diff options
author | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:49:52 +0000 |
---|---|---|
committer | Daniel Baumann <daniel.baumann@progress-linux.org> | 2024-04-10 20:49:52 +0000 |
commit | 55944e5e40b1be2afc4855d8d2baf4b73d1876b5 (patch) | |
tree | 33f869f55a1b149e9b7c2b7e201867ca5dd52992 /tmpfiles.d | |
parent | Initial commit. (diff) | |
download | systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.tar.xz systemd-55944e5e40b1be2afc4855d8d2baf4b73d1876b5.zip |
Adding upstream version 255.4.upstream/255.4
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to 'tmpfiles.d')
-rw-r--r-- | tmpfiles.d/README | 8 | ||||
-rw-r--r-- | tmpfiles.d/credstore.conf | 13 | ||||
-rw-r--r-- | tmpfiles.d/etc.conf.in | 21 | ||||
-rw-r--r-- | tmpfiles.d/home.conf | 11 | ||||
-rw-r--r-- | tmpfiles.d/journal-nocow.conf | 27 | ||||
-rw-r--r-- | tmpfiles.d/legacy.conf.in | 30 | ||||
-rw-r--r-- | tmpfiles.d/meson.build | 58 | ||||
-rw-r--r-- | tmpfiles.d/portables.conf | 4 | ||||
-rw-r--r-- | tmpfiles.d/provision.conf | 22 | ||||
-rw-r--r-- | tmpfiles.d/static-nodes-permissions.conf.in | 20 | ||||
-rw-r--r-- | tmpfiles.d/systemd-network.conf | 13 | ||||
-rw-r--r-- | tmpfiles.d/systemd-nologin.conf | 10 | ||||
-rw-r--r-- | tmpfiles.d/systemd-nspawn.conf | 23 | ||||
-rw-r--r-- | tmpfiles.d/systemd-pstore.conf | 34 | ||||
-rw-r--r-- | tmpfiles.d/systemd-resolve.conf | 10 | ||||
-rw-r--r-- | tmpfiles.d/systemd-tmp.conf | 23 | ||||
-rw-r--r-- | tmpfiles.d/systemd.conf.in | 76 | ||||
-rw-r--r-- | tmpfiles.d/tmp.conf | 12 | ||||
-rw-r--r-- | tmpfiles.d/var.conf.in | 25 | ||||
-rw-r--r-- | tmpfiles.d/x11.conf | 18 |
20 files changed, 458 insertions, 0 deletions
diff --git a/tmpfiles.d/README b/tmpfiles.d/README new file mode 100644 index 0000000..b42cec2 --- /dev/null +++ b/tmpfiles.d/README @@ -0,0 +1,8 @@ +Files in this directory contain configuration for systemd-tmpfiles, a program +to create, delete, and clean up volatile and temporary files and directories. + +See man:tmpfiles.d(5) for explanation of the configuration file format, and +man:systemd-tmpfiles(8) for a description of when and how this configuration is +applied. + +Use 'systemd-analyze cat-config tmpfiles.d' to display the effective config. diff --git a/tmpfiles.d/credstore.conf b/tmpfiles.d/credstore.conf new file mode 100644 index 0000000..de250f7 --- /dev/null +++ b/tmpfiles.d/credstore.conf @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /etc/credstore 0700 root root +d /etc/credstore.encrypted 0700 root root +z /run/credstore 0700 root root +z /run/credstore.encrypted 0700 root root diff --git a/tmpfiles.d/etc.conf.in b/tmpfiles.d/etc.conf.in new file mode 100644 index 0000000..e54d3b1 --- /dev/null +++ b/tmpfiles.d/etc.conf.in @@ -0,0 +1,21 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +L /etc/os-release - - - - ../usr/lib/os-release +L+ /etc/mtab - - - - ../proc/self/mounts +{% if HAVE_SMACK_RUN_LABEL %} +t /etc/mtab - - - - security.SMACK64=_ +{% endif %} +C! /etc/locale.conf - - - - +C! /etc/nsswitch.conf - - - - +C! /etc/vconsole.conf - - - - +{% if HAVE_PAM %} +C! /etc/pam.d - - - - +{% endif %} +C! /etc/issue - - - - diff --git a/tmpfiles.d/home.conf b/tmpfiles.d/home.conf new file mode 100644 index 0000000..9f25b83 --- /dev/null +++ b/tmpfiles.d/home.conf @@ -0,0 +1,11 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +Q /home 0755 - - - +q /srv 0755 - - - diff --git a/tmpfiles.d/journal-nocow.conf b/tmpfiles.d/journal-nocow.conf new file mode 100644 index 0000000..e32a388 --- /dev/null +++ b/tmpfiles.d/journal-nocow.conf @@ -0,0 +1,27 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Set the NOCOW attribute for directories of journal files. This flag +# is inherited by their new files and sub-directories. Matters only +# for btrfs filesystems. +# +# WARNING: Enabling the NOCOW attribute improves journal performance +# substantially, but also disables the btrfs checksum logic. In +# btrfs RAID filesystems the checksums are needed for rebuilding +# corrupted files. Without checksums such rebuilds are not +# possible. +# +# In a single-disk filesystem (or a filesystem without redundancy) +# enabling the NOCOW attribute for journal files is safe, because +# they have their own checksums and a rebuilding wouldn't be possible +# in any case. + +h /var/log/journal - - - - +C +h /var/log/journal/%m - - - - +C +h /var/log/journal/remote - - - - +C diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in new file mode 100644 index 0000000..4f2c0d7 --- /dev/null +++ b/tmpfiles.d/legacy.conf.in @@ -0,0 +1,30 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# These files are considered legacy and are unnecessary on legacy-free +# systems. + +d /run/lock 0755 root root - +L /var/lock - - - - ../run/lock +{% if CREATE_LOG_DIRS %} +L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs +{% endif %} + +# /run/lock/subsys is used for serializing SysV service execution, and +# hence without use on SysV-less systems. + +d /run/lock/subsys 0755 root root - + +# /forcefsck, /fastboot and /forcequotacheck are deprecated in favor of the +# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and +# 'quotacheck.mode=force' + +r! /forcefsck +r! /fastboot +r! /forcequotacheck diff --git a/tmpfiles.d/meson.build b/tmpfiles.d/meson.build new file mode 100644 index 0000000..4c11ad6 --- /dev/null +++ b/tmpfiles.d/meson.build @@ -0,0 +1,58 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later + +enable_tmpfiles = conf.get('ENABLE_TMPFILES') == 1 + +files = [['README', ''], + ['home.conf', ''], + ['journal-nocow.conf', ''], + ['portables.conf', 'ENABLE_PORTABLED'], + ['systemd-network.conf', 'ENABLE_NETWORKD'], + ['systemd-nologin.conf', 'HAVE_PAM'], + ['systemd-nspawn.conf', 'ENABLE_MACHINED'], + ['systemd-pstore.conf', 'ENABLE_PSTORE'], + ['systemd-resolve.conf', 'ENABLE_RESOLVE'], + ['systemd-tmp.conf', ''], + ['tmp.conf', ''], + ['x11.conf', ''], + ['provision.conf', ''], + ['credstore.conf', ''], + ] + +foreach pair : files + if not enable_tmpfiles + # do nothing + elif pair[1] == '' or conf.get(pair[1]) == 1 + install_data(pair[0], install_dir : tmpfilesdir) + else + message('Not installing tmpfiles.d/@0@ because @1@ is @2@' + .format(pair[0], pair[1], conf.get(pair[1], 0))) + endif +endforeach + +in_files = [['etc.conf', ''], + ['legacy.conf', 'HAVE_SYSV_COMPAT'], + ['static-nodes-permissions.conf', ''], + ['systemd.conf', ''], + ['var.conf', ''], + ] + +foreach pair : in_files + if not enable_tmpfiles + # do nothing + elif pair[1] == '' or conf.get(pair[1]) == 1 + custom_target( + pair[0], + input : pair[0] + '.in', + output: pair[0], + command : [jinja2_cmdline, '@INPUT@', '@OUTPUT@'], + install : enable_tmpfiles, + install_dir : tmpfilesdir) + else + message('Not installing tmpfiles.d/@0@ because @1@ is @2@' + .format(pair[0], pair[1], conf.get(pair[1], 0))) + endif +endforeach + +if enable_tmpfiles and install_sysconfdir + install_emptydir(sysconfdir / 'tmpfiles.d') +endif diff --git a/tmpfiles.d/portables.conf b/tmpfiles.d/portables.conf new file mode 100644 index 0000000..3fd0c7d --- /dev/null +++ b/tmpfiles.d/portables.conf @@ -0,0 +1,4 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# See tmpfiles.d(5) for details + +Q /var/lib/portables 0700 diff --git a/tmpfiles.d/provision.conf b/tmpfiles.d/provision.conf new file mode 100644 index 0000000..093104a --- /dev/null +++ b/tmpfiles.d/provision.conf @@ -0,0 +1,22 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Provision additional login messages from credentials, if they are set. Note +# that these lines are NOPs if the credentials are not set or if the files +# already exist. +f^ /etc/motd.d/50-provision.conf - - - - login.motd +f^ /etc/issue.d/50-provision.conf - - - - login.issue + +# Provision a /etc/hosts file from credentials. +f^ /etc/hosts - - - - network.hosts + +# Provision SSH key for root +d- /root :0700 root :root - +d- /root/.ssh :0700 root :root - +f^ /root/.ssh/authorized_keys :0600 root :root - ssh.authorized_keys.root diff --git a/tmpfiles.d/static-nodes-permissions.conf.in b/tmpfiles.d/static-nodes-permissions.conf.in new file mode 100644 index 0000000..df1fe2e --- /dev/null +++ b/tmpfiles.d/static-nodes-permissions.conf.in @@ -0,0 +1,20 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# This file adds permissions on top of static-nodes.conf generated by +# kmod-static-nodes.service. Rules specified here should match the +# permissions specified for udev in 50-udev-default.rules. + +z /dev/snd/seq 0660 - audio - +z /dev/snd/timer 0660 - audio - +z /dev/loop-control 0660 - disk - +z /dev/net/tun 0666 - - - +z /dev/fuse 0666 - - - +z /dev/vfio/vfio 0666 - - - +z /dev/kvm {{DEV_KVM_MODE}} - kvm - +z /dev/vhost-net {{DEV_KVM_MODE}} - kvm - +z /dev/vhost-vsock {{DEV_KVM_MODE}} - kvm - diff --git a/tmpfiles.d/systemd-network.conf b/tmpfiles.d/systemd-network.conf new file mode 100644 index 0000000..b30bc91 --- /dev/null +++ b/tmpfiles.d/systemd-network.conf @@ -0,0 +1,13 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/systemd/netif 0755 systemd-network systemd-network - +d /run/systemd/netif/links 0755 systemd-network systemd-network - +d /run/systemd/netif/leases 0755 systemd-network systemd-network - +d /run/systemd/netif/lldp 0755 systemd-network systemd-network - diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf new file mode 100644 index 0000000..e1efc73 --- /dev/null +++ b/tmpfiles.d/systemd-nologin.conf @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5), systemd-user-sessions.service(8) and pam_nologin(8). + +f+! /run/nologin 0644 - - - "System is booting up. Unprivileged users are not permitted to log in yet. Please come back later. For technical details, see pam_nologin(8)." diff --git a/tmpfiles.d/systemd-nspawn.conf b/tmpfiles.d/systemd-nspawn.conf new file mode 100644 index 0000000..78bd1c6 --- /dev/null +++ b/tmpfiles.d/systemd-nspawn.conf @@ -0,0 +1,23 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +Q /var/lib/machines 0700 - - - + +# Remove old temporary snapshots, but only at boot. Ideally we'd have +# "self-destroying" btrfs snapshots that go away if the last +# reference to it does. To mimic a scheme like this at least remove +# the old snapshots on fresh boots, where we know they cannot be +# referenced anymore. Note that we actually remove all temporary files +# in /var/lib/machines/ at boot, which should be safe since the +# directory has defined semantics. In the root directory (where +# systemd-nspawn --ephemeral places snapshots) we are more strict, to +# avoid removing unrelated temporary files. + +R! /var/lib/machines/.#* +R! /.#machine.* diff --git a/tmpfiles.d/systemd-pstore.conf b/tmpfiles.d/systemd-pstore.conf new file mode 100644 index 0000000..9425169 --- /dev/null +++ b/tmpfiles.d/systemd-pstore.conf @@ -0,0 +1,34 @@ +# SPDX-License-Identifier: LGPL-2.1-or-later +# +# The systemd-pstore.service(1) archives the contents of /sys/fs/pstore +# upon boot so that there is room for a subsequent dump. This service +# is enabled with: +# systemctl enable systemd-pstore +# +# With the service enabled, the kernel still needs to be configured +# to write data into the pstore. The kernel has two parameters, +# crash_kexec_post_notifiers and printk.always_kmsg_dump, that +# control writes into pstore. +# +# The crash_kexec_post_notifiers parameter enables the kernel to write +# dmesg (including stack trace) into pstore upon a panic even if kdump +# is loaded, only needed if you want to use pstore with kdump. Without +# this parameter, kdump could block writing to pstore for stability +# reason. Note this increases the risk of kdump failure even if pstore +# is not available. +# +# The printk.always_kmsg_dump parameter enables the kernel to write dmesg +# upon a normal shutdown (shutdown, reboot, halt). +# +# To configure the kernel parameters, uncomment the appropriate +# lines below. The value written is either 'Y' to enable the +# kernel parameter, or 'N' to disable the kernel parameter. +# +# After making a change to this file, do: +# systemd-tmpfiles --create path/to/tmpfiles.d/systemd-pstore.conf +# +# These changes are automatically applied on future re-boots. + +d /var/lib/systemd/pstore 0755 root root 14d +#w- /sys/module/printk/parameters/always_kmsg_dump - - - - Y +#w- /sys/module/kernel/parameters/crash_kexec_post_notifiers - - - - Y diff --git a/tmpfiles.d/systemd-resolve.conf b/tmpfiles.d/systemd-resolve.conf new file mode 100644 index 0000000..cb1c56d --- /dev/null +++ b/tmpfiles.d/systemd-resolve.conf @@ -0,0 +1,10 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +L! /etc/resolv.conf - - - - ../run/systemd/resolve/stub-resolv.conf diff --git a/tmpfiles.d/systemd-tmp.conf b/tmpfiles.d/systemd-tmp.conf new file mode 100644 index 0000000..d47d468 --- /dev/null +++ b/tmpfiles.d/systemd-tmp.conf @@ -0,0 +1,23 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Exclude namespace mountpoints created with PrivateTmp=yes +x /tmp/systemd-private-%b-* +X /tmp/systemd-private-%b-*/tmp +x /var/tmp/systemd-private-%b-* +X /var/tmp/systemd-private-%b-*/tmp + +# Remove top-level private temporary directories on each boot +R! /tmp/systemd-private-* +R! /var/tmp/systemd-private-* + +# Handle lost systemd-coredump temp files. They could be lost on old filesystems, +# for example, after hard reboot. +x /var/lib/systemd/coredump/.#core*.%b* +r! /var/lib/systemd/coredump/.#* diff --git a/tmpfiles.d/systemd.conf.in b/tmpfiles.d/systemd.conf.in new file mode 100644 index 0000000..11a45a3 --- /dev/null +++ b/tmpfiles.d/systemd.conf.in @@ -0,0 +1,76 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +d /run/user 0755 root root - +{% if ENABLE_UTMP %} +F! /run/utmp 0664 root utmp - +{% endif %} + +d /run/systemd/ask-password 0755 root root - +d /run/systemd/seats 0755 root root - +d /run/systemd/sessions 0755 root root - +d /run/systemd/users 0755 root root - +d /run/systemd/machines 0755 root root - +d /run/systemd/shutdown 0755 root root - + +d /run/log 0755 root root - + +z /run/log/journal 2755 root systemd-journal - - +Z /run/log/journal/%m ~2750 root systemd-journal - - +{% if HAVE_ACL %} +{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %} +a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x +a+ /run/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r--,group:wheel:r-- +{% elif ENABLE_ADM_GROUP %} +a+ /run/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x +a+ /run/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:adm:r-- +{% elif ENABLE_WHEEL_GROUP %} +a+ /run/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x +a+ /run/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x +a+ /run/log/journal/%m/*.journal* - - - - group:wheel:r-- +{% endif %} +{% endif %} + +z /var/log/journal 2755 root systemd-journal - - +z /var/log/journal/%m 2755 root systemd-journal - - +z /var/log/journal/%m/system.journal 0640 root systemd-journal - - +{% if HAVE_ACL %} +{% if ENABLE_ADM_GROUP and ENABLE_WHEEL_GROUP %} +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,d:group:wheel:r-x,group::r-x,group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,d:group:wheel:r-x,group:adm:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r--,group:wheel:r-- +{% elif ENABLE_ADM_GROUP %} +a+ /var/log/journal - - - - d:group::r-x,d:group:adm:r-x,group::r-x,group:adm:r-x +a+ /var/log/journal/%m - - - - d:group:adm:r-x,group:adm:r-x +a+ /var/log/journal/%m/system.journal - - - - group:adm:r-- +{% elif ENABLE_WHEEL_GROUP %} +a+ /var/log/journal - - - - d:group::r-x,d:group:wheel:r-x,group::r-x,group:wheel:r-x +a+ /var/log/journal/%m - - - - d:group:wheel:r-x,group:wheel:r-x +a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- +{% endif %} +{% endif %} + +d /var/lib/systemd 0755 root root - +d /var/lib/systemd/coredump 0755 root root 2w +# Files and directories in /var/lib/systemd/ephemeral-trees are locked by pid 1 to prevent tmpfiles from +# removing them, and tmpfiles is told to clean up anything in /var/lib/systemd/ephemeral-trees that isn't +# locked unconditionally. +d /var/lib/systemd/ephemeral-trees 0755 root root 0 + +d /var/lib/private 0700 root root - +d /var/log/private 0700 root root - +d /var/cache/private 0700 root root - + +{% if ENABLE_EFI %} +# Copy sd-stub provided PCR signature and public key file from initrd into /run/, so that it will survive the initrd stage +C /run/systemd/tpm2-pcr-signature.json 0444 root root - /.extra/tpm2-pcr-signature.json +C /run/systemd/tpm2-pcr-public-key.pem 0444 root root - /.extra/tpm2-pcr-public-key.pem +{% endif %} diff --git a/tmpfiles.d/tmp.conf b/tmpfiles.d/tmp.conf new file mode 100644 index 0000000..fe5225d --- /dev/null +++ b/tmpfiles.d/tmp.conf @@ -0,0 +1,12 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Clear tmp directories separately, to make them easier to override +q /tmp 1777 root root 10d +q /var/tmp 1777 root root 30d diff --git a/tmpfiles.d/var.conf.in b/tmpfiles.d/var.conf.in new file mode 100644 index 0000000..557dd20 --- /dev/null +++ b/tmpfiles.d/var.conf.in @@ -0,0 +1,25 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +q /var 0755 - - - + +L /var/run - - - - ../run + +d /var/log 0755 - - - +{% if ENABLE_UTMP %} +f /var/log/wtmp 0664 root utmp - +f /var/log/btmp 0660 root utmp - +f /var/log/lastlog 0664 root utmp - +{% endif %} + +d /var/cache 0755 - - - + +d /var/lib 0755 - - - + +d /var/spool 0755 - - - diff --git a/tmpfiles.d/x11.conf b/tmpfiles.d/x11.conf new file mode 100644 index 0000000..ef0b11d --- /dev/null +++ b/tmpfiles.d/x11.conf @@ -0,0 +1,18 @@ +# This file is part of systemd. +# +# systemd is free software; you can redistribute it and/or modify it +# under the terms of the GNU Lesser General Public License as published by +# the Free Software Foundation; either version 2.1 of the License, or +# (at your option) any later version. + +# See tmpfiles.d(5) for details + +# Make sure these are created by default so that nobody else can +# or empty them at startup +D! /tmp/.X11-unix 1777 root root 10d +D! /tmp/.ICE-unix 1777 root root 10d +D! /tmp/.XIM-unix 1777 root root 10d +D! /tmp/.font-unix 1777 root root 10d + +# Unlink the X11 lock files +r! /tmp/.X[0-9]*-lock |