[systemd-devel] DynamicUsers and read-only /var

Lennart Poettering lennart at poettering.net
Wed May 16 20:59:57 UTC 2018


On Mi, 16.05.18 15:56, Simon McVittie (smcv at collabora.com) wrote:

> On Wed, 16 May 2018 at 16:33:08 +0200, Antoine Pietri wrote:
> > On Wed, May 16 at 13:05 PM, Jérémy Rosen <jeremy.rosen at smile.fr> wrote:
> > > hmm, I think you could have the whole /var as a tmpfs and use
> > > systemd-tmpfiles (man:tmpfiles.d) to initialize /var at startup by
> > > copying some template directory from a read-only location (typicalli in
> > > /usr)
> > 
> > That's another interesting workaround, but ideally we'd like to let
> > all the packages install stuff in /var/lib like they would normally,
> > and only put some tmpfs in /var after that.
> 
> The purpose of /var is that it contains variable data, so a read-only
> /var seems like a rather contradictory goal?
> 
> I think you'd really be better off redirecting the packaged
> or package-manager-produced contents of /var to /usr/var or
> /usr/share/factory/var or something (perhaps using your package
> manager's

Yes, /usr/share/factory is the recommended place for this, if you
follow tmpfiles.d logic. See the "C" specififier documentation for
tmpfiles.d, it suggests using that directory for the purpose of early
population of /var and /etc with non-empty files or dirs.

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list