Package: systemd Version: 215-7 Severity: important The debian systemd package is erasing temporary files under the PrivateTmp=yes directories in /var/tmp/ (ie /var/tmp/systemd-private-%b-bar/tmp/foo), this breaks deamons that expect that /var/tmp is not cleaned.
This is being caused by a conflict between a debian patch and a systemd bug. Since the intent of the debian patch was to diable cleaning /var/tmp files I recommend cherry picking the trivial systemd upstream patch into jessie. The Debian specific patch debian/patches/Bring-tmpfiles.d-tmp.conf-in-line-with-Debian-defaul.patch: --- a/tmpfiles.d/tmp.conf +++ b/tmpfiles.d/tmp.conf @@ -8,8 +8,8 @@ # See tmpfiles.d(5) for details # Clear tmp directories separately, to make them easier to override -d /tmp 1777 root root 10d -d /var/tmp 1777 root root 30d +D /tmp 1777 root root - +#d /var/tmp 1777 root root 30d Removes the entry for /var/tmp, however it leaves the ignores later in the file: # Exclude namespace mountpoints created with PrivateTmp=yes x /tmp/systemd-private-%b-* X /tmp/systemd-private-%b-*/tmp x /var/tmp/systemd-private-%b-* X /var/tmp/systemd-private-%b-*/tmp Having an X line without a aged parent directory triggers a systemd bug which is already fixed in upstream. Removing the four lines above would also avoid the bug. http://cgit.freedesktop.org/systemd/systemd/commit/src/tmpfiles/tmpfiles.c?id=9ed2a35e93f4a9e82585f860f54cdcbbdf3e1f86 >From 9ed2a35e93f4a9e82585f860f54cdcbbdf3e1f86 Mon Sep 17 00:00:00 2001 From: Richard Weinberger <[email protected]> Date: Tue, 9 Sep 2014 11:09:37 +0200 Subject: systemd-tmpfiles: Fix IGNORE_DIRECTORY_PATH age handling If one has a config like: d /tmp 1777 root root - X /tmp/important_mount All files below /tmp/important_mount will be deleted as the /tmp/important_mount item will spuriously inherit a max age of 0 from /tmp. /tmp has a max age of 0 but age_set is (of course) false. This affects also the PrivateTmp feature of systemd. All tmp files of such services will be deleted unconditionally and can cause service failures and data loss. Fix this by checking ->age_set in the IGNORE_DIRECTORY_PATH logic. diff --git a/src/tmpfiles/tmpfiles.c b/src/tmpfiles/tmpfiles.c index f9830c4..7eafd6b 100644 --- a/src/tmpfiles/tmpfiles.c +++ b/src/tmpfiles/tmpfiles.c @@ -1576,7 +1576,7 @@ static int read_config_file(const char *fn, bool ignore_enoent) { candidate_item = j; } - if (candidate_item) { + if (candidate_item && candidate_item->age_set) { i->age = candidate_item->age; i->age_set = true; } -- To UNSUBSCRIBE, email to [email protected] with a subject of "unsubscribe". Trouble? Contact [email protected]
