Commit Graph

172 Commits

Author SHA1 Message Date
Yu Watanabe
91676b6458 networkctl: introduce "persistent-storage" command
Then, this introduces systemd-networkd-persistent-storage.service.

systemd-networkd.service is an early starting service. So, at the time
it is started, the persistent storage for the service may not be ready,
and we cannot use StateDirectory=systemd/network in
systemd-networkd.service.

The newly added systemd-networkd-persistent-storage.service creates the
state directory for networkd, and notify systemd-networkd that the
directory is usable.
2024-03-12 01:57:16 +09:00
Mike Yuan
22549ff473
tmpfiles.d/systemd: use ACL 'X' bit where appropriate 2024-03-07 03:19:08 +08:00
Yu Watanabe
5a0f6adbb2 network/lldp: do not save LLDP neighbors under /run/systemd
Now LLDP neighbors are exposed through varlink. Hence, it is not
necessary to save to a file.
2024-03-01 09:40:26 +09:00
Štěpán Němec
0f1a5ecc1a tmpfiles.d: avoid deprecated, undocumented syntax (s/F/f+/)
Fixes: eccebf4b0d ("systemd-tmpfiles: deprecate F for f+")
2024-02-27 19:21:06 +00:00
Frantisek Sumsal
62670a7752 meson: don't install broken tmpfiles config with sshd?confdir == 'no'
20-systemd-ssh-generator.conf expands SSHCONFDIR, which is bogus when we
build with -Dsshconfdir=no. Similarly, avoid expanding SSHDCONFDIR in
20-systemd-userdb.conf when building with -Dsshconfdir=no.

Follow-up 6c7fc5d5f2.
2024-01-30 17:56:21 +00:00
Lennart Poettering
0abd510f7f ssh-proxy: add ssh ProxyCommand tool that can connect to AF_UNIX + AF_VSOCK sockets
This adds a tiny binary that is hooked into SSH client config via
ProxyCommand and which simply connects to an AF_UNIX or AF_VSOCK socket
of choice.

The syntax is as simple as this:

     ssh unix/some/path     # (this connects to AF_UNIX socket /some/path)

or:

     ssh vsock/4711

I used "/" as separator of the protocol ID and the value since ":" is
already taken by SSH itself when doing sftp. And "@" is already taken
for separating the user name.
2024-01-11 16:05:20 +01:00
Mike Yuan
3b25958e64 tmpfiles.d/systemd-nologin.conf: use f+ instead of F (deprecated)
Fixes #30368
2023-12-08 10:58:05 +09:00
Lennart Poettering
7e3607996a userdbctl: enable ssh-authorized-keys logic by default
sshd now supports config file drop-ins, hence let's install one to hook
up "userdb ssh-authorized-keys", so that things just work.

We put the drop-in relatively early, so that other drop-ins generally
will override this.

Ideally sshd would support such drop-ins in /usr/ rather than /etc/, but
let's take what we can get. It's not that sshd's upstream was
particularly open to weird ideas from Linux people.
2023-12-06 22:11:04 +01:00
Zbigniew Jędrzejewski-Szmek
f8d67130b8 coredump: keep core files for two weeks
We have two mechanisms that remove old coredumps: systemd-coredump has
parameters based on disk use / remaining disk free, and systemd-tmpfiles does
cleanup based on time. The first mechanism should prevent us from using too much
disk space in case something is crashing continuously or there are very large
core files.

The limit of 3 days makes it likely that the core file will be gone by the time
the admin looks at the issue. E.g. if something crashes on Friday, the coredump
would likely be gone before people are back on Monday to look at it.
2023-12-06 22:05:20 +01:00
Yu Watanabe
ca15b59f1f Revert "Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode""
This reverts commit 33b91308c2.

The commit b42482af90 dropped
'--exclude-prefix=/dev' from systemd-tmpfiles-setup.service. So, the
possibly later invocation of the service changes the permission set by
udevd.

As commmented in the head of this file, settings should be consistent
with udev rules. Only missing entry here is vfio. Let's re-add the
entry for the device.

Addresses https://github.com/systemd/systemd/pull/28681#issuecomment-1666949888.
2023-08-09 11:27:39 +09:00
Yu Watanabe
9289e093ae meson: use install_emptydir() and drop meson-make-symlink.sh
The script is mostly equivalent to 'mkdir -p' and 'ln -sfr'.
Let's replace it with install_emptydir() builtin function and
inline meson call.
2023-08-08 22:11:34 +01:00
Yu Watanabe
33b91308c2 Revert "tmpfiles.d: adjust /dev/vfio/vfio access mode"
The issue needs to be fixed by setting proper ordering between the
tmpfiles and udevd.

See issue #28653, especially
https://github.com/systemd/systemd/issues/28653#issuecomment-1665181625.

This reverts commit a3d610998a.
2023-08-05 04:32:01 +09:00
Frantisek Sumsal
a3d610998a tmpfiles.d: adjust /dev/vfio/vfio access mode
kmod-static-nodes.service sets the mode to 0600, but we want it
to be 0666 as specified in 50-udev-default.rules.

Resolves: #28588
2023-07-31 00:58:01 +09:00
Daan De Meyer
9c0c670125 core: Add RootEphemeral= setting
This setting allows services to run in an ephemeral copy of the root
directory or root image. To make sure the ephemeral copies are always
cleaned up, we add a tmpfiles snippet to unconditionally clean up
/var/lib/systemd/ephemeral. To prevent in use ephemeral copies from
being cleaned up by tmpfiles, we use the newly added COPY_LOCK_BSD
and BTRFS_SNAPSHOT_LOCK_BSD flags to take a BSD lock on the ephemeral
copies which instruct tmpfiles to not touch those ephemeral copies as
long as the BSD lock is held.
2023-06-21 12:48:46 +02:00
Lennart Poettering
40fb9eebbc tmpfiles: use same credstore perms everywhere
In b6033b7060 support was added to create
{/etc|/run}/credstore{|.encrypted} via tmpfiles.d with perms 0000. These
perms are so restrictive that not even root can access them unless it
has CAP_DAC_OVERRIDE capability. This is creates the dirs at boot time

In 24039e1207 support was added to create
/etc/credstore with perm 0700 from meson.build at build time.

This patch makes unifies the two parts:

1. creates both /etc/credstore *and* /etc/credstore.encrypted in both
   places (the build system still won't create them in /run/, since
   that's pointless since not shipped, and the runtime won't create the
   dirs below /usr/lib/, since that's not generically writable anyway).

2. Both at runtime and at build time we'll create the dirs with mode
   0700. This is easier for packaging tools to handle since they
   generally react pretty negatively on dirs they can't enumerate.
2023-05-31 11:15:26 +08:00
Zbigniew Jędrzejewski-Szmek
9c7188547c tmpfiles.d: drop misleading comment
I'm not sure what "suffix" was meant by this comment, but the file has the usual suffix.
The file was added with the current name back in c4708f1323.
Maybe an earlier version of the patch did something different.
2023-02-21 13:46:39 +01:00
Mike Yuan
f129d0e77c vconsole: allow setting default keymap through build option
Allow defining the default keymap to be used by
vconsole-setup through a build option. A template
vconsole.conf also gets populated by tmpfiles if
it doesn't exist.
2023-02-15 20:00:51 +00:00
Lennart Poettering
b6033b7060 tmpfiles: automatically create /etc/credstore/ and friends
This adds a tmpfiles.d/ snippet for LoadCredential= style credentials
directories in /etc/ and /run/.

This is done primarily to ensure that the access modes for the dirs are
set up properly, in the most restrictive ways. Specifically these are
set to 0000, so that CAP_DAC_OVERRIDE is necessary to enumerate and read
the credentials, and being UID=0 is not sufficient to do so.

This creates /etc/credstore/, but leaves /run/credstore/ absent if
missing, for now. Thinking is: the latter being non-persistent is
created by software usually, not manually by users, and hence more
likely right. But dunno, we might want to revisit this sooner or later.

This is ultimately an exercise to advertise the LoadCredential= concept
a bit, and do so in a reasonably secure way, underlining the safety of
the concept.
2023-01-27 10:03:38 +01:00
Luca Boccassi
e0fc9be37e tmpfiles.d: do not fail if provision.conf fails
On a read-only filesystem creating /root/.ssh might fail, but that's ok.
Do not fail the run, as this is only needed to add the credential, which
is a separate step.
2022-11-04 15:42:16 +01:00
Jochen Sprickerhof
27435a2c40 Remove duplicated word 2022-10-29 14:19:43 +09:00
Zbigniew Jędrzejewski-Szmek
0923b4253c tree-wide: replace "plural(s)" by "plurals"
(s) is just ugly with a vibe of DOS. In most cases just using the normal plural
form is more natural and gramatically correct.

There are some log_debug() statements left, and texts in foreign licenses or
headers. Those are not touched on purpose.
2022-10-17 15:10:53 +02:00
Lennart Poettering
4cebd207d1 tmpfiles: add lines for provisioning ssh keys for root by default
With this, I can now easily do:

    systemd-nspawn --load-credential=ssh.authorized_keys.root:/home/lennart/.ssh/authorized_keys --image=… --boot

To boot into an image with my SSH key copied in. Yay!
2022-09-23 09:30:00 +02:00
Lennart Poettering
f51b49c675 tmpfiles: copy PCR sig/pkey from initrd /.extra/ into /run/
Now that sd-stub will place the PCR signature and its public key in
the initrd's /.extra/ directory, let's copy it from there into /run/
from userspace. This is done because /.extra/ is on the initrd's tmpfs
which will be emptied during the initrd → host transition. Since we want
these two files to survive we'll copy them – if they exist – into /run/
where they will survive the transition.

Thus, with this last change the files will have safely propagated from
their PE sections into files in /run/ where userspace can find them

The paths in /run/ happen to be the exact ones that
systemd-cryptenroll/systemd-cryptsetup/systemd-creds look for them.
2022-09-09 11:31:04 +02:00
Yu Watanabe
5162b2a1c4 tree-wide: fix typo 2022-08-02 02:43:38 +09:00
Lennart Poettering
a0f4426d0f tmpfiles: automatically provision /etc/issue.d/ + /etc/motd.d/ + /etc/hosts from credentials 2022-07-21 00:06:22 +02:00
Daan De Meyer
52fdbf8ce7 meson: Sort lines in tmpfiles.d/meson.build 2022-05-03 20:46:16 +02:00
Daan De Meyer
eb1446f8f1 tmpfiles: Split networkd entries into a separate file
Many distributions ship systemd-networkd as a separate file so we
need to be able to ship the tmpfiles networkd entries as part of
that separate networkd package. Let's split the networkd entries
into a separate file to make that possible.
2022-05-03 20:46:14 +02:00
Zbigniew Jędrzejewski-Szmek
8f04a1ca2b meson: also allow setting GIT_VERSION via templates
GIT_VERSION is not available as a config.h variable, because it's rendered
into version.h during builds. Let's rework jinja2 rendering to also
parse version.h. No functional change, the new variable is so far unused.

I guess this will make partial rebuilds a bit slower, but it's useful
to be able to use the full version string.
2022-04-05 22:18:31 +02:00
Luca BRUNO
623370e643
factory: populate /etc/locale.conf with systemd build-time setting
This adds /etc/locale.conf to the set of configuration files
populated by tmpfiles.d factory /etc handling.
In particular, the build-time locale configuration in systemd is
now wired to a /usr factory file, and installed to the system.
On boot, if other locale customization tools did not write
/etc/locale.conf on the system, the factory default file gets
copied to /etc by systemd-tmpfiles.
This is done in order to avoid skews between different system
components when no locale settings are configured. At that point,
systemd can safely act as the fallback owner of /etc/locale.conf.
2021-12-23 11:01:12 +00:00
Zbigniew Jędrzejewski-Szmek
b15f6eae42 tmpfiles: split out config for systemd-resolve
This mirrors what was done in 564761fcae
for sysusers.d. If we allow separating resolved sysusers config
in a subpackage, we should do the same for the symlink that is
only useful when resolved is installed.

Related to #21317.
2021-11-16 16:56:08 +01:00
Christian Brauner
a6d1760024 build: preserve correct mode when generating files via jinja2
When using "capture : true" in custom_target()s the mode of the source
file is not preserved when the generated file is not installed and so
needs to be tweaked manually. Switch from output capture to creating the
target file and copy the permissions from the input file.

Signed-off-by: Christian Brauner <christian.brauner@ubuntu.com>
2021-11-08 12:06:48 +00:00
Peter Hutterer
08111c7841 tmpfiles.d: remove .Test-unix, it's obsolete
See libxtrans commit 0794b1b712a90b40e2b019c9edc6f96874493c52. The code
to generate this socket was removed 5 years ago and even before it was
conditional on #define TEST_t. There is no reference to that #define in
either the X server nor libX11's git history, or in any of the current
libX*.

Let's assume this is well and truly obsolete.
2021-08-31 10:57:37 +02:00
Zbigniew Jędrzejewski-Szmek
fce9abb227 meson: use a/b instead of join_paths(a,b)
It is nicer and shorter.
2021-07-27 19:32:35 +02:00
Zbigniew Jędrzejewski-Szmek
9247df5a88 meson: require 0.53.2 and drop some workarounds for old meson
Ubuntu Bionic 18.04 has 0.45, so it was below the previously required
minimum version already. Focal 20.04 has 0.53.2. Let's require that
and use various features that are available.
2021-07-27 16:46:46 +02:00
Luca BRUNO
6fe23ff31c docs: move /var/log/README to a tmpfiles.d symlink
This moves the /var/log/README content out of /var and into the
docs location, replacing the previous file with a symlink
created through a tmpfiles.d entry.
2021-07-21 17:29:06 +02:00
Zbigniew Jędrzejewski-Szmek
17a2017f69 meson: add workaround for old meson
Recent meson versions include the directory name in the target name,
so there is no conflict for files with the same name in different
directories. But at least with meson-0.49.2 in buster we have conflict
with sysusers.d/systemd.conf.
2021-05-19 10:25:26 +09:00
Zbigniew Jędrzejewski-Szmek
d924a938fe meson: use jinja2 for tmpfiles.d templates
HAVE_SMACK_RUN_LABEL was dropped back in 348b44372f,
so one line in etc.conf was not rendered as expected ;(
Checking if names are defined is paying for itself!
2021-05-19 10:24:43 +09:00
Zbigniew Jędrzejewski-Szmek
d83e90c73c Add READMEs in all .d directories 2021-03-26 09:35:07 +01:00
Marc-André Lureau
f65efddd1c udev: allow kvm group to access vhost-net device
/dev/vhost-net is a host accelerator for virtio net devices. It has been
long available and used, thus should be safe to all KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-01-13 13:12:26 +04:00
Marc-André Lureau
c78939d565 udev: allow kvm group to access vhost-vsock device
/dev/vhost-vsock allows to setup a guest CID and running
state (VHOST_VSOCK_SET_GUEST_CID, VHOST_VSOCK_SET_RUNNING)

All this should be legitimate and safe for KVM users.

Signed-off-by: Marc-André Lureau <marcandre.lureau@redhat.com>
2021-01-13 13:10:19 +04:00
Jörg Thalheim
d7aa78c32f meson: add option to skip installing to $sysconfdir
This is useful for development where overwriting files out side
the configured prefix will affect the host as well as stateless
systems such as NixOS that don't let packages install to /etc but handle
configuration on their own.

Alternative to https://github.com/systemd/systemd/pull/17501

tested with:

$ mkdir inst build && cd build
$ meson \
  -Dcreate-log-dirs=false \
  -Dsysvrcnd-path=$(realpath ../inst)/etc/rc.d \
  -Dsysvinit-path=$(realpath ../inst)/etc/init.d \
  -Drootprefix=$(realpath ../inst) \
  -Dinstall-sysconfdir=false \
  --prefix=$(realpath ../inst) ..
$ ninja install
2020-11-12 11:21:46 +01:00
Yu Watanabe
db9ecf0501 license: LGPL-2.1+ -> LGPL-2.1-or-later 2020-11-09 13:23:58 +09:00
Kairui Song
edb8c98446 pstore: don't enable crash_kexec_post_notifiers by default
commit f00c36641a enabled
crash_kexec_post_notifiers by default regardless of whether pstore
is enabled or not.

The original intention to enabled this option by default is that
it only affects kernel post-panic behavior, so should have no harm.
But this is not true if the user wants a reliable kdump.

crash_kexec_post_notifiers is known to cause problem with kdump,
and it's documented in kernel. It's not easy to fix the problem
because of how kdump works. Kdump expects the crashed kernel to
jump to an pre-loaded crash kernel, so doing any extra job before
the jump will increase the risk.

It depends on the user to choose between having a reliable kdump or
some other post-panic debug mechanic.

So it's better to keep this config untouched by default, or it may put
kdump at higher risk of failing silently. User should enable it by
uncommenting the config line manually if pstore is always needed.

Also add a inline comment inform user about the potential issue.

Thanks to Dave Young for finding out this issue.

Fixes #16661

Signed-off-by: Kairui Song <kasong@redhat.com>
2020-10-22 11:17:39 +02:00
Lennart Poettering
203c07c95b tmpfiles: don't complain if we can't enable pstore in containers 2020-05-25 16:43:35 +02:00
Eric DeVolder
f00c36641a pstore: introduce tmpfiles.d/systemd-pstore.conf
The systemd pstore service archives the contents of /sys/fs/pstore
upon boot so that there is room for a subsequent dump.  The issue is
that while the service is present, the kernel still needs to be
configured to write data into the pstore. The kernel has two
parameters, crash_kexec_post_notifiers and printk.always_kmsg_dump,
that control writes into pstore.

The crash_kexec_post_notifiers parameter enables the kernel to write
dmesg (including stack trace) into pstore upon a panic, and
printk.always_kmsg_dump parameter enables the kernel to write dmesg
upon a shutdown (shutdown, reboot, halt).

As it stands today, these parameters are not managed/manipulated by
the systemd pstore service, and are solely reliant upon the user [to
have the foresight] to set them on the kernel command line at boot, or
post boot via sysfs. Furthermore, the user would need to set these
parameters in a persistent fashion so that that they are enabled on
subsequent reboots.

This patch introduces the setting of these two kernel parameters via
the systemd tmpfiles technique.
2020-05-15 23:15:26 +02:00
Lennart Poettering
fb38a7beb8 tmpfiles: apply ACLs to top-level journal directory in /run, too
We already apply them to the directory in /var. Let's do the same in
/run too. That's because due to the log namespace logic we nowadays can
gain additional subdirs there during regular operation.
2020-01-31 15:04:12 +01:00
Lennart Poettering
0f5a4f9cd9 tmpfiles: merge lines for the same inodes 2020-01-31 15:04:08 +01:00
Topi Miettinen
07317d6e34
resolved, networkd: don't resolve the user if not root
If a daemon is not started as root, most likely it also can't create its
directory and let's not try to resolve the user in that case either.

Create /run/systemd/netif/lldp with tmpfiles.d like other netif directories.

This is also very helpful for preparing a RootImage for the daemons as NSS crud
is not needed.
2019-12-07 18:55:54 +02:00
Steve Traylen
7a72a95741 Corect man page reference in systemd-nologin.conf comments
The reference to the man page of `systemd-user-sessions.service`
in the comments of `tmpfiles.d/systemd-nologin.conf` is corrected.
2019-09-24 09:48:03 +02:00
Donald A. Cupp Jr
d34a58222d Update m4 for selective utmp support.
modified:   tmpfiles.d/systemd.conf.m4
2019-09-16 21:11:44 +02:00