[HEADS-UP] Moving /var/run and /var/lock to tmpfs in Rawhide

Paul Wouters paul at xelerance.com
Tue Nov 30 19:25:50 UTC 2010

On Mon, 29 Nov 2010, Toshio Kuratomi wrote:

> * after a reboot, the application is able to startup and write to a directory
>  in /var/run and/or /var/lock.

All daemons should already be able to do that (meaning init scripts dealing
with non-existing directories)

> * The sysadmin would like to be able to see who owns the directories and
>  lock files in /var/run and/or /var/lock so rpm -qf /var/run/foo/ should
>  tell them that.

Sure, and that's a difference. My daemons own their dirs, and it is suggested
to %ghost these (and any potential files, though files I'd say that since
they're in a very specific directory, a sysadmin already knows what daemon
they belong to)

> corner cases:
> * After installation but before reboot, the application is able to startup
>  and write to a directory in /var/run and/or /var/lock

Handled with the sam initscript code that should already exist.

> * After removal but before reboot, the directories that aren't needed are
>  cleaned up from /var/run and /var/lock

This will also be covered already if the spec file has these directories
listed (ghosted or not). Daemons tend to remove all the files in these dirs already on stop, which is called before removal anyway.

> So with all this, we know a few things:
> 1) The rpm metadata has to carry information about the directories (and
> should for files as well) inside of /var/run and /var/lock.  To me we should
> just put the directories in per normal and %ghost any files (which is what
> we should be doing already but probably aren't always).

I don't see too much value on ghosting files, but no objection either.

> 2) The act of installing the rpm should create the necessary directories.


> 3) We have to use tmpfiles.d to create the directories on reboot.

Why? If the initscripts do this already it should be fine. The only reason
I've heard so far is to do selinux context items, which I'm mostly
unfamiliar with (but would hope that most of the required permissions on
those are inherited from the parent directory policy?)

I would really like to avoid having THREE places to create directories
in /var/run and /var/lock, those being spec file, init scripts AND tmpfiles.d


More information about the devel mailing list