From Fedora Project Wiki

Revision as of 22:29, 15 December 2010 by Toshio (talk | contribs) (Section for how to construct a tmpfiles.d conf file)

This page is a draft only
It is still under construction and content may change. Do not rely on the information on this page.

In Fedora 15 and above, /var/run and /var/lock are tmpfs filesystems. As such, they are created empty on every reboot. For files intended to be placed into those directories, this should normally not pose any problems. For directories, however, we often need to create the directories ahead of time. This is best done using the tmpfiles.d mechanism that both upstart and systemd share.

tmpfiles.d configuration

Configuring tmpfiles.d just involves dropping a file into %{_sysconfdir}/tmpfiles.d/ that tells the init system what directories need to be created.

For example, the httpd package needs a few directories to be created in /var/run in order for apache to run. The packager needs to create a file named apache.conf that is installed as %{_sysconfdir}/tmpfiles.d/apache.conf. The file has the following lines:

d /var/run/httpd 0710 root apache 1s

The format of the line is as follows:

  • d specifies that a directory is to be created if it doesn't exist
  • /var/run/httpd is the filesystem path to create
  • 0710 are the permissions to apply to the directory when it is created
  • root is the owner of the directory
  • apache is the group that owns the directory
  • 1s the last field is for age which specifies to delete some files in the directory. For installing directories in /var/run and /var/lock this can be set to a very low number (here, 1 second) as the files should always be cleaned up on boot

Example spec file

Why not create the directories with XXXXXX instead?

There are multiple ways to try creating the directories but most suffer some disadvantage that tmpfiles.d addresses:

Have the daemon create the directory when it starts up

Many times, daemons run as an unprivileged user who would not be allowed to create new directories directly into /var/run or /var/lock.

Have the init script create the directory when it starts up the daemon

Since the init script is run by root, before the daemon drops privileges, why not create the directories there?

  • This code would need to be implemented in every init script packaged. Since both upstart and systemd support tmpfiles.d, we can cut down on the number of places we have to put code like this.
  • Having to add the mkdir to the systemd unit files when tmpfiles.d is already in place introduces the need to run shell code for that init script. Systemd is no longer able to handle starting the daemon by itself which slows things down. The shell code also introduces imperative constructs into the otherwise declarative structure which is nice to avoid.
  • Properly labelling the created directories is done automatically by the tmpfiles.d mechanism but would have to be manually done by the init script.

Links