<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
</head>
<body text="#000000" bgcolor="#FFFFFF">
hmm, I think you could have the whole /var as a tmpfs and use
systemd-tmpfiles (<a class="moz-txt-link-freetext" href="man:tmpfiles.d">man:tmpfiles.d</a>) to initialize /var at startup by
copying some template directory from a read-only location (typicalli
in /usr)<br>
<br>
<div class="moz-cite-prefix">On 16/05/2018 13:29, Antoine Pietri
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:CAOMH6m3G5C4pSOs2R9e5QTjPxradBRp3CduOeGBa+Nghh-6EFg@mail.gmail.com">
<pre wrap="">Hi,
Our organization uses a diskless setup to boot hundreds of machines
using a read-only NFS export of their common rootfs.
To be able to run services that need to write in /var, we can't just
have /var as a tmpfs, because it contains files installed by packages
that are required by some services to run. Our current solution was to
have /var in read-only, but have a list of directories where some
services actually write (/var/log, /var/spool/mail, etc) and mount
them as tmpfs.
This year, some services like systemd-timesyncd are shipped with
DynamicUser=yes by default in our distribution (Archlinux), which
means the above solution no longer works. My understanding is that
systemd requires a writable /var to be able to symlink the state
directory the first time it is launched.
Our only option here, if we don't want to manually disable dynamic
users in all the services, seems to be to mount /var in a
copy-on-write overlayfs. We could do that, but it's a bit cutting edge
and dangerous for us. Two years ago, overlayfs didn't even support nfs
as its lower directory, that's why we avoided it so far.
As I know you don't like to add requirements to have a writable /var,
I'd love to have your input on this issue! Is there anything we missed
that would allow us to keep using dynamic user services with a
read-only /var, or do we have to use the overlay solution?
Thanks,
</pre>
</blockquote>
<br>
<div class="moz-signature">-- <br>
<div>
<link href="https://fonts.googleapis.com/css?family=Raleway"
rel="stylesheet" type="text/css">
<font face="Raleway, regular">
<table style="padding:20px;margin-bottom:-10px" border="0">
<tbody>
<tr>
<td style="font-size:13px; color:#ff8054; text-align:
center; padding-right:30px"> <a
href="http://www.smile.eu/"> <img
style="max-width:100%; height:auto"
src="http://ftp.smile.fr/client/Communication/signature/img/Logo-new.png"
alt="SMILE"> </a><br>
<br>
<p style="line-heigth:8px">20 rue des Jardins<br>
92600 Asnières-sur-Seine</p>
</td>
<td style="border-left: 1px solid #3b7ffe;
padding-left:20px; font-size:13px; color:#ff8054;">
<div style="color:#ff8054; font-size:14px;"> <b>Jérémy
ROSEN</b> </div>
<div style="color:#3b7ffe; font-size:13px;">
Architecte technique<br>
Responsable de l'expertise Smile-ECS </div>
<br>
<div style="color:#3b7ffe; font-size:13px;"> <span
style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/mail.png"
alt="email" height="10" width="12"> <a
href="mailto:jeremy.rosen@smile.fr"
style="color:#3b7ffe; font-size:13px;
text-decoration:none;">jeremy.rosen@smile.fr</a>
</span> <br>
<span style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/phone.png"
alt="phone" height="10" width="10"></span>
+33141402967 <br>
<span style="white-space: nowrap"><img
style="margin-right:5px"
src="http://ftp.smile.fr/client/Communication/signature/img/web.png"
alt="url" height="12" width="12">
<a href="http://www.smile.eu"
style="color:#3b7ffe; font-size:13px;
text-decoration:none;">http://www.smile.eu</a> </span>
</div>
<br>
<div> <span><a style="margin-right:5px"
href="https://twitter.com/GroupeSmile"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-twitter.png"
alt="Twitter" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://www.facebook.com/smileopensource"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-facebook.png"
alt="Facebook" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://www.linkedin.com/company/smile"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-linkedin.png"
alt="LinkedIn" style="max-width:100%;
height:auto"></a></span> <span><a
style="margin-right:5px"
href="https://github.com/Smile-SA"><img
src="http://ftp.smile.fr/client/Communication/signature/img/rs-github.png"
alt="Github" style="max-width:100%;
height:auto"></a></span> </div>
</td>
</tr>
</tbody>
</table>
<br>
<div> <a
href="http://smile.eu/?utm_source=signature&utm_medium=email&utm_campaign=signature"><img
src="http://signature.smile.eu/assets/img/bandeau_mail_smile2017.gif.gif"
alt="Découvrez l’univers Smile, rendez-vous sur
smile.eu" border="0"></a></div>
<br>
<div style="color:#a3acb5; font-size:10px;"> <img
src="http://ftp.smile.fr/client/Communication/signature/img/eco.png"
alt="eco" height="11" width="13"> Pour la planète,
n'imprimez ce mail que si c'est nécessaire </div>
</font>
</div>
</div>
</body>
</html>