diff options
| author | Daan De Meyer <daan.j.demeyer@gmail.com> | 2023-06-06 17:44:09 +0200 |
|---|---|---|
| committer | Daan De Meyer <daan.j.demeyer@gmail.com> | 2023-06-21 12:48:46 +0200 |
| commit | 9c0c670125ff065c22c12bb82f1f20c7b2c8c46d (patch) | |
| tree | ce51381fbcc6844f0f480db1aeb55ec7dfd97281 /tmpfiles.d | |
| parent | tmpfiles: Add note to man page about guaranteed cleanup for files/directories (diff) | |
| download | systemd-9c0c670125ff065c22c12bb82f1f20c7b2c8c46d.tar.xz systemd-9c0c670125ff065c22c12bb82f1f20c7b2c8c46d.zip | |
core: Add RootEphemeral= setting
This setting allows services to run in an ephemeral copy of the root
directory or root image. To make sure the ephemeral copies are always
cleaned up, we add a tmpfiles snippet to unconditionally clean up
/var/lib/systemd/ephemeral. To prevent in use ephemeral copies from
being cleaned up by tmpfiles, we use the newly added COPY_LOCK_BSD
and BTRFS_SNAPSHOT_LOCK_BSD flags to take a BSD lock on the ephemeral
copies which instruct tmpfiles to not touch those ephemeral copies as
long as the BSD lock is held.
Diffstat (limited to 'tmpfiles.d')
| -rw-r--r-- | tmpfiles.d/systemd.conf.in | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/tmpfiles.d/systemd.conf.in b/tmpfiles.d/systemd.conf.in index fa838d8d06..3781c579e0 100644 --- a/tmpfiles.d/systemd.conf.in +++ b/tmpfiles.d/systemd.conf.in @@ -60,6 +60,10 @@ a+ /var/log/journal/%m/system.journal - - - - group:wheel:r-- d /var/lib/systemd 0755 root root - d /var/lib/systemd/coredump 0755 root root 3d +# Files and directories in /var/lib/systemd/ephemeral-trees are locked by pid 1 to prevent tmpfiles from +# removing them, and tmpfiles is told to clean up anything in /var/lib/systemd/ephemeral-trees that isn't +# locked unconditionally. +d /var/lib/systemd/ephemeral-trees 0755 root root 0 d /var/lib/private 0700 root root - d /var/log/private 0700 root root - |