Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]

Peter Pentchev roam at ringlet.net
Thu May 30 09:33:08 BST 2024 

On Thu, May 30, 2024 at 08:35:47AM +0200, Johannes Schauer Marin Rodrigues wrote:
> Hi,
> 
> Quoting Luca Boccassi (2024-05-28 01:54:08)
> > Thanks for the useful input, the following has been done:
> > 
> > - existing installations pre-trixie will get an orphaned tmpfiles.d in
> > /etc/ that keeps the existing behaviour unchanged (no cleanup of
> > /var/tmp)
> > - openssh and tmux have been fixed to provide a tmpfiles.d exception
> > to retain their respective files
> > - the /tmp/ description in debian-installer has been updated to note
> > it is a tmpfs by default (via a commit in partman-basicfilesystems,
> > will upload if nobody gets around to it before Trixie's freeze)
> > - two paragraphs have been provided for the release notes ticket
> > - the changes are also noted in NEWS, with instructions on how to
> > override locally
> > - as mentioned, the latest upload to unstable makes /tmp/ a tmpfs by
> > default and for new installations 10+ days old files in /tmp/ and 30+ days
> > old files in /var/tmp/ are cleaned up daily
> 
> thank you for having discussed this change on d-devel and for adding
> documentation to NEWS and release notes to announce this change. I also think
> it is sensible to roll this only out on new installations and to keep the
> behaviour on existing setups. Thank you for implementing that as well.
> 
> That being said, maybe some Perl wizard knows how to do a flock on a directory
> in Perl?

I wouldn't call myself a Perl wizard by a long stretch, but I can give it a try :)

>  I tried this:
> 
> use Fcntl qw(LOCK_EX);
> opendir(my $handle, ".") or die "opendir: $!";
[snip]

Here lies your problem. The flock(2) syscall works on file descriptors,
the things returned by open(2), not on the dirent structures returned by
opendir(3). So you need something like this:

    use v5.10;  # I really should switch to at least 5.16 if not 5.24
    use strict;
    use warnings;

    use Fcntl qw(O_RDONLY O_DIRECTORY LOCK_EX);

    my $dirname = "/tmp/to-be-locked";
    sysopen(my $handle, "/tmp/to-be-locked", O_RDONLY | O_DIRECTORY) or
        die "Could not open $dirname: $!\n";
    flock($handle, LOCK_EX) or
        die "Could not lock $dirname: $!\n";

    say "locked, it seems";
    sleep(3600);'

I only put the sleep() part so I could check using lsof that
the directory was indeed locked. And yeah, the v5.10 part is a leftover
from the days (...until a month or two ago...) when I still had to
support stock CentOS 7 systems; I really should train my fingers to
put 5.24 there.

Hope that helps!

G'luck,
Peter

-- 
Peter Pentchev  roam at ringlet.net roam at debian.org peter at morpheusly.com
PGP key:        https://www.ringlet.net/roam/roam.key.asc
Key fingerprint 2EE7 A7A5 17FC 124C F115  C354 651E EFB0 2527 DF13
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20240530/4db08a02/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list