diff --git a/Makefile.am b/Makefile.am
index f4b19589a1..b7a4681447 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1584,6 +1584,7 @@ nodist_systemunit_DATA += \
dist_tmpfiles_DATA = \
tmpfiles.d/systemd.conf \
+ tmpfiles.d/systemd-nologin.conf \
tmpfiles.d/tmp.conf \
tmpfiles.d/x11.conf
diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index c65636b0fe..9b8932c635 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -146,6 +146,12 @@
configuration files are
removed.
+
+
+ Also execute lines
+ with an exclamation mark.
+
+
Only apply rules that
diff --git a/man/tmpfiles.d.xml b/man/tmpfiles.d.xml
index 331fd1b472..0da52aedad 100644
--- a/man/tmpfiles.d.xml
+++ b/man/tmpfiles.d.xml
@@ -113,6 +113,9 @@ L /tmp/foobar - - - - /dev/null
Type
+ The type consists of a single letter and
+ optionally an exclamation mark.
+
The following line types are understood:
@@ -262,6 +265,28 @@ L /tmp/foobar - - - - /dev/null
names.
+
+ If the exclamation mark is used, this
+ line is only safe of execute during boot, and
+ can break a running system. Lines without the
+ exclamation mark are presumed to be safe to
+ execute at any time, e.g. on package upgrades.
+ systemd-tmpfiles will
+ execute line with an exclamation mark only if
+ option is given.
+
+
+ For example:
+
+# Make sure these are created by default so that nobody else can
+d /tmp/.X11-unix 1777 root root 10d
+
+# Unlink the X11 lock files
+r! /tmp/.X[0-9]*-lock
+
+ The second line in contrast to the first one
+ would break a running system, and will only be
+ executed with .
diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index 02351e18f7..881c3b0d78 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -107,6 +107,7 @@ static Set *unix_sockets = NULL;
static bool arg_create = false;
static bool arg_clean = false;
static bool arg_remove = false;
+static bool arg_unsafe = false;
static char **include_prefixes = NULL;
static char **exclude_prefixes = NULL;
@@ -1077,7 +1078,7 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
_cleanup_item_free_ Item *i = NULL;
Item *existing;
_cleanup_free_ char
- *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
+ *action = NULL, *mode = NULL, *user = NULL, *group = NULL, *age = NULL, *path = NULL;
char type;
Hashmap *h;
int r, n = -1;
@@ -1087,8 +1088,8 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
assert(buffer);
r = sscanf(buffer,
- "%c %ms %ms %ms %ms %ms %n",
- &type,
+ "%ms %ms %ms %ms %ms %ms %n",
+ &action,
&path,
&mode,
&user,
@@ -1100,6 +1101,14 @@ static int parse_line(const char *fname, unsigned line, const char *buffer) {
return -EIO;
}
+ if (strlen(action) > 2 || (strlen(action) > 1 && action[1] != '!')) {
+ log_error("[%s:%u] Unknown modifier '%s'", fname, line, action);
+ return -EINVAL;
+ } else if (strlen(action) > 1 && !arg_unsafe)
+ return 0;
+
+ type = action[0];
+
i = new0(Item, 1);
if (!i)
return log_oom();
@@ -1271,6 +1280,7 @@ static int help(void) {
" --create Create marked files/directories\n"
" --clean Clean up marked directories\n"
" --remove Remove marked files/directories\n"
+ " --unsafe Execute actions only safe at boot\n"
" --prefix=PATH Only apply rules that apply to paths with the specified prefix\n"
" --exclude-prefix=PATH Ignore rules that apply to paths with the specified prefix\n",
program_invocation_short_name);
@@ -1285,6 +1295,7 @@ static int parse_argv(int argc, char *argv[]) {
ARG_CREATE,
ARG_CLEAN,
ARG_REMOVE,
+ ARG_UNSAFE,
ARG_PREFIX,
ARG_EXCLUDE_PREFIX,
};
@@ -1295,6 +1306,7 @@ static int parse_argv(int argc, char *argv[]) {
{ "create", no_argument, NULL, ARG_CREATE },
{ "clean", no_argument, NULL, ARG_CLEAN },
{ "remove", no_argument, NULL, ARG_REMOVE },
+ { "unsafe", no_argument, NULL, ARG_UNSAFE },
{ "prefix", required_argument, NULL, ARG_PREFIX },
{ "exclude-prefix", required_argument, NULL, ARG_EXCLUDE_PREFIX },
{}
@@ -1329,6 +1341,10 @@ static int parse_argv(int argc, char *argv[]) {
arg_remove = true;
break;
+ case ARG_UNSAFE:
+ arg_unsafe = true;
+ break;
+
case ARG_PREFIX:
if (strv_extend(&include_prefixes, optarg) < 0)
return log_oom();
diff --git a/tmpfiles.d/legacy.conf b/tmpfiles.d/legacy.conf
index 3fff347db4..a1656873da 100644
--- a/tmpfiles.d/legacy.conf
+++ b/tmpfiles.d/legacy.conf
@@ -29,6 +29,6 @@ d /run/lock/lockdev 0775 root lock -
# kernel command line options 'fsck.mode=force', 'fsck.mode=skip' and
# 'quotacheck.mode=force'
-r /forcefsck
-r /fastboot
-r /forcequotacheck
+r! /forcefsck
+r! /fastboot
+r! /forcequotacheck
diff --git a/tmpfiles.d/systemd-nologin.conf b/tmpfiles.d/systemd-nologin.conf
new file mode 100644
index 0000000000..d61232b534
--- /dev/null
+++ b/tmpfiles.d/systemd-nologin.conf
@@ -0,0 +1,11 @@
+# This file is part of systemd.
+#
+# systemd is free software; you can redistribute it and/or modify it
+# under the terms of the GNU Lesser General Public License as published by
+# the Free Software Foundation; either version 2.1 of the License, or
+# (at your option) any later version.
+
+# See tmpfiles.d(5) and systemd-forbid-user-logins.service(5).
+# This file has special suffix so it is not run by mistake.
+
+F! /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"
diff --git a/tmpfiles.d/systemd.conf b/tmpfiles.d/systemd.conf
index a05c6577d2..7c6d6b9099 100644
--- a/tmpfiles.d/systemd.conf
+++ b/tmpfiles.d/systemd.conf
@@ -8,7 +8,7 @@
# See tmpfiles.d(5) for details
d /run/user 0755 root root ~10d
-F /run/utmp 0664 root utmp -
+F! /run/utmp 0664 root utmp -
f /var/log/wtmp 0664 root utmp -
f /var/log/btmp 0600 root utmp -
@@ -22,8 +22,6 @@ d /run/systemd/users 0755 root root -
d /run/systemd/machines 0755 root root -
d /run/systemd/shutdown 0755 root root -
-F /run/nologin 0644 - - - "System is booting up. See pam_nologin(8)"
-
m /var/log/journal 2755 root systemd-journal - -
m /var/log/journal/%m 2755 root systemd-journal - -
m /run/log/journal 2755 root systemd-journal - -
diff --git a/tmpfiles.d/x11.conf b/tmpfiles.d/x11.conf
index ece6a5ce98..4c96a54a13 100644
--- a/tmpfiles.d/x11.conf
+++ b/tmpfiles.d/x11.conf
@@ -15,4 +15,4 @@ d /tmp/.font-unix 1777 root root 10d
d /tmp/.Test-unix 1777 root root 10d
# Unlink the X11 lock files
-r /tmp/.X[0-9]*-lock
+r! /tmp/.X[0-9]*-lock
diff --git a/units/systemd-tmpfiles-setup.service.in b/units/systemd-tmpfiles-setup.service.in
index 3405e2842c..c2dcae0e13 100644
--- a/units/systemd-tmpfiles-setup.service.in
+++ b/units/systemd-tmpfiles-setup.service.in
@@ -6,7 +6,7 @@
# (at your option) any later version.
[Unit]
-Description=Recreate Volatile Files and Directories
+Description=Create Volatile Files and Directories
Documentation=man:tmpfiles.d(5) man:systemd-tmpfiles(8)
DefaultDependencies=no
Wants=local-fs.target
@@ -18,8 +18,10 @@ ConditionDirectoryNotEmpty=|/lib/tmpfiles.d
ConditionDirectoryNotEmpty=|/usr/local/lib/tmpfiles.d
ConditionDirectoryNotEmpty=|/etc/tmpfiles.d
ConditionDirectoryNotEmpty=|/run/tmpfiles.d
+RefuseManualStart=yes
+RefuseManualStop=yes
[Service]
Type=oneshot
RemainAfterExit=yes
-ExecStart=@rootbindir@/systemd-tmpfiles --create --remove --exclude-prefix=/dev
+ExecStart=@rootbindir@/systemd-tmpfiles --create --remove --unsafe --exclude-prefix=/dev