[systemd-devel] systemd-tmpfiles for the user instance of systemd
Daniel Tihelka
dtihelka at gmail.com
Tue Jul 7 06:31:34 PDT 2015
On Friday 03 of July 2015 20:31:42 Lennart Poettering wrote:
> On Wed, 01.07.15 12:35, Daniel Tihelka (dtihelka at gmail.com) wrote:
> > Hello,
> > does anyone have an experience with the use of systemd-tmpfiles for the
> > user instance of systemd.
>
> This is currently not nicely supported. And I am not sure it
> should. Note that much of what tmpfiles supports is only necessary
> for:
>
> - aging (automatic time-based clean-up of files). Doesn't really apply
> to user sessions, since /tmp and /var/tmp are already cleaned up by
> the system instance of tmpfiles
Yes, that is what I want to use systemd-tmpfiles for. considering its code-base
is tuned and I can directly configure "age" parameter, it seemed much easier
and more robust solution that to tune a script using find tool.
And I think that a lot of people would end up with the same idea (e.g. Tomasz
Torcz's reply in the thread ...).
> - re-populating /etc and /var on state-less boots, possibly apply
> perms and stuff. Doesn't really apply to user sessions, since since
> time began user apps are used to recreate their stuff in $HOME on
> first start.
agree, not useful for user-instance.
> - help borked daemons or daemons that never have priviliges to create
> directories in /run that are owned by system users. Doesn't apply to
> user sessions, since in that case there can only be one user that
> owns all files.
agree, not useful for user-instance.
> - reserve certain guessable file names in otherwise shared namespace
> directories (i.e. /tmp/.X11* stuff) before the first user logs in,
> in order to avoid DoS attacks. Doesn't apply to user sessions, since
> there are no different privilege levels for those.
agree, not useful for user-instance.
> - write fields into sysfs. Doesn't apply to user sessions, since user
> sessions generally don't have access to sysfs.
agree, not useful for user-instance.
> Summing this up: all these cases don't really apply to user
> sessions. Moreover, it's not really possible to implement aging from
> unprivileged programs, since you cannot avoid bumping the atime of all
> dirs when doing that, since noatime stuff is only available to root...
Yes, I have read it in the man page. Well, one can configure system-wide
instance of systemd-tmpfiles to watch the files, it does not work for:
* users without root access
* user using encfs-protected home, where the mountpoint cannot be accessed
even by root
Hmm, I would guess that there is no nice solution to this. It is a pitty :-(
Thanks anyway,
Dan T.
>
> > * I have to specify the config file manually (i.e.
> > %h/.config/tmpfiles.conf). There is no attempt to search for e.g.
> > ~/.config/tmpfiles.d/ or
> > /etc/tmpfiles.d/user/ directories when running in user mode. Is that
> > correct?
>
> Yes. And I have no intenation to change that, given the issues above.
>
> > I just want to ask, since I do not want to make the stuff more complicated
> > than necessary. So I am all ears if if you know how to
> > simplify/generalize the configuration
>
> I fear it will stay the manual process your described...
>
> Lennart
--
*Daniel Tihelka*
NTIS - Nové technologie pro informační společnost
Západočeská Univerzita v Plzni
dtihelka at ntis.zcu.cz
+420 377 63 *2531*
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 181 bytes
Desc: This is a digitally signed message part.
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150707/01a247e2/attachment-0001.sig>
More information about the systemd-devel
mailing list