* [Buildroot] [PATCH v2 1/1] package/systemd: pre-create directories for services
@ 2020-07-26 20:24 Norbert Lange
2022-01-08 18:28 ` Arnout Vandecappelle
0 siblings, 1 reply; 3+ messages in thread
From: Norbert Lange @ 2020-07-26 20:24 UTC (permalink / raw)
To: buildroot
various services need directories in /var when they are started,
and create them if necessary. Creating those before, allows
those services to start even if /var is read-only.
Signed-off-by: Norbert Lange <nolange79@gmail.com>
---
v1->v2:
- dont use a new hook, use SYSTEMD_PERMISSIONS
- no conditionals, but variables that are set or not
---
package/systemd/systemd.mk | 19 +++++++++++++++++++
1 file changed, 19 insertions(+)
diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
index c49922d78f..42da1c889f 100644
--- a/package/systemd/systemd.mk
+++ b/package/systemd/systemd.mk
@@ -317,12 +317,14 @@ endif
ifeq ($(BR2_PACKAGE_SYSTEMD_LOGIND),y)
SYSTEMD_CONF_OPTS += -Dlogind=true
+SYSTEMD_LOGIND_PERMISSIONS = /var/lib/systemd/linger d 755 0 0 - - - - -
else
SYSTEMD_CONF_OPTS += -Dlogind=false
endif
ifeq ($(BR2_PACKAGE_SYSTEMD_MACHINED),y)
SYSTEMD_CONF_OPTS += -Dmachined=true -Dnss-mymachines=true
+SYSTEMD_MACHINED_PERMISSIONS = /var/lib/machines d 700 0 0 - - - - -
else
SYSTEMD_CONF_OPTS += -Dmachined=false -Dnss-mymachines=false
endif
@@ -336,6 +338,7 @@ endif
ifeq ($(BR2_PACKAGE_SYSTEMD_HOMED),y)
SYSTEMD_CONF_OPTS += -Dhomed=true
SYSTEMD_DEPENDENCIES += cryptsetup openssl
+SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/home d 755 0 0 - - - - -
else
SYSTEMD_CONF_OPTS += -Dhomed=false
endif
@@ -380,12 +383,14 @@ endif
ifeq ($(BR2_PACKAGE_SYSTEMD_COREDUMP),y)
SYSTEMD_CONF_OPTS += -Dcoredump=true
SYSTEMD_COREDUMP_USER = systemd-coredump -1 systemd-coredump -1 * - - - systemd core dump processing
+SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/coredump d 755 0 0 - - - - -
else
SYSTEMD_CONF_OPTS += -Dcoredump=false
endif
ifeq ($(BR2_PACKAGE_SYSTEMD_PSTORE),y)
SYSTEMD_CONF_OPTS += -Dpstore=true
+SYSTEMD_PSTORE_PERMISSIONS = /var/lib/systemd/pstore d 755 0 0 - - - - -
else
SYSTEMD_CONF_OPTS += -Dpstore=false
endif
@@ -436,6 +441,7 @@ endif
ifeq ($(BR2_PACKAGE_SYSTEMD_TIMESYNCD),y)
SYSTEMD_CONF_OPTS += -Dtimesyncd=true
SYSTEMD_TIMESYNCD_USER = systemd-timesync -1 systemd-timesync -1 * - - - systemd Time Synchronization
+SYSTEMD_TIMESYNCD_PERMISSIONS = /var/lib/systemd/timesync d 755 systemd-timesync systemd-timesync - - - - -
else
SYSTEMD_CONF_OPTS += -Dtimesyncd=false
endif
@@ -503,6 +509,19 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
$(SYSTEMD_INSTALL_BOOT_FILES)
endef
+define SYSTEMD_PERMISSIONS
+ /var/spool d 755 0 0 - - - - -
+ /var/lib d 755 0 0 - - - - -
+ /var/lib/private d 700 0 0 - - - - -
+ /var/log/private d 700 0 0 - - - - -
+ /var/cache/private d 700 0 0 - - - - -
+ $(SYSTEMD_LOGIND_PERMISSIONS)
+ $(SYSTEMD_MACHINED_PERMISSIONS)
+ $(SYSTEMD_HOMED_PERMISSIONS)
+ $(SYSTEMD_PSTORE_PERMISSIONS)
+ $(SYSTEMD_TIMESYNCD_PERMISSIONS)
+endef
+
define SYSTEMD_USERS
# udev user groups
- - input -1 * - - - Input device group
--
2.27.0
^ permalink raw reply related [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v2 1/1] package/systemd: pre-create directories for services
2020-07-26 20:24 [Buildroot] [PATCH v2 1/1] package/systemd: pre-create directories for services Norbert Lange
@ 2022-01-08 18:28 ` Arnout Vandecappelle
2022-01-08 18:43 ` Arnout Vandecappelle
0 siblings, 1 reply; 3+ messages in thread
From: Arnout Vandecappelle @ 2022-01-08 18:28 UTC (permalink / raw)
To: Norbert Lange, buildroot; +Cc: Yann E. MORIN, Adam Duskett, Maxime Hadjinlian
On 26/07/2020 22:24, Norbert Lange wrote:
> various services need directories in /var when they are started,
> and create them if necessary. Creating those before, allows
> those services to start even if /var is read-only.
>
> Signed-off-by: Norbert Lange <nolange79@gmail.com>
I in the end applied this to master, but I think we should instead follow
Jeremy's suggestion, as I'll explain in the v1 thread.
Regards,
Arnout
> ---
> v1->v2:
> - dont use a new hook, use SYSTEMD_PERMISSIONS
> - no conditionals, but variables that are set or not
> ---
> package/systemd/systemd.mk | 19 +++++++++++++++++++
> 1 file changed, 19 insertions(+)
>
> diff --git a/package/systemd/systemd.mk b/package/systemd/systemd.mk
> index c49922d78f..42da1c889f 100644
> --- a/package/systemd/systemd.mk
> +++ b/package/systemd/systemd.mk
> @@ -317,12 +317,14 @@ endif
>
> ifeq ($(BR2_PACKAGE_SYSTEMD_LOGIND),y)
> SYSTEMD_CONF_OPTS += -Dlogind=true
> +SYSTEMD_LOGIND_PERMISSIONS = /var/lib/systemd/linger d 755 0 0 - - - - -
> else
> SYSTEMD_CONF_OPTS += -Dlogind=false
> endif
>
> ifeq ($(BR2_PACKAGE_SYSTEMD_MACHINED),y)
> SYSTEMD_CONF_OPTS += -Dmachined=true -Dnss-mymachines=true
> +SYSTEMD_MACHINED_PERMISSIONS = /var/lib/machines d 700 0 0 - - - - -
> else
> SYSTEMD_CONF_OPTS += -Dmachined=false -Dnss-mymachines=false
> endif
> @@ -336,6 +338,7 @@ endif
> ifeq ($(BR2_PACKAGE_SYSTEMD_HOMED),y)
> SYSTEMD_CONF_OPTS += -Dhomed=true
> SYSTEMD_DEPENDENCIES += cryptsetup openssl
> +SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/home d 755 0 0 - - - - -
> else
> SYSTEMD_CONF_OPTS += -Dhomed=false
> endif
> @@ -380,12 +383,14 @@ endif
> ifeq ($(BR2_PACKAGE_SYSTEMD_COREDUMP),y)
> SYSTEMD_CONF_OPTS += -Dcoredump=true
> SYSTEMD_COREDUMP_USER = systemd-coredump -1 systemd-coredump -1 * - - - systemd core dump processing
> +SYSTEMD_HOMED_PERMISSIONS = /var/lib/systemd/coredump d 755 0 0 - - - - -
> else
> SYSTEMD_CONF_OPTS += -Dcoredump=false
> endif
>
> ifeq ($(BR2_PACKAGE_SYSTEMD_PSTORE),y)
> SYSTEMD_CONF_OPTS += -Dpstore=true
> +SYSTEMD_PSTORE_PERMISSIONS = /var/lib/systemd/pstore d 755 0 0 - - - - -
> else
> SYSTEMD_CONF_OPTS += -Dpstore=false
> endif
> @@ -436,6 +441,7 @@ endif
> ifeq ($(BR2_PACKAGE_SYSTEMD_TIMESYNCD),y)
> SYSTEMD_CONF_OPTS += -Dtimesyncd=true
> SYSTEMD_TIMESYNCD_USER = systemd-timesync -1 systemd-timesync -1 * - - - systemd Time Synchronization
> +SYSTEMD_TIMESYNCD_PERMISSIONS = /var/lib/systemd/timesync d 755 systemd-timesync systemd-timesync - - - - -
> else
> SYSTEMD_CONF_OPTS += -Dtimesyncd=false
> endif
> @@ -503,6 +509,19 @@ define SYSTEMD_INSTALL_IMAGES_CMDS
> $(SYSTEMD_INSTALL_BOOT_FILES)
> endef
>
> +define SYSTEMD_PERMISSIONS
> + /var/spool d 755 0 0 - - - - -
> + /var/lib d 755 0 0 - - - - -
> + /var/lib/private d 700 0 0 - - - - -
> + /var/log/private d 700 0 0 - - - - -
> + /var/cache/private d 700 0 0 - - - - -
> + $(SYSTEMD_LOGIND_PERMISSIONS)
> + $(SYSTEMD_MACHINED_PERMISSIONS)
> + $(SYSTEMD_HOMED_PERMISSIONS)
> + $(SYSTEMD_PSTORE_PERMISSIONS)
> + $(SYSTEMD_TIMESYNCD_PERMISSIONS)
> +endef
> +
> define SYSTEMD_USERS
> # udev user groups
> - - input -1 * - - - Input device group
>
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
* Re: [Buildroot] [PATCH v2 1/1] package/systemd: pre-create directories for services
2022-01-08 18:28 ` Arnout Vandecappelle
@ 2022-01-08 18:43 ` Arnout Vandecappelle
0 siblings, 0 replies; 3+ messages in thread
From: Arnout Vandecappelle @ 2022-01-08 18:43 UTC (permalink / raw)
To: Norbert Lange, buildroot; +Cc: Yann E. MORIN, Adam Duskett, Maxime Hadjinlian
On 08/01/2022 19:28, Arnout Vandecappelle wrote:
>
>
> On 26/07/2020 22:24, Norbert Lange wrote:
>> various services need directories in /var when they are started,
>> and create them if necessary. Creating those before, allows
>> those services to start even if /var is read-only.
>>
>> Signed-off-by: Norbert Lange <nolange79@gmail.com>
>
> I in the end applied this to master, but I think we should instead follow
> Jeremy's suggestion, as I'll explain in the v1 thread.
Never mind, after reading your reply to Jeremy in full, I think you have the
greater authority there so I believe you if you say this is the proper approach.
Regards,
Arnout
[snip]
_______________________________________________
buildroot mailing list
buildroot@buildroot.org
https://lists.buildroot.org/mailman/listinfo/buildroot
^ permalink raw reply [flat|nested] 3+ messages in thread
end of thread, other threads:[~2022-01-08 18:43 UTC | newest]
Thread overview: 3+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-07-26 20:24 [Buildroot] [PATCH v2 1/1] package/systemd: pre-create directories for services Norbert Lange
2022-01-08 18:28 ` Arnout Vandecappelle
2022-01-08 18:43 ` Arnout Vandecappelle
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.