Bug#966621: Make /tmp/ a tmpfs and cleanup /var/tmp/ on a timer by default [was: Re: systemd: tmpfiles.d not cleaning /var/tmp by default]
Johannes Schauer Marin Rodrigues
josch at debian.org
Thu May 30 14:41:50 BST 2024
Hi,
Quoting Peter Pentchev (2024-05-30 10:33:08)
> > thank you for having discussed this change on d-devel and for adding
> > documentation to NEWS and release notes to announce this change. I also
> > think it is sensible to roll this only out on new installations and to keep
> > the behaviour on existing setups. Thank you for implementing that as well.
> >
> > That being said, maybe some Perl wizard knows how to do a flock on a directory
> > in Perl?
>
> I wouldn't call myself a Perl wizard by a long stretch, but I can give it a try :)
>
> > I tried this:
> >
> > use Fcntl qw(LOCK_EX);
> > opendir(my $handle, ".") or die "opendir: $!";
> [snip]
>
> Here lies your problem. The flock(2) syscall works on file descriptors,
> the things returned by open(2), not on the dirent structures returned by
> opendir(3). So you need something like this:
>
> use v5.10; # I really should switch to at least 5.16 if not 5.24
> use strict;
> use warnings;
>
> use Fcntl qw(O_RDONLY O_DIRECTORY LOCK_EX);
>
> my $dirname = "/tmp/to-be-locked";
> sysopen(my $handle, "/tmp/to-be-locked", O_RDONLY | O_DIRECTORY) or
> die "Could not open $dirname: $!\n";
> flock($handle, LOCK_EX) or
> die "Could not lock $dirname: $!\n";
>
> say "locked, it seems";
> sleep(3600);'
>
> I only put the sleep() part so I could check using lsof that
> the directory was indeed locked. And yeah, the v5.10 part is a leftover
> from the days (...until a month or two ago...) when I still had to
> support stock CentOS 7 systems; I really should train my fingers to
> put 5.24 there.
>
> Hope that helps!
it absolutely does! Thank you! I was misled by `perldoc -f flock` which states
that it works on filehandles. I'll add your name to the git commit message
unless you object. :)
I also found another issue with this change in systemd. After the upload to
unstable, 76 out of 264 mmdebstrap tests on jenkins.debian.net started to fail:
https://jenkins.debian.net/job/mmdebstrap-jenkins-worker/692/consoleText
The problem is, that debootstrap wants to mknod which will not work on a tmpfs
mounted with nodev:
+ debootstrap --no-merged-usr --variant=buildd oldstable /tmp/tmp.nWmx8YeAh3 http://127.0.0.1/debian
/usr/sbin/debootstrap: 1840: cannot create /tmp/tmp.nWmx8YeAh3/test-dev-null: Permission denied
E: Cannot install into target '/tmp/tmp.nWmx8YeAh3' mounted with noexec or nodev
Maybe this affects more CI scripts and test setups which attempt to create a
temporary chroot with debootstrap in /tmp.
The fix which is documented in systemd NEWS makes everything work again:
--customize-hook='touch "$1/etc/systemd/system/tmp.mount"'
Thanks!
cheers, josch
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: signature
URL: <http://alioth-lists.debian.net/pipermail/pkg-systemd-maintainers/attachments/20240530/e5756b80/attachment.sig>
More information about the Pkg-systemd-maintainers
mailing list