Bug#773313: systemd tmpfiles errantly auto-cleans PrivateTmp /var/tmp

Jason Gunthorpe jgunthorpe at obsidianresearch.com
Tue Dec 16 17:55:44 GMT 2014 

Package: systemd
Version: 215-7
Severity: important

The debian systemd package is erasing temporary files under the
PrivateTmp=yes directories in /var/tmp/ (ie
/var/tmp/systemd-private-%b-bar/tmp/foo), this breaks deamons that
expect that /var/tmp is not cleaned.

This is being caused by a conflict between a debian patch and a
systemd bug. Since the intent of the debian patch was to diable
cleaning /var/tmp files I recommend cherry picking the trivial systemd
upstream patch into jessie.

The Debian specific patch
debian/patches/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch:

--- a/tmpfiles.d/tmp.conf
+++ b/tmpfiles.d/tmp.conf
@@ -8,8 +8,8 @@
 # See tmpfiles.d(5) for details
 
 # Clear tmp directories separately, to make them easier to override
-d /tmp 1777 root root 10d
-d /var/tmp 1777 root root 30d
+D /tmp 1777 root root -
+#d /var/tmp 1777 root root 30d

Removes the entry for /var/tmp, however it leaves the ignores later in
the file:

# Exclude namespace mountpoints created with PrivateTmp=yes
x /tmp/systemd-private-%b-*
X /tmp/systemd-private-%b-*/tmp
x /var/tmp/systemd-private-%b-*
X /var/tmp/systemd-private-%b-*/tmp

Having an X line without a aged parent directory triggers a systemd
bug which is already fixed in upstream. Removing the four lines above
would also avoid the bug.

http://cgit.freedesktop.org/systemd/systemd/commit/src/tmpfiles/tmpfiles.c?id=9ed2a35e93f4a9e82585f860f54cdcbbdf3e1f86

>From 9ed2a35e93f4a9e82585f860f54cdcbbdf3e1f86 Mon Sep 17 00:00:00 2001
From: Richard Weinberger <richard at nod.at>
Date: Tue, 9 Sep 2014 11:09:37 +0200
Subject: systemd-tmpfiles: Fix IGNORE_DIRECTORY_PATH age handling

If one has a config like:
d /tmp 1777 root root -
X /tmp/important_mount

All files below /tmp/important_mount will be deleted as the
/tmp/important_mount item will spuriously inherit a max age of 0
from /tmp.
/tmp has a max age of 0 but age_set is (of course) false.

This affects also the PrivateTmp feature of systemd.
All tmp files of such services will be deleted unconditionally
and can cause service failures and data loss.

Fix this by checking ->age_set in the IGNORE_DIRECTORY_PATH logic.

diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c
index f9830c4..7eafd6b 100644
--- a/src/tmpfiles/tmpfiles.c
+++ b/src/tmpfiles/tmpfiles.c
@@ -1576,7 +1576,7 @@ static int read_config_file(const char *fn, bool ignore_enoent) {
                                 candidate_item = j;
                 }
 
-                if (candidate_item) {
+                if (candidate_item && candidate_item->age_set) {
                         i->age = candidate_item->age;
                         i->age_set = true;
                 }

More information about the Pkg-systemd-maintainers mailing list