| Message ID | 20200726202449.7108-1-nolange79@gmail.com |
|---|---|
| State | Accepted |
| Headers | show |
| Series | [v2,1/1] package/systemd: pre-create directories for services | expand |
On 26/07/2020 22:24, Norbert Lange wrote: > various services need directories in /var when they are started, > and create them if necessary. Creating those before, allows > those services to start even if /var is read-only. > > Signed-off-by: Norbert Lange <nolange79@gmail.com> I in the end applied this to master, but I think we should instead follow Jeremy's suggestion, as I'll explain in the v1 thread. Regards, Arnout > --- > v1->v2: > - dont use a new hook, use SYSTEMD_PERMISSIONS > - no conditionals, but variables that are set or not > --- > package/systemd/systemd.mk | 19 +++++++++++++++++++ > 1 file changed, 19 insertions(+) > > diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk > index c49922d78f..42da1c889f 100644 > --- a/package/systemd/systemd.mk > +++ b/package/systemd/systemd.mk > @@ -317,12 +317,14 @@ endif > > ifeq ($(BR2_PACKAGE_SYSTEMD_LOGIND),y) > SYSTEMD_CONF_OPTS += -Dlogind=true > +SYSTEMD_LOGIND_PERMISSIONS = /var/lib/systemd/linger d 755 0 0 - - - - - > else > SYSTEMD_CONF_OPTS += -Dlogind=false > endif > > ifeq ($(BR2_PACKAGE_SYSTEMD_MACHINED),y) > SYSTEMD_CONF_OPTS += -Dmachined=true -Dnss-mymachines=true > +SYSTEMD_MACHINED_PERMISSIONS = /var/lib/machines d 700 0 0 - - - - - > else > SYSTEMD_CONF_OPTS += -Dmachined=false -Dnss-mymachines=false > endif > @@ -336,6 +338,7 @@ endif > ifeq ($(BR2_PACKAGE_SYSTEMD_HOMED),y) > SYSTEMD_CONF_OPTS += -Dhomed=true > SYSTEMD_DEPENDENCIES += cryptsetup openssl > +SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/home d 755 0 0 - - - - - > else > SYSTEMD_CONF_OPTS += -Dhomed=false > endif > @@ -380,12 +383,14 @@ endif > ifeq ($(BR2_PACKAGE_SYSTEMD_COREDUMP),y) > SYSTEMD_CONF_OPTS += -Dcoredump=true > SYSTEMD_COREDUMP_USER = systemd-coredump -1 systemd-coredump -1 * - - - systemd core dump processing > +SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/coredump d 755 0 0 - - - - - > else > SYSTEMD_CONF_OPTS += -Dcoredump=false > endif > > ifeq ($(BR2_PACKAGE_SYSTEMD_PSTORE),y) > SYSTEMD_CONF_OPTS += -Dpstore=true > +SYSTEMD_PSTORE_PERMISSIONS = /var/lib/systemd/pstore d 755 0 0 - - - - - > else > SYSTEMD_CONF_OPTS += -Dpstore=false > endif > @@ -436,6 +441,7 @@ endif > ifeq ($(BR2_PACKAGE_SYSTEMD_TIMESYNCD),y) > SYSTEMD_CONF_OPTS += -Dtimesyncd=true > SYSTEMD_TIMESYNCD_USER = systemd-timesync -1 systemd-timesync -1 * - - - systemd Time Synchronization > +SYSTEMD_TIMESYNCD_PERMISSIONS = /var/lib/systemd/timesync d 755 systemd-timesync systemd-timesync - - - - - > else > SYSTEMD_CONF_OPTS += -Dtimesyncd=false > endif > @@ -503,6 +509,19 @@ define SYSTEMD_INSTALL_IMAGES_CMDS > $(SYSTEMD_INSTALL_BOOT_FILES) > endef > > +define SYSTEMD_PERMISSIONS > + /var/spool d 755 0 0 - - - - - > + /var/lib d 755 0 0 - - - - - > + /var/lib/private d 700 0 0 - - - - - > + /var/log/private d 700 0 0 - - - - - > + /var/cache/private d 700 0 0 - - - - - > + $(SYSTEMD_LOGIND_PERMISSIONS) > + $(SYSTEMD_MACHINED_PERMISSIONS) > + $(SYSTEMD_HOMED_PERMISSIONS) > + $(SYSTEMD_PSTORE_PERMISSIONS) > + $(SYSTEMD_TIMESYNCD_PERMISSIONS) > +endef > + > define SYSTEMD_USERS > # udev user groups > - - input -1 * - - - Input device group >
On 08/01/2022 19:28, Arnout Vandecappelle wrote: > > > On 26/07/2020 22:24, Norbert Lange wrote: >> various services need directories in /var when they are started, >> and create them if necessary. Creating those before, allows >> those services to start even if /var is read-only. >> >> Signed-off-by: Norbert Lange <nolange79@gmail.com> > > I in the end applied this to master, but I think we should instead follow > Jeremy's suggestion, as I'll explain in the v1 thread. Never mind, after reading your reply to Jeremy in full, I think you have the greater authority there so I believe you if you say this is the proper approach. Regards, Arnout [snip]
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk index c49922d78f..42da1c889f 100644 --- a/package/systemd/systemd.mk +++ b/package/systemd/systemd.mk @@ -317,12 +317,14 @@ endif ifeq ($(BR2_PACKAGE_SYSTEMD_LOGIND),y) SYSTEMD_CONF_OPTS += -Dlogind=true +SYSTEMD_LOGIND_PERMISSIONS = /var/lib/systemd/linger d 755 0 0 - - - - - else SYSTEMD_CONF_OPTS += -Dlogind=false endif ifeq ($(BR2_PACKAGE_SYSTEMD_MACHINED),y) SYSTEMD_CONF_OPTS += -Dmachined=true -Dnss-mymachines=true +SYSTEMD_MACHINED_PERMISSIONS = /var/lib/machines d 700 0 0 - - - - - else SYSTEMD_CONF_OPTS += -Dmachined=false -Dnss-mymachines=false endif @@ -336,6 +338,7 @@ endif ifeq ($(BR2_PACKAGE_SYSTEMD_HOMED),y) SYSTEMD_CONF_OPTS += -Dhomed=true SYSTEMD_DEPENDENCIES += cryptsetup openssl +SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/home d 755 0 0 - - - - - else SYSTEMD_CONF_OPTS += -Dhomed=false endif @@ -380,12 +383,14 @@ endif ifeq ($(BR2_PACKAGE_SYSTEMD_COREDUMP),y) SYSTEMD_CONF_OPTS += -Dcoredump=true SYSTEMD_COREDUMP_USER = systemd-coredump -1 systemd-coredump -1 * - - - systemd core dump processing +SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/coredump d 755 0 0 - - - - - else SYSTEMD_CONF_OPTS += -Dcoredump=false endif ifeq ($(BR2_PACKAGE_SYSTEMD_PSTORE),y) SYSTEMD_CONF_OPTS += -Dpstore=true +SYSTEMD_PSTORE_PERMISSIONS = /var/lib/systemd/pstore d 755 0 0 - - - - - else SYSTEMD_CONF_OPTS += -Dpstore=false endif @@ -436,6 +441,7 @@ endif ifeq ($(BR2_PACKAGE_SYSTEMD_TIMESYNCD),y) SYSTEMD_CONF_OPTS += -Dtimesyncd=true SYSTEMD_TIMESYNCD_USER = systemd-timesync -1 systemd-timesync -1 * - - - systemd Time Synchronization +SYSTEMD_TIMESYNCD_PERMISSIONS = /var/lib/systemd/timesync d 755 systemd-timesync systemd-timesync - - - - - else SYSTEMD_CONF_OPTS += -Dtimesyncd=false endif @@ -503,6 +509,19 @@ define SYSTEMD_INSTALL_IMAGES_CMDS $(SYSTEMD_INSTALL_BOOT_FILES) endef +define SYSTEMD_PERMISSIONS + /var/spool d 755 0 0 - - - - - + /var/lib d 755 0 0 - - - - - + /var/lib/private d 700 0 0 - - - - - + /var/log/private d 700 0 0 - - - - - + /var/cache/private d 700 0 0 - - - - - + $(SYSTEMD_LOGIND_PERMISSIONS) + $(SYSTEMD_MACHINED_PERMISSIONS) + $(SYSTEMD_HOMED_PERMISSIONS) + $(SYSTEMD_PSTORE_PERMISSIONS) + $(SYSTEMD_TIMESYNCD_PERMISSIONS) +endef + define SYSTEMD_USERS # udev user groups - - input -1 * - - - Input device group
various services need directories in /var when they are started, and create them if necessary. Creating those before, allows those services to start even if /var is read-only. Signed-off-by: Norbert Lange <nolange79@gmail.com> --- v1->v2: - dont use a new hook, use SYSTEMD_PERMISSIONS - no conditionals, but variables that are set or not --- package/systemd/systemd.mk | 19 +++++++++++++++++++ 1 file changed, 19 insertions(+)