[systemd-devel] SystemD, Gnome permission problems

Elias Probst mail at eliasprobst.eu
Sun Apr 12 08:59:02 PDT 2015 

On 04/12/2015 05:47 PM, Kai Krakow wrote:
> Elias Probst <mail at eliasprobst.eu> schrieb:
> 
>> On 04/12/2015 04:11 PM, Zbigniew Jędrzejewski-Szmek wrote:
>>> I'm wondering if we should provide better per-user tmpfiles support.
>>> For example, if we allowed a set of "user" tmpfiles, which would
>>> be executed by the system instance, but would be considered relative to
>>> the home directory and XDG_RUNTIME_DIR (~ or %h to refer to the home
>>> directory, %t to XDG_RUNTIME_DIR, ...). We would execute that for every
>>> user.
>>
>> Which makes me wonder again, why tmpfiles.d was never implemented in the
>> way all other units are implemented.
>> Currently, it's impossible to declare a dependency of a service upon a
>> tmpdir, which feels out of line with the way things are usually handled
>> in a systemd-based system.
>>
>> For example:
>> OpenVPN requires /run/openvpn/ to exist before being able to start.
>> This leads to the following possible scenarios to make OpenVPN usable on
>> a system where OpenVPN was just installed (and there was no reboot to
>> trigger tmpfiles.d creation) yet:
>>
>> A#
>> - the package manager creates /run/openvpn as part of of its postinst
>> routine. This is duplicated effort and could easily go out of sync with
>> the definition in OpenVPN's tmpfiles.d configuration
>>
>> B#
>> - the package manager calls "systemd-tmpfiles --create …" whenever a
>> tmpfiles.d configuration was installed. This might still be the most
>> straightforward way, but it could still happen that a user manually
>> deletes the directory and than at a later point attempts to start a
>> service depending on it
>>
>> C#
>> - the user has to create /run/openvpn manually (I don't think I have to
>> outline why this is no "correct" solution)
>>
>> D#
>> - creation of tmpfile directories is left to the application (again
>> duplicated effort and the wrong place to do it, when there is a
>> centralized mechanism for handling this properly)
>>
>> E#
>> - the service unit contains something like "ExecPre=/bin/mkdir …". Again
>> duplicated effort and the wrong place to do it.
> 
> F#
> - the service file contains a RuntimeDirectory directive.
> 
> ;-)
> 

Ha! Perfect! Thanks a lot for pointing this out.

My initial bugreport against Gentoo [1] regarding this issue is older
than the implementation of RuntimeDirectory [2] - time for updating the
bugreport + getting upstream (OpenVPN) involved to ship an updated
service unit and get rid of their tmpfiles.d conf.

[1] https://bugs.gentoo.org/show_bug.cgi?id=462118
[2] http://cgit.freedesktop.org/systemd/systemd/commit/?id=e66cf1a3

- Elias

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150412/65284748/attachment.sig>

More information about the systemd-devel mailing list