[RFC] XDG_RUNTIME_DIR

Lennart Poettering mzkqt at 0pointer.de
Sat Nov 6 15:03:23 PDT 2010 

Heya,

Ryan Lortie and I have been sitting down here at the GNOME Summit and
have discussed an older proposal that was posted on the XDG ML by Ryan a
while back, regarding definition of a directory where user applications
can store runtime files and other file objects (sockets, ...) in. That
directory should be machine-local, fully-featured (i.e. not on NFS) and
its lifetime should be bound to the user actually being logged in. It is
as such something like a per-user counterpart of /var/run.

So, here's what we propose: some kind of session manager should set
$XDG_RUNTIME_DIR for all user processes to a directory for which the
following rules apply:

- It is owned by the user and the user is the only one having write
access to it

- The directory may be deleted (and should be deleted) after the user
fully logged off or the machine is shut down.

- The directory is on a local file system, and not shared with other
machines.

- The directory is fully featured, i.e. the majority of file system
features the OS provides should be supported on it. More precisely, on
Unix AF_UNIX sockets, symlinks, proper permissions, file locking,
sparse files, mmap, hard link count must be available. (It is in fact
recommended to use tmpfs or something similar as backing file system)

- Files in the directories may be deleted by the OS if they are older
than 12h. If an app wants to make sure that files it creates shall
stay around longer it should update the mtime at least every 6h, or
alternatively set the file sticky bit on the file.

- Applications making use of this feature which do not find
$XDG_RUNTIME_DIR to be set, should fall back to some other directory
providing similar capabilities, and print a warning.

Why all this?

Mostly to have a secure place where user applications may place their
unix sockets for communication, so that peers can discover the path
safely without having to set all sockets via env vars for all
processes. This is particular important to allow socket based activation
in the session.

systemd already implements this logic mostly, and Ryan updated GLib
accordingly, too.

I am writing this mail as a bit of a heads-up, as I plan to update the
XDG basedir spec accordingly soon to make this official and push that to
git, unless there's greater opposition against this plan.

Comments?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.

More information about the xdg mailing list