2014-03-01 15:46 GMT+01:00 Colin Walters <walt...@verbum.org>: > Hi, > > So for OSTree I am trying to move to a model where services populate the > contents of /var on *start*. See previous discussion here: > > https://www.mail-archive.com/systemd-devel@lists.freedesktop.org/msg07859.html > > The really great part about this is that one is then able to totally reset > OS state at any time by simply just doing a shutdown of services, then "rm > -rf /var/*", then reboot. (You can also reset /etc, that's a separate > discussion) > > Now while patching the service code itself got me pretty far, ultimately > there are a lot of RPMs and such out there...so what I ended up doing for > rpm-ostree was to generate tmpfiles.d snippets from the /var content: > > https://github.com/cgwalters/rpm-ostree/commit/f8ddf38aa2dce207399d5e485842168eb2540e5f > > Basically we end up with a gigantic > /usr/lib/tmpfiles.d/rpm-ostree-autovar.conf that has stuff like: > > d /var/spool/mail 0775 0 12 - - > d /var/lib/dnsmasq 0755 0 0 - - > ... > > The problem with this is it all happens on boot, and it doesn't really > scale. I want the RPMs (and packages in general) to do this by default. > > So what's the problem with patching the world to do mkdir() on bootup? > > 1) Lots of work > 2) Loss of association between package data and directory. While this is > pretty minor, it *is* useful to be able to do rpm -qf /var/kerberos > and see that it comes from the "krb5-libs" package. > 3) SELinux labeling - any service that creates a directory like this will > have to be sure it labels it correctly. While the latest SELinux does > have > support for doing this automatically, it'd still be better if it was > done at a more trusted level. > > What I really want is an easy way to bind tmpfiles.d snippets to unit > startup. > Something like: > > StateDirectory=/var/kerberos 0755 0 0 > > (Why not full tmpfiles.d syntax? Well I can't think of a good reason to > make > a *file* on startup. There are packages that ship plain files in /var but > I'd say they're broken.) > > With this, it's easy to do without patching the service. It retains the > association (if a bit indirect) between the service and its state directory, > because you can query ownership of the .service file. And systemd ensures > SELinux labeling happens correctly. > > Thoughts? Should be a pretty easy patch.
I vaguely remember that we exactly had this discussion a while ago. Unfortunately I'm not able to find it in the archives right now. One of the objections I remember was, that this would lead to having two different ways of setting up runtime directories. -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth? _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel