
|
||||
_CONF_PATHS_SPLIT_USR(n)
|
||||
CONF_PATHS_USR(n)
|
||||
|
||||
#define CONF_PATHS_USR_STRV(n) \
|
||||
STRV_MAKE(CONF_PATHS_USR(n))
|
||||
|
||||
@ -530,10 +530,6 @@ int lookup_paths_init(
|
||||
assert(scope >= 0);
|
||||
assert(scope < _RUNTIME_SCOPE_MAX);
|
||||
|
||||
#if HAVE_SPLIT_USR
|
||||
flags |= LOOKUP_PATHS_SPLIT_USR;
|
||||
#endif
|
||||
|
||||
if (!empty_or_root(root_dir)) {
|
||||
if (scope == RUNTIME_SCOPE_USER)
|
||||
return -EINVAL;
|
||||
@ -625,6 +621,7 @@ int lookup_paths_init(
|
||||
"/usr/local/lib/systemd/system",
|
||||
SYSTEM_DATA_UNIT_DIR,
|
||||
"/usr/lib/systemd/system",
|
||||
/* To be used ONLY for images which might be legacy split-usr */
|
||||
STRV_IFNOTNULL(flags & LOOKUP_PATHS_SPLIT_USR ? "/lib/systemd/system" : NULL),
|
||||
STRV_IFNOTNULL(generator_late));
|
||||
break;
|
||||
|
||||
@ -10,7 +10,7 @@
|
||||
typedef enum LookupPathsFlags {
|
||||
LOOKUP_PATHS_EXCLUDE_GENERATED = 1 << 0,
|
||||
LOOKUP_PATHS_TEMPORARY_GENERATED = 1 << 1,
|
||||
LOOKUP_PATHS_SPLIT_USR = 1 << 2,
|
||||
LOOKUP_PATHS_SPLIT_USR = 1 << 2, /* Legacy, use ONLY for image payloads which might be old */
|
||||
} LookupPathsFlags;
|
||||
|
||||
typedef struct LookupPaths {
|
||||
|
||||
@ -25,20 +25,10 @@
|
||||
# define PATH_SBIN_BIN_NULSTR(x) PATH_NORMAL_SBIN_BIN_NULSTR(x)
|
||||
#endif
|
||||
|
||||
#define DEFAULT_PATH_NORMAL PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
|
||||
#define DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/")
|
||||
#define DEFAULT_PATH_SPLIT_USR DEFAULT_PATH_NORMAL ":" PATH_SBIN_BIN("/")
|
||||
#define DEFAULT_PATH_SPLIT_USR_NULSTR DEFAULT_PATH_NORMAL_NULSTR PATH_SBIN_BIN_NULSTR("/")
|
||||
#define DEFAULT_PATH PATH_SBIN_BIN("/usr/local/") ":" PATH_SBIN_BIN("/usr/")
|
||||
#define DEFAULT_PATH_NULSTR PATH_SBIN_BIN_NULSTR("/usr/local/") PATH_SBIN_BIN_NULSTR("/usr/")
|
||||
#define DEFAULT_PATH_COMPAT PATH_SPLIT_SBIN_BIN("/usr/local/") ":" PATH_SPLIT_SBIN_BIN("/usr/") ":" PATH_SPLIT_SBIN_BIN("/")
|
||||
|
||||
#if HAVE_SPLIT_USR
|
||||
# define DEFAULT_PATH DEFAULT_PATH_SPLIT_USR
|
||||
# define DEFAULT_PATH_NULSTR DEFAULT_PATH_SPLIT_USR_NULSTR
|
||||
#else
|
||||
# define DEFAULT_PATH DEFAULT_PATH_NORMAL
|
||||
# define DEFAULT_PATH_NULSTR DEFAULT_PATH_NORMAL_NULSTR
|
||||
#endif
|
||||
|
||||
#ifndef DEFAULT_USER_PATH
|
||||
# define DEFAULT_USER_PATH DEFAULT_PATH
|
||||
#endif
|
||||
|
||||
@ -101,7 +101,6 @@ int manager_serialize(
|
||||
(void) serialize_item_format(f, "current-job-id", "%" PRIu32, m->current_job_id);
|
||||
(void) serialize_item_format(f, "n-installed-jobs", "%u", m->n_installed_jobs);
|
||||
(void) serialize_item_format(f, "n-failed-jobs", "%u", m->n_failed_jobs);
|
||||
(void) serialize_bool(f, "taint-usr", m->taint_usr);
|
||||
(void) serialize_bool(f, "ready-sent", m->ready_sent);
|
||||
(void) serialize_bool(f, "taint-logged", m->taint_logged);
|
||||
(void) serialize_bool(f, "service-watchdogs", m->service_watchdogs);
|
||||
@ -376,15 +375,6 @@ int manager_deserialize(Manager *m, FILE *f, FDSet *fds) {
|
||||
else
|
||||
m->n_failed_jobs += n;
|
||||
|
||||
} else if ((val = startswith(l, "taint-usr="))) {
|
||||
int b;
|
||||
|
||||
b = parse_boolean(val);
|
||||
if (b < 0)
|
||||
log_notice("Failed to parse taint /usr flag '%s', ignoring.", val);
|
||||
else
|
||||
m->taint_usr = m->taint_usr || b;
|
||||
|
||||
} else if ((val = startswith(l, "ready-sent="))) {
|
||||
int b;
|
||||
|
||||
|
||||
@ -1036,10 +1036,6 @@ int manager_new(RuntimeScope runtime_scope, ManagerTestRunFlags test_run_flags,
|
||||
return r;
|
||||
}
|
||||
|
||||
m->taint_usr =
|
||||
!in_initrd() &&
|
||||
dir_is_empty("/usr", /* ignore_hidden_or_backup= */ false) > 0;
|
||||
|
||||
/* Note that we do not set up the notify fd here. We do that after deserialization,
|
||||
* since they might have gotten serialized across the reexec. */
|
||||
|
||||
@ -4739,12 +4735,9 @@ char* manager_taint_string(const Manager *m) {
|
||||
|
||||
assert(m);
|
||||
|
||||
const char* stage[13] = {};
|
||||
const char* stage[12] = {};
|
||||
size_t n = 0;
|
||||
|
||||
if (m->taint_usr)
|
||||
stage[n++] = "split-usr";
|
||||
|
||||
_cleanup_free_ char *usrbin = NULL;
|
||||
if (readlink_malloc("/bin", &usrbin) < 0 || !PATH_IN_SET(usrbin, "usr/bin", "/usr/bin"))
|
||||
stage[n++] = "unmerged-usr";
|
||||
|
||||
@ -330,8 +330,6 @@ struct Manager {
|
||||
/* Flags */
|
||||
bool dispatching_load_queue;
|
||||
|
||||
bool taint_usr;
|
||||
|
||||
/* Have we already sent out the READY=1 notification? */
|
||||
bool ready_sent;
|
||||
|
||||
|
||||
@ -133,7 +133,7 @@ libcore = shared_library(
|
||||
userspace,
|
||||
versiondep],
|
||||
install : true,
|
||||
install_dir : rootpkglibdir)
|
||||
install_dir : pkglibdir)
|
||||
|
||||
core_includes = [includes, include_directories('.')]
|
||||
|
||||
|
||||
@ -138,9 +138,6 @@ static const MountEntry protect_kernel_tunables_sys_table[] = {
|
||||
|
||||
/* ProtectKernelModules= option */
|
||||
static const MountEntry protect_kernel_modules_table[] = {
|
||||
#if HAVE_SPLIT_USR
|
||||
{ "/lib/modules", INACCESSIBLE, true },
|
||||
#endif
|
||||
{ "/usr/lib/modules", INACCESSIBLE, true },
|
||||
};
|
||||
|
||||
@ -182,14 +179,6 @@ static const MountEntry protect_system_yes_table[] = {
|
||||
{ "/usr", READONLY, false },
|
||||
{ "/boot", READONLY, true },
|
||||
{ "/efi", READONLY, true },
|
||||
#if HAVE_SPLIT_USR
|
||||
{ "/lib", READONLY, true },
|
||||
{ "/lib64", READONLY, true },
|
||||
{ "/bin", READONLY, true },
|
||||
# if HAVE_SPLIT_BIN
|
||||
{ "/sbin", READONLY, true },
|
||||
# endif
|
||||
#endif
|
||||
};
|
||||
|
||||
/* ProtectSystem=full includes ProtectSystem=yes */
|
||||
@ -198,14 +187,6 @@ static const MountEntry protect_system_full_table[] = {
|
||||
{ "/boot", READONLY, true },
|
||||
{ "/efi", READONLY, true },
|
||||
{ "/etc", READONLY, false },
|
||||
#if HAVE_SPLIT_USR
|
||||
{ "/lib", READONLY, true },
|
||||
{ "/lib64", READONLY, true },
|
||||
{ "/bin", READONLY, true },
|
||||
# if HAVE_SPLIT_BIN
|
||||
{ "/sbin", READONLY, true },
|
||||
# endif
|
||||
#endif
|
||||
};
|
||||
|
||||
/*
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
<allow_inactive>no</allow_inactive>
|
||||
<allow_active>auth_admin_keep</allow_active>
|
||||
</defaults>
|
||||
<annotate key="org.freedesktop.policykit.exec.path">{{ROOTLIBEXECDIR}}/systemd-reply-password</annotate>
|
||||
<annotate key="org.freedesktop.policykit.exec.path">{{LIBEXECDIR}}/systemd-reply-password</annotate>
|
||||
</action>
|
||||
|
||||
<action id="org.freedesktop.systemd1.manage-units">
|
||||
|
||||
@ -11,19 +11,19 @@
|
||||
# considered deprecated (though there is no plan to remove them). New names
|
||||
# shall have underscores.
|
||||
|
||||
prefix=/usr
|
||||
root_prefix={{ROOTPREFIX_NOSLASH}}
|
||||
rootprefix=${root_prefix}
|
||||
prefix={{PREFIX_NOSLASH}}
|
||||
root_prefix=${prefix}
|
||||
rootprefix=${prefix}
|
||||
sysconf_dir={{SYSCONF_DIR}}
|
||||
sysconfdir=${sysconf_dir}
|
||||
|
||||
systemd_util_dir=${root_prefix}/lib/systemd
|
||||
systemd_util_dir=${prefix}/lib/systemd
|
||||
systemdutildir=${systemd_util_dir}
|
||||
|
||||
systemd_system_unit_dir=${rootprefix}/lib/systemd/system
|
||||
systemd_system_unit_dir=${prefix}/lib/systemd/system
|
||||
systemdsystemunitdir=${systemd_system_unit_dir}
|
||||
|
||||
systemd_system_preset_dir=${rootprefix}/lib/systemd/system-preset
|
||||
systemd_system_preset_dir=${prefix}/lib/systemd/system-preset
|
||||
systemdsystempresetdir=${systemd_system_preset_dir}
|
||||
|
||||
systemd_user_unit_dir=${prefix}/lib/systemd/user
|
||||
@ -44,7 +44,7 @@ systemdsystemunitpath=${systemd_system_unit_path}
|
||||
systemd_user_unit_path=${systemd_user_conf_dir}:/etc/systemd/user:/run/systemd/user:/usr/local/lib/systemd/user:/usr/local/share/systemd/user:${systemd_user_unit_dir}:/usr/lib/systemd/user:/usr/share/systemd/user
|
||||
systemduserunitpath=${systemd_user_unit_path}
|
||||
|
||||
systemd_system_generator_dir=${root_prefix}/lib/systemd/system-generators
|
||||
systemd_system_generator_dir=${prefix}/lib/systemd/system-generators
|
||||
systemdsystemgeneratordir=${systemd_system_generator_dir}
|
||||
|
||||
systemd_user_generator_dir=${prefix}/lib/systemd/user-generators
|
||||
@ -56,10 +56,10 @@ systemdsystemgeneratorpath=${systemd_system_generator_path}
|
||||
systemd_user_generator_path=/run/systemd/user-generators:/etc/systemd/user-generators:/usr/local/lib/systemd/user-generators:${systemd_user_generator_dir}
|
||||
systemdusergeneratorpath=${systemd_user_generator_path}
|
||||
|
||||
systemd_sleep_dir=${root_prefix}/lib/systemd/system-sleep
|
||||
systemd_sleep_dir=${prefix}/lib/systemd/system-sleep
|
||||
systemdsleepdir=${systemd_sleep_dir}
|
||||
|
||||
systemd_shutdown_dir=${root_prefix}/lib/systemd/system-shutdown
|
||||
systemd_shutdown_dir=${prefix}/lib/systemd/system-shutdown
|
||||
systemdshutdowndir=${systemd_shutdown_dir}
|
||||
|
||||
tmpfiles_dir=${prefix}/lib/tmpfiles.d
|
||||
@ -67,16 +67,16 @@ tmpfilesdir=${tmpfiles_dir}
|
||||
|
||||
user_tmpfiles_dir=${prefix}/share/user-tmpfiles.d
|
||||
|
||||
sysusers_dir=${rootprefix}/lib/sysusers.d
|
||||
sysusers_dir=${prefix}/lib/sysusers.d
|
||||
sysusersdir=${sysusers_dir}
|
||||
|
||||
sysctl_dir=${rootprefix}/lib/sysctl.d
|
||||
sysctl_dir=${prefix}/lib/sysctl.d
|
||||
sysctldir=${sysctl_dir}
|
||||
|
||||
binfmt_dir=${rootprefix}/lib/binfmt.d
|
||||
binfmt_dir=${prefix}/lib/binfmt.d
|
||||
binfmtdir=${binfmt_dir}
|
||||
|
||||
modules_load_dir=${rootprefix}/lib/modules-load.d
|
||||
modules_load_dir=${prefix}/lib/modules-load.d
|
||||
modulesloaddir=${modules_load_dir}
|
||||
|
||||
catalog_dir=${prefix}/lib/systemd/catalog
|
||||
|
||||
@ -533,13 +533,13 @@ static int create_disk(
|
||||
}
|
||||
|
||||
fprintf(f,
|
||||
"ExecStartPost=" ROOTLIBEXECDIR "/systemd-makefs '%s' '/dev/mapper/%s'\n",
|
||||
"ExecStartPost=" LIBEXECDIR "/systemd-makefs '%s' '/dev/mapper/%s'\n",
|
||||
tmp_fstype_escaped ?: "ext4", name_escaped);
|
||||
}
|
||||
|
||||
if (swap)
|
||||
fprintf(f,
|
||||
"ExecStartPost=" ROOTLIBEXECDIR "/systemd-makefs swap '/dev/mapper/%s'\n",
|
||||
"ExecStartPost=" LIBEXECDIR "/systemd-makefs swap '/dev/mapper/%s'\n",
|
||||
name_escaped);
|
||||
|
||||
r = fflush_and_check(f);
|
||||
|
||||
@ -35,9 +35,6 @@ static const char prefixes[] =
|
||||
"/usr/local/share\0"
|
||||
"/usr/lib\0"
|
||||
"/usr/share\0"
|
||||
#if HAVE_SPLIT_USR
|
||||
"/lib\0"
|
||||
#endif
|
||||
;
|
||||
|
||||
static const char suffixes[] =
|
||||
@ -368,36 +365,6 @@ static int enumerate_dir(
|
||||
return 0;
|
||||
}
|
||||
|
||||
static int should_skip_path(const char *prefix, const char *suffix) {
|
||||
#if HAVE_SPLIT_USR
|
||||
_cleanup_free_ char *target = NULL, *dirname = NULL;
|
||||
|
||||
dirname = path_join(prefix, suffix);
|
||||
if (!dirname)
|
||||
return -ENOMEM;
|
||||
|
||||
if (chase(dirname, NULL, 0, &target, NULL) < 0)
|
||||
return false;
|
||||
|
||||
NULSTR_FOREACH(p, prefixes) {
|
||||
_cleanup_free_ char *tmp = NULL;
|
||||
|
||||
if (path_startswith(dirname, p))
|
||||
continue;
|
||||
|
||||
tmp = path_join(p, suffix);
|
||||
if (!tmp)
|
||||
return -ENOMEM;
|
||||
|
||||
if (path_equal(target, tmp)) {
|
||||
log_debug("%s redirects to %s, skipping.", dirname, target);
|
||||
return true;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
return false;
|
||||
}
|
||||
|
||||
static int process_suffix(const char *suffix, const char *onlyprefix) {
|
||||
char *f, *key;
|
||||
OrderedHashmap *top, *bottom, *drops, *h;
|
||||
@ -421,9 +388,6 @@ static int process_suffix(const char *suffix, const char *onlyprefix) {
|
||||
NULSTR_FOREACH(p, prefixes) {
|
||||
_cleanup_free_ char *t = NULL;
|
||||
|
||||
if (should_skip_path(p, suffix) > 0)
|
||||
continue;
|
||||
|
||||
t = path_join(p, suffix);
|
||||
if (!t) {
|
||||
r = -ENOMEM;
|
||||
|
||||
@ -231,7 +231,7 @@ static int process_resume(void) {
|
||||
"\n"
|
||||
"[Service]\n"
|
||||
"Type=oneshot\n"
|
||||
"ExecStart=" ROOTLIBEXECDIR "/systemd-hibernate-resume %2$s %3$" PRIu64 "\n",
|
||||
"ExecStart=" LIBEXECDIR "/systemd-hibernate-resume %2$s %3$" PRIu64 "\n",
|
||||
device_unit,
|
||||
arg_resume_device,
|
||||
arg_resume_offset);
|
||||
|
||||
@ -48,7 +48,7 @@ if conf.get('ENABLE_IMPORTD') == 1
|
||||
install_dir : polkitpolicydir)
|
||||
|
||||
install_data('import-pubring.gpg',
|
||||
install_dir : rootlibexecdir)
|
||||
install_dir : libexecdir)
|
||||
# TODO: shouldn't this be in pkgdatadir?
|
||||
endif
|
||||
|
||||
|
||||
@ -101,8 +101,8 @@ static int create_disk(
|
||||
"Type=oneshot\n"
|
||||
"RemainAfterExit=yes\n"
|
||||
"TimeoutSec=infinity\n"
|
||||
"ExecStart=" ROOTLIBEXECDIR "/systemd-integritysetup attach '%s' '%s' '%s' '%s'\n"
|
||||
"ExecStop=" ROOTLIBEXECDIR "/systemd-integritysetup detach '%s'\n",
|
||||
"ExecStart=" LIBEXECDIR "/systemd-integritysetup attach '%s' '%s' '%s' '%s'\n"
|
||||
"ExecStop=" LIBEXECDIR "/systemd-integritysetup detach '%s'\n",
|
||||
name_escaped, device, empty_to_dash(key_file_escaped), empty_to_dash(options),
|
||||
name_escaped);
|
||||
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
prefix={{PREFIX}}
|
||||
exec_prefix={{PREFIX}}
|
||||
libdir={{ROOTLIBDIR}}
|
||||
libdir={{LIBDIR}}
|
||||
includedir={{INCLUDE_DIR}}
|
||||
|
||||
Name: systemd
|
||||
|
||||
@ -86,5 +86,4 @@ struct trie_value_entry2_f {
|
||||
"/etc/systemd/hwdb/hwdb.bin\0" \
|
||||
"/etc/udev/hwdb.bin\0" \
|
||||
"/usr/lib/systemd/hwdb/hwdb.bin\0" \
|
||||
_CONF_PATHS_SPLIT_USR_NULSTR("systemd/hwdb/hwdb.bin") \
|
||||
UDEVLIBEXECDIR "/hwdb.bin\0"
|
||||
|
||||
@ -317,7 +317,7 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
|
||||
return from_user_dir("XDG_DESKTOP_DIR", buffer, ret);
|
||||
|
||||
case SD_PATH_SYSTEMD_UTIL:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/systemd";
|
||||
*ret = PREFIX_NOSLASH "/lib/systemd";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_SYSTEM_UNIT:
|
||||
@ -325,7 +325,7 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_SYSTEM_PRESET:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/systemd/system-preset";
|
||||
*ret = PREFIX_NOSLASH "/lib/systemd/system-preset";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_USER_UNIT:
|
||||
@ -333,7 +333,7 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_USER_PRESET:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/systemd/user-preset";
|
||||
*ret = PREFIX_NOSLASH "/lib/systemd/user-preset";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_SYSTEM_CONF:
|
||||
@ -353,11 +353,11 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_SLEEP:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/systemd/system-sleep";
|
||||
*ret = PREFIX_NOSLASH "/lib/systemd/system-sleep";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSTEMD_SHUTDOWN:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/systemd/system-shutdown";
|
||||
*ret = PREFIX_NOSLASH "/lib/systemd/system-shutdown";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_TMPFILES:
|
||||
@ -365,19 +365,19 @@ static int get_path(uint64_t type, char **buffer, const char **ret) {
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSUSERS:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/sysusers.d";
|
||||
*ret = PREFIX_NOSLASH "/lib/sysusers.d";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_SYSCTL:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/sysctl.d";
|
||||
*ret = PREFIX_NOSLASH "/lib/sysctl.d";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_BINFMT:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/binfmt.d";
|
||||
*ret = PREFIX_NOSLASH "/lib/binfmt.d";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_MODULES_LOAD:
|
||||
*ret = ROOTPREFIX_NOSLASH "/lib/modules-load.d";
|
||||
*ret = PREFIX_NOSLASH "/lib/modules-load.d";
|
||||
return 0;
|
||||
|
||||
case SD_PATH_CATALOG:
|
||||
@ -537,9 +537,6 @@ static int get_search(uint64_t type, char ***list) {
|
||||
true,
|
||||
ARRAY_SBIN_BIN("/usr/local/"),
|
||||
ARRAY_SBIN_BIN("/usr/"),
|
||||
#if HAVE_SPLIT_USR
|
||||
ARRAY_SBIN_BIN("/"),
|
||||
#endif
|
||||
NULL);
|
||||
|
||||
case SD_PATH_SEARCH_LIBRARY_PRIVATE:
|
||||
@ -550,9 +547,6 @@ static int get_search(uint64_t type, char ***list) {
|
||||
false,
|
||||
"/usr/local/lib",
|
||||
"/usr/lib",
|
||||
#if HAVE_SPLIT_USR
|
||||
"/lib",
|
||||
#endif
|
||||
NULL);
|
||||
|
||||
case SD_PATH_SEARCH_LIBRARY_ARCH:
|
||||
@ -562,9 +556,6 @@ static int get_search(uint64_t type, char ***list) {
|
||||
"LD_LIBRARY_PATH",
|
||||
true,
|
||||
LIBDIR,
|
||||
#if HAVE_SPLIT_USR
|
||||
ROOTLIBDIR,
|
||||
#endif
|
||||
NULL);
|
||||
|
||||
case SD_PATH_SEARCH_SHARED:
|
||||
|
||||
@ -9,7 +9,7 @@
|
||||
|
||||
prefix={{PREFIX}}
|
||||
exec_prefix={{PREFIX}}
|
||||
libdir={{ROOTLIBDIR}}
|
||||
libdir={{LIBDIR}}
|
||||
includedir={{INCLUDE_DIR}}
|
||||
|
||||
Name: libudev
|
||||
|
||||
@ -231,8 +231,8 @@ static int extract_now(
|
||||
}
|
||||
|
||||
/* Then, send unit file data to the parent (or/and add it to the hashmap). For that we use our usual unit
|
||||
* discovery logic. Note that we force looking inside of /lib/systemd/system/ for units too, as we mightbe
|
||||
* compiled for a split-usr system but the image might be a legacy-usr one. */
|
||||
* discovery logic. Note that we force looking inside of /lib/systemd/system/ for units too, as the
|
||||
* image might have a legacy split-usr layout. */
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, where);
|
||||
if (r < 0)
|
||||
return log_debug_errno(r, "Failed to acquire lookup paths: %m");
|
||||
@ -1484,7 +1484,7 @@ int portable_attach(
|
||||
strempty(extensions_joined));
|
||||
}
|
||||
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, NULL);
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, /* flags= */ 0, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -1684,7 +1684,7 @@ int portable_detach(
|
||||
|
||||
assert(name_or_path);
|
||||
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, NULL);
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, /* flags= */ 0, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
@ -1871,7 +1871,7 @@ static int portable_get_state_internal(
|
||||
assert(name_or_path);
|
||||
assert(ret);
|
||||
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, LOOKUP_PATHS_SPLIT_USR, NULL);
|
||||
r = lookup_paths_init(&paths, RUNTIME_SCOPE_SYSTEM, /* flags= */ 0, NULL);
|
||||
if (r < 0)
|
||||
return r;
|
||||
|
||||
|
||||
@ -125,7 +125,7 @@ if conf.get('ENABLE_RESOLVE') == 1
|
||||
install_data('org.freedesktop.resolve1.policy',
|
||||
install_dir : polkitpolicydir)
|
||||
install_data('resolv.conf',
|
||||
install_dir : rootlibexecdir)
|
||||
install_dir : libexecdir)
|
||||
endif
|
||||
|
||||
custom_target(
|
||||
|
||||
@ -5,7 +5,7 @@
|
||||
|
||||
# RPM macros for packages installing systemd unit files
|
||||
|
||||
%_systemd_util_dir {{ROOTLIBEXECDIR}}
|
||||
%_systemd_util_dir {{LIBEXECDIR}}
|
||||
%_unitdir {{SYSTEM_DATA_UNIT_DIR}}
|
||||
%_userunitdir {{USER_DATA_UNIT_DIR}}
|
||||
%_presetdir {{SYSTEM_PRESET_DIR}}
|
||||
@ -167,10 +167,10 @@ SYSTEMD_INLINE_EOF\
|
||||
|
||||
%sysctl_apply() \
|
||||
%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# sysctl_apply}} \
|
||||
[ -x {{ROOTLIBEXECDIR}}/systemd-sysctl ] && {{ROOTLIBEXECDIR}}/systemd-sysctl %{?*} || : \
|
||||
[ -x {{LIBEXECDIR}}/systemd-sysctl ] && {{LIBEXECDIR}}/systemd-sysctl %{?*} || : \
|
||||
%{nil}
|
||||
|
||||
%binfmt_apply() \
|
||||
%{expand:%%{?__systemd_someargs_%#:%%__systemd_someargs_%# binfmt_apply}} \
|
||||
[ -x {{ROOTLIBEXECDIR}}/systemd-binfmt ] && {{ROOTLIBEXECDIR}}/systemd-binfmt %{?*} || : \
|
||||
[ -x {{LIBEXECDIR}}/systemd-binfmt ] && {{LIBEXECDIR}}/systemd-binfmt %{?*} || : \
|
||||
%{nil}
|
||||
|
||||
@ -3,8 +3,8 @@
|
||||
in_files = [
|
||||
['macros.systemd', rpmmacrosdir != 'no', rpmmacrosdir],
|
||||
|
||||
# we conditionalize on rpmmacrosdir, but install into rootlibexecdir
|
||||
['systemd-update-helper', rpmmacrosdir != 'no', rootlibexecdir],
|
||||
# we conditionalize on rpmmacrosdir, but install into libexecdir
|
||||
['systemd-update-helper', rpmmacrosdir != 'no', libexecdir],
|
||||
|
||||
['triggers.systemd', false],
|
||||
['triggers.systemd.sh', false]]
|
||||
|
||||
@ -90,7 +90,7 @@ assert(rpm.execute("journalctl", "--update-catalog"))
|
||||
if posix.access("/run/systemd/system") then
|
||||
pid = posix.fork()
|
||||
if pid == 0 then
|
||||
assert(posix.exec("{{ROOTLIBEXECDIR}}/systemd-binfmt"))
|
||||
assert(posix.exec("{{LIBEXECDIR}}/systemd-binfmt"))
|
||||
elseif pid > 0 then
|
||||
posix.wait(pid)
|
||||
end
|
||||
@ -115,7 +115,7 @@ end
|
||||
if posix.access("/run/systemd/system") then
|
||||
pid = posix.fork()
|
||||
if pid == 0 then
|
||||
assert(posix.exec("{{ROOTLIBEXECDIR}}/systemd-sysctl"))
|
||||
assert(posix.exec("{{LIBEXECDIR}}/systemd-sysctl"))
|
||||
elseif pid > 0 then
|
||||
posix.wait(pid)
|
||||
end
|
||||
|
||||
@ -61,7 +61,7 @@ journalctl --update-catalog || :
|
||||
if test -d "/run/systemd/system"; then
|
||||
# systemd-binfmt might fail if binfmt_misc kernel module is not loaded
|
||||
# during install
|
||||
{{ROOTLIBEXECDIR}}/systemd-binfmt || :
|
||||
{{LIBEXECDIR}}/systemd-binfmt || :
|
||||
fi
|
||||
|
||||
%transfiletriggerin -P 1000600 -- {{TMPFILES_DIR}}
|
||||
@ -83,5 +83,5 @@ fi
|
||||
# This script will automatically apply sysctl rules if files have been
|
||||
# installed or updated in {{SYSCTL_DIR}}.
|
||||
if test -d "/run/systemd/system"; then
|
||||
{{ROOTLIBEXECDIR}}/systemd-sysctl || :
|
||||
{{LIBEXECDIR}}/systemd-sysctl || :
|
||||
fi
|
||||
|
||||
@ -261,11 +261,6 @@ static int path_is_vendor_or_generator(const LookupPaths *lp, const char *path)
|
||||
if (path_startswith(rpath, "/usr"))
|
||||
return true;
|
||||
|
||||
#if HAVE_SPLIT_USR
|
||||
if (path_startswith(rpath, "/lib"))
|
||||
return true;
|
||||
#endif
|
||||
|
||||
if (path_is_generator(lp, rpath))
|
||||
return true;
|
||||
|
||||
|
||||
@ -3,18 +3,10 @@
|
||||
|
||||
#include <stdbool.h>
|
||||
|
||||
#if HAVE_SPLIT_USR
|
||||
#define KBD_KEYMAP_DIRS \
|
||||
"/usr/share/keymaps/\0" \
|
||||
"/usr/share/kbd/keymaps/\0" \
|
||||
"/usr/lib/kbd/keymaps/\0" \
|
||||
"/lib/kbd/keymaps/\0"
|
||||
#else
|
||||
#define KBD_KEYMAP_DIRS \
|
||||
"/usr/share/keymaps/\0" \
|
||||
"/usr/share/kbd/keymaps/\0" \
|
||||
"/usr/lib/kbd/keymaps/\0"
|
||||
#endif
|
||||
|
||||
int get_keymaps(char ***l);
|
||||
bool keymap_is_valid(const char *name);
|
||||
|
||||
@ -339,7 +339,7 @@ libshared = shared_library(
|
||||
dependencies : [libshared_deps,
|
||||
userspace],
|
||||
install : true,
|
||||
install_dir : rootpkglibdir)
|
||||
install_dir : pkglibdir)
|
||||
|
||||
shared_fdisk_sources = files(
|
||||
'fdisk-util.c',
|
||||
|
||||
@ -96,4 +96,4 @@ DnsCacheMode dns_cache_mode_from_string(const char *s) _pure_;
|
||||
#define PRIVATE_STUB_RESOLV_CONF "/run/systemd/resolve/stub-resolv.conf"
|
||||
|
||||
/* A static resolv.conf file containing no domains, but only our own DNS server address */
|
||||
#define PRIVATE_STATIC_RESOLV_CONF ROOTLIBEXECDIR "/resolv.conf"
|
||||
#define PRIVATE_STATIC_RESOLV_CONF LIBEXECDIR "/resolv.conf"
|
||||
|
||||
@ -13,8 +13,7 @@
|
||||
"/run/" n "\0" \
|
||||
"/run/host/" n "\0" \
|
||||
"/usr/local/lib/" n "\0" \
|
||||
"/usr/lib/" n "\0" \
|
||||
_CONF_PATHS_SPLIT_USR_NULSTR(n)
|
||||
"/usr/lib/" n "\0"
|
||||
|
||||
int dropin_user_record_by_name(const char *name, const char *path, UserDBFlags flags, UserRecord **ret);
|
||||
int dropin_user_record_by_uid(uid_t uid, const char *path, UserDBFlags flags, UserRecord **ret);
|
||||
|
||||
@ -1448,7 +1448,7 @@ int userdb_block_nss_systemd(int b) {
|
||||
|
||||
/* Note that we might be called from libnss_systemd.so.2 itself, but that should be fine, really. */
|
||||
|
||||
dl = dlopen(ROOTLIBDIR "/libnss_systemd.so.2", RTLD_LAZY|RTLD_NODELETE);
|
||||
dl = dlopen(LIBDIR "/libnss_systemd.so.2", RTLD_LAZY|RTLD_NODELETE);
|
||||
if (!dl) {
|
||||
/* If the file isn't installed, don't complain loudly */
|
||||
log_debug("Failed to dlopen(libnss_systemd.so.2), ignoring: %s", dlerror());
|
||||
|
||||
@ -4,6 +4,6 @@ systemd_sysext_sources = files('sysext.c')
|
||||
|
||||
if conf.get('ENABLE_SYSEXT') == 1
|
||||
meson.add_install_script(meson_make_symlink,
|
||||
rootbindir / 'systemd-sysext',
|
||||
rootbindir / 'systemd-confext')
|
||||
bindir / 'systemd-sysext',
|
||||
bindir / 'systemd-confext')
|
||||
endif
|
||||
|
||||
@ -137,7 +137,7 @@ int enable_sysv_units(const char *verb, char **args) {
|
||||
while (args[f]) {
|
||||
|
||||
const char *argv[] = {
|
||||
ROOTLIBEXECDIR "/systemd-sysv-install",
|
||||
LIBEXECDIR "/systemd-sysv-install",
|
||||
NULL, /* --root= */
|
||||
NULL, /* verb */
|
||||
NULL, /* service */
|
||||
|
||||
@ -8,22 +8,12 @@ TEST(manager_taint_string) {
|
||||
|
||||
_cleanup_free_ char *a = manager_taint_string(&m);
|
||||
assert_se(a);
|
||||
log_debug("taint string w/o split-usr: '%s'", a);
|
||||
/* split-usr is the only one that is cached in Manager, so we know it's not present.
|
||||
* The others are queried dynamically, so we'd need to duplicate the logic here
|
||||
* to test for them. Let's do just one. */
|
||||
assert_se(!strstr(a, "split-usr"));
|
||||
log_debug("taint string: '%s'", a);
|
||||
|
||||
if (cg_all_unified() == 0)
|
||||
assert_se(strstr(a, "cgroupsv1"));
|
||||
else
|
||||
assert_se(!strstr(a, "cgroupsv1"));
|
||||
|
||||
m.taint_usr = true;
|
||||
_cleanup_free_ char *b = manager_taint_string(&m);
|
||||
assert_se(b);
|
||||
log_debug("taint string w/ split-usr: '%s'", b);
|
||||
assert_se(strstr(b, "split-usr"));
|
||||
}
|
||||
|
||||
DEFINE_TEST_MAIN(LOG_DEBUG);
|
||||
|
||||
@ -90,7 +90,7 @@ link_config_gperf_c = custom_target(
|
||||
|
||||
if get_option('link-udev-shared')
|
||||
udev_link_with = [libshared]
|
||||
udev_rpath = rootpkglibdir
|
||||
udev_rpath = pkglibdir
|
||||
else
|
||||
udev_link_with = [libshared_static,
|
||||
libsystemd_static]
|
||||
|
||||
@ -669,7 +669,7 @@ int xdg_autostart_service_generate_unit(
|
||||
|
||||
/* Just assume the values are reasonably sane */
|
||||
fprintf(f,
|
||||
"ExecCondition=" ROOTLIBEXECDIR "/systemd-xdg-autostart-condition \"%s\" \"%s\"\n",
|
||||
"ExecCondition=" LIBEXECDIR "/systemd-xdg-autostart-condition \"%s\" \"%s\"\n",
|
||||
e_only_show_in,
|
||||
e_not_show_in);
|
||||
}
|
||||
|
||||
@ -13,7 +13,7 @@
|
||||
# the core dump.
|
||||
#
|
||||
# See systemd-coredump(8) and core(5).
|
||||
kernel.core_pattern=|{{ROOTLIBEXECDIR}}/systemd-coredump %P %u %g %s %t %c %h
|
||||
kernel.core_pattern=|{{LIBEXECDIR}}/systemd-coredump %P %u %g %s %t %c %h
|
||||
|
||||
# Allow 16 coredumps to be dispatched in parallel by the kernel.
|
||||
# We collect metadata from /proc/%P/, and thus need to make sure the crashed
|
||||
|
||||
@ -376,8 +376,6 @@ Defined-By: systemd
|
||||
Support: https://lists.freedesktop.org/mailman/listinfo/systemd-devel
|
||||
|
||||
Możliwe są następujące „etykiety”:
|
||||
• „split-usr” — /usr jest oddzielnym systemem plików, który nie był
|
||||
zamontowany w czasie uruchomienia systemd,
|
||||
• „cgroups-missing” — jądro zostało skompilowane bez obsługi cgroups
|
||||
lub dostęp do oczekiwanych plików interfejsu jest ograniczony,
|
||||
• „var-run-bad” — /var/run nie jest dowiązaniem symbolicznym do /run,
|
||||
|
||||
@ -59,11 +59,6 @@ test_one() (
|
||||
touch "$i"
|
||||
done
|
||||
|
||||
# For split-usr system
|
||||
for i in "$out"/systemd-*.service; do
|
||||
sed -i -e 's:ExecStart=/lib/systemd/:ExecStart=/usr/lib/systemd/:' "$i"
|
||||
done
|
||||
|
||||
if [[ "${input##*/}" =~ \.fstab\.input ]]; then
|
||||
for i in "$out"/*.{automount,mount,swap}; do
|
||||
sed -i -e 's:SourcePath=.*$:SourcePath=/etc/fstab:' "$i"
|
||||
|
||||
@ -91,7 +91,7 @@ else
|
||||
fi
|
||||
|
||||
if ! ROOTLIBDIR=$(pkg-config --variable=systemdutildir systemd); then
|
||||
echo "WARNING! Cannot determine rootlibdir from pkg-config, assuming /usr/lib/systemd" >&2
|
||||
echo "WARNING! Cannot determine libdir from pkg-config, assuming /usr/lib/systemd" >&2
|
||||
ROOTLIBDIR=/usr/lib/systemd
|
||||
fi
|
||||
|
||||
@ -2191,14 +2191,6 @@ install_keymaps() {
|
||||
|
||||
dinfo "Install console keymaps"
|
||||
|
||||
if command -v meson >/dev/null \
|
||||
&& [[ "$(meson configure "${BUILD_DIR:?}" | grep 'split-usr' | awk '{ print $2 }')" == "true" ]] \
|
||||
|| [[ ! -L /lib ]]; then
|
||||
prefix+=(
|
||||
"/lib"
|
||||
)
|
||||
fi
|
||||
|
||||
if (( $# == 0 )); then
|
||||
for p in "${prefix[@]}"; do
|
||||
# The first three paths may be deprecated.
|
||||
|
||||
@ -19,8 +19,8 @@ Before=rescue.service
|
||||
[Service]
|
||||
Environment=HOME=/root
|
||||
WorkingDirectory=-/root
|
||||
ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit
|
||||
ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell emergency
|
||||
ExecStartPre=-{{BINDIR}}/plymouth --wait quit
|
||||
ExecStart=-{{LIBEXECDIR}}/systemd-sulogin-shell emergency
|
||||
Type=idle
|
||||
StandardInput=tty-force
|
||||
StandardOutput=inherit
|
||||
|
||||
@ -22,7 +22,7 @@ OnFailureJobMode=replace-irreversibly
|
||||
Type=oneshot
|
||||
|
||||
# FIXME: once dracut is patched to install the symlink, change to:
|
||||
# ExecStart={{ROOTLIBEXECDIR}}/systemd-sysroot-fstab-check
|
||||
# ExecStart={{LIBEXECDIR}}/systemd-sysroot-fstab-check
|
||||
ExecStart=@{{SYSTEM_GENERATOR_DIR}}/systemd-fstab-generator systemd-sysroot-fstab-check
|
||||
|
||||
# We want to enqueue initrd-cleanup.service/start after we finished the part
|
||||
|
||||
@ -18,8 +18,8 @@ Before=shutdown.target
|
||||
[Service]
|
||||
Environment=HOME=/root
|
||||
WorkingDirectory=-/root
|
||||
ExecStartPre=-{{ROOTBINDIR}}/plymouth --wait quit
|
||||
ExecStart=-{{ROOTLIBEXECDIR}}/systemd-sulogin-shell rescue
|
||||
ExecStartPre=-{{BINDIR}}/plymouth --wait quit
|
||||
ExecStart=-{{LIBEXECDIR}}/systemd-sulogin-shell rescue
|
||||
Type=idle
|
||||
StandardInput=tty-force
|
||||
StandardOutput=inherit
|
||||
|
||||
@ -19,7 +19,7 @@ Before=sysinit.target shutdown.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-backlight load %i
|
||||
ExecStop={{ROOTLIBEXECDIR}}/systemd-backlight save %i
|
||||
ExecStart={{LIBEXECDIR}}/systemd-backlight load %i
|
||||
ExecStop={{LIBEXECDIR}}/systemd-backlight save %i
|
||||
TimeoutSec=90s
|
||||
StateDirectory=systemd/backlight
|
||||
|
||||
@ -21,5 +21,5 @@ Before=initrd-root-device.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-battery-check
|
||||
ExecStart={{LIBEXECDIR}}/systemd-battery-check
|
||||
FailureAction=poweroff-force
|
||||
|
||||
@ -28,6 +28,6 @@ ConditionDirectoryNotEmpty=|/run/binfmt.d
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-binfmt
|
||||
ExecStop={{ROOTLIBEXECDIR}}/systemd-binfmt --unregister
|
||||
ExecStart={{LIBEXECDIR}}/systemd-binfmt
|
||||
ExecStop={{LIBEXECDIR}}/systemd-binfmt --unregister
|
||||
TimeoutSec=90s
|
||||
|
||||
@ -19,4 +19,4 @@ Before=shutdown.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-bless-boot good
|
||||
ExecStart={{LIBEXECDIR}}/systemd-bless-boot good
|
||||
|
||||
@ -18,7 +18,7 @@ Before=shutdown.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-boot-check-no-failures
|
||||
ExecStart={{LIBEXECDIR}}/systemd-boot-check-no-failures
|
||||
|
||||
[Install]
|
||||
RequiredBy=boot-complete.target
|
||||
|
||||
@ -17,7 +17,7 @@ Requires=systemd-journald.socket
|
||||
Before=shutdown.target
|
||||
|
||||
[Service]
|
||||
ExecStart=-{{ROOTLIBEXECDIR}}/systemd-coredump
|
||||
ExecStart=-{{LIBEXECDIR}}/systemd-coredump
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -20,5 +20,5 @@ OnFailureJobMode=replace-irreversibly
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck
|
||||
ExecStart={{LIBEXECDIR}}/systemd-fsck
|
||||
TimeoutSec=infinity
|
||||
|
||||
@ -19,5 +19,5 @@ Before=systemd-quotacheck.service shutdown.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-fsck %f
|
||||
ExecStart={{LIBEXECDIR}}/systemd-fsck %f
|
||||
TimeoutSec=infinity
|
||||
|
||||
@ -19,5 +19,5 @@ Before=shutdown.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-growfs /
|
||||
ExecStart={{LIBEXECDIR}}/systemd-growfs /
|
||||
TimeoutSec=infinity
|
||||
|
||||
@ -20,5 +20,5 @@ Before=shutdown.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-growfs %f
|
||||
ExecStart={{LIBEXECDIR}}/systemd-growfs %f
|
||||
TimeoutSec=infinity
|
||||
|
||||
@ -16,4 +16,4 @@ After=sleep.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hibernate
|
||||
ExecStart={{LIBEXECDIR}}/systemd-sleep hibernate
|
||||
|
||||
@ -20,7 +20,7 @@ DeviceAllow=/dev/loop-control rw
|
||||
DeviceAllow=/dev/mapper/control rw
|
||||
DeviceAllow=block-* rw
|
||||
DeviceAllow=char-hidraw rw
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-homed
|
||||
ExecStart={{LIBEXECDIR}}/systemd-homed
|
||||
KillMode=mixed
|
||||
LimitNOFILE={{HIGH_RLIMIT_NOFILE}}
|
||||
LockPersonality=yes
|
||||
|
||||
@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.hostname1(5)
|
||||
[Service]
|
||||
BusName=org.freedesktop.hostname1
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-hostnamed
|
||||
ExecStart={{LIBEXECDIR}}/systemd-hostnamed
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -16,4 +16,4 @@ After=sleep.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-sleep hybrid-sleep
|
||||
ExecStart={{LIBEXECDIR}}/systemd-sleep hybrid-sleep
|
||||
|
||||
@ -13,7 +13,7 @@ Documentation=man:systemd-importd.service(8)
|
||||
Documentation=man:org.freedesktop.import1(5)
|
||||
|
||||
[Service]
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-importd
|
||||
ExecStart={{LIBEXECDIR}}/systemd-importd
|
||||
BusName=org.freedesktop.import1
|
||||
KillMode=mixed
|
||||
CapabilityBoundingSet=CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_SETFCAP CAP_SYS_ADMIN CAP_SETPCAP CAP_DAC_OVERRIDE CAP_LINUX_IMMUTABLE
|
||||
|
||||
@ -13,7 +13,7 @@ Documentation=man:systemd-initctl.service(8)
|
||||
DefaultDependencies=no
|
||||
|
||||
[Service]
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-initctl
|
||||
ExecStart={{LIBEXECDIR}}/systemd-initctl
|
||||
NoNewPrivileges=yes
|
||||
NotifyAccess=all
|
||||
SystemCallArchitectures=native
|
||||
|
||||
@ -14,7 +14,7 @@ Requires=systemd-journal-gatewayd.socket
|
||||
|
||||
[Service]
|
||||
DynamicUser=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-gatewayd
|
||||
ExecStart={{LIBEXECDIR}}/systemd-journal-gatewayd
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
PrivateDevices=yes
|
||||
|
||||
@ -13,7 +13,7 @@ Documentation=man:systemd-journal-remote(8) man:journal-remote.conf(5)
|
||||
Requires=systemd-journal-remote.socket
|
||||
|
||||
[Service]
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/
|
||||
ExecStart={{LIBEXECDIR}}/systemd-journal-remote --listen-https=-3 --output=/var/log/journal/remote/
|
||||
LockPersonality=yes
|
||||
LogsDirectory=journal/remote
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -15,7 +15,7 @@ After=network-online.target
|
||||
|
||||
[Service]
|
||||
DynamicUser=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-journal-upload --save-state
|
||||
ExecStart={{LIBEXECDIR}}/systemd-journal-upload --save-state
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
PrivateDevices=yes
|
||||
|
||||
@ -22,7 +22,7 @@ IgnoreOnIsolate=yes
|
||||
|
||||
[Service]
|
||||
DeviceAllow=char-* rw
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-journald
|
||||
ExecStart={{LIBEXECDIR}}/systemd-journald
|
||||
FileDescriptorStoreMax=4224
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
|
||||
@ -16,7 +16,7 @@ After=systemd-journald@%i.socket systemd-journald-varlink@%i.socket
|
||||
[Service]
|
||||
CapabilityBoundingSet=CAP_SYS_ADMIN CAP_DAC_OVERRIDE CAP_SYS_PTRACE CAP_CHOWN CAP_DAC_READ_SEARCH CAP_FOWNER CAP_SETUID CAP_SETGID CAP_MAC_OVERRIDE
|
||||
DevicePolicy=closed
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-journald %i
|
||||
ExecStart={{LIBEXECDIR}}/systemd-journald %i
|
||||
FileDescriptorStoreMax=4224
|
||||
Group=systemd-journal
|
||||
IPAddressDeny=any
|
||||
|
||||
@ -17,7 +17,7 @@ Documentation=man:org.freedesktop.locale1(5)
|
||||
[Service]
|
||||
BusName=org.freedesktop.locale1
|
||||
CapabilityBoundingSet=
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-localed
|
||||
ExecStart={{LIBEXECDIR}}/systemd-localed
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -30,7 +30,7 @@ DeviceAllow=char-drm rw
|
||||
DeviceAllow=char-input rw
|
||||
DeviceAllow=char-tty rw
|
||||
DeviceAllow=char-vcs rw
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-logind
|
||||
ExecStart={{LIBEXECDIR}}/systemd-logind
|
||||
FileDescriptorStoreMax=512
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
|
||||
@ -19,7 +19,7 @@ RequiresMountsFor=/var/lib/machines
|
||||
[Service]
|
||||
BusName=org.freedesktop.machine1
|
||||
CapabilityBoundingSet=CAP_KILL CAP_SYS_PTRACE CAP_SYS_ADMIN CAP_SETGID CAP_SYS_CHROOT CAP_DAC_READ_SEARCH CAP_DAC_OVERRIDE CAP_CHOWN CAP_FOWNER CAP_FSETID CAP_MKNOD CAP_LINUX_IMMUTABLE
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-machined
|
||||
ExecStart={{LIBEXECDIR}}/systemd-machined
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -25,5 +25,5 @@ ConditionKernelCommandLine=|rd.modules-load
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-modules-load
|
||||
ExecStart={{LIBEXECDIR}}/systemd-modules-load
|
||||
TimeoutSec=90s
|
||||
|
||||
@ -20,7 +20,7 @@ Before=shutdown.target initrd-switch-root.target
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-network-generator
|
||||
ExecStart={{LIBEXECDIR}}/systemd-network-generator
|
||||
|
||||
[Install]
|
||||
WantedBy=sysinit.target
|
||||
|
||||
@ -19,7 +19,7 @@ Before=network-online.target shutdown.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-networkd-wait-online
|
||||
ExecStart={{LIBEXECDIR}}/systemd-networkd-wait-online
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
||||
@ -19,7 +19,7 @@ Before=network-online.target shutdown.target
|
||||
|
||||
[Service]
|
||||
Type=oneshot
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-networkd-wait-online -i %i
|
||||
ExecStart={{LIBEXECDIR}}/systemd-networkd-wait-online -i %i
|
||||
RemainAfterExit=yes
|
||||
|
||||
[Install]
|
||||
|
||||
@ -24,7 +24,7 @@ AmbientCapabilities=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET
|
||||
BusName=org.freedesktop.network1
|
||||
CapabilityBoundingSet=CAP_NET_ADMIN CAP_NET_BIND_SERVICE CAP_NET_BROADCAST CAP_NET_RAW
|
||||
DeviceAllow=char-* rw
|
||||
ExecStart=!!{{ROOTLIBEXECDIR}}/systemd-networkd
|
||||
ExecStart=!!{{LIBEXECDIR}}/systemd-networkd
|
||||
FileDescriptorStoreMax=512
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -26,7 +26,7 @@ After=systemd-oomd.socket
|
||||
AmbientCapabilities=CAP_KILL CAP_DAC_OVERRIDE
|
||||
BusName=org.freedesktop.oom1
|
||||
CapabilityBoundingSet=CAP_KILL CAP_DAC_OVERRIDE
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-oomd
|
||||
ExecStart={{LIBEXECDIR}}/systemd-oomd
|
||||
IPAddressDeny=any
|
||||
LockPersonality=yes
|
||||
MemoryDenyWriteExecute=yes
|
||||
|
||||
@ -21,4 +21,4 @@ ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-4
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful --file-system=/
|
||||
ExecStart={{LIBEXECDIR}}/systemd-pcrphase --graceful --file-system=/
|
||||
|
||||
@ -22,4 +22,4 @@ ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-4
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful --file-system=%f
|
||||
ExecStart={{LIBEXECDIR}}/systemd-pcrphase --graceful --file-system=%f
|
||||
|
||||
@ -20,4 +20,4 @@ ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-4
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful --machine-id
|
||||
ExecStart={{LIBEXECDIR}}/systemd-pcrphase --graceful --machine-id
|
||||
|
||||
@ -20,5 +20,5 @@ ConditionPathExists=/sys/firmware/efi/efivars/StubPcrKernelImage-4a67b082-0a4c-4
|
||||
[Service]
|
||||
Type=oneshot
|
||||
RemainAfterExit=yes
|
||||
ExecStart={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful enter-initrd
|
||||
ExecStop={{ROOTLIBEXECDIR}}/systemd-pcrphase --graceful leave-initrd
|
||||
ExecStart={{LIBEXECDIR}}/systemd-pcrphase --graceful enter-initrd
|
||||
ExecStop={{LIBEXECDIR}}/systemd-pcrphase --graceful leave-initrd
|
||||
|
||||
Some files were not shown because too many files have changed in this diff Show More
Loading…
Reference in New Issue
Block a user