Nginx needs directories /var/tmp/nginx/{client,proxy,fastcgi,scgi,uwsgi} before can be started. Currently they are created by 'keepdir' in the ebuild. If /var/tmp is tmpfs (maybe symlink or bind to /tmp), that will cause a problem. Systemd has config files in tmpfiles.d that could create files or directories in tmpfs. And now we have that supported in OpenRC. So I suggest add those directories in tmpfiles.d rather than the keepdir way. Reproducible: Always Steps to Reproduce: install nginx Actual Results: $ ls -aR /var/tmp/nginx/ /var/tmp/nginx/: . .. client fastcgi proxy scgi uwsgi /var/tmp/nginx/client: . .. .keep_www-servers_nginx-0 /var/tmp/nginx/fastcgi: . .. .keep_www-servers_nginx-0 /var/tmp/nginx/proxy: . .. .keep_www-servers_nginx-0 /var/tmp/nginx/scgi: . .. .keep_www-servers_nginx-0 /var/tmp/nginx/uwsgi: . .. .keep_www-servers_nginx-0 Expected Results: In config file /usr/lib/tmpfiles.d/nginx.conf, add those directories dynamically. $ cave info Package Manager Information: Package Name paludis Package Version 0.82.0 Build Date 2030-11-21T13:17:51+0800 Built with CXX x86_64-pc-linux-gnu-g++ 4.6.3 Built with CXXFLAGS -march=native -mtune=native -O2 -pipe -pedantic Built with LDFLAGS -Wl,-O1 -Wl,--as-needed Environment Information: Format paludis Config dir /etc/paludis Root / System Root / World file /var/db/pkg/world Repository gentoo: format e location /usr/portage builddir /var/tmp/paludis cache /usr/portage/metadata/md5-cache distdir /usr/portage/distfiles eapi_when_unknown 0 eapi_when_unspecified 0 eclassdirs /usr/portage/eclass layout traditional manifest_hashes SHA256 SHA512 WHIRLPOOL names_cache /var/cache/paludis/names newsdir /usr/portage/metadata/news profile_eapi_when_unspecified 0 profile_layout traditional profiles /usr/portage/profiles/default/linux/amd64/10.0 securitydir /usr/portage/metadata/glsa setsdir /usr/portage/sets sync rsync://rsync.gentoo.org/gentoo-portage/ sync_options thin_manifests false use_manifest use write_cache /var/empty Package information app-shells/bash 4.2_p39 dev-java/java-config (none) dev-lang/python 2.7.3-r2 3.2.3-r1 dev-util/ccache 3.1.8 dev-util/cmake 2.8.10.2 dev-util/pkgconfig 0.27.1 sys-apps/baselayout 2.2 sys-apps/openrc 0.11.8 sys-apps/sandbox 2.6 sys-devel/autoconf 2.13 2.69 sys-devel/automake 1.11.6 1.12.5 sys-devel/binutils 2.23.1 sys-devel/gcc 4.6.3 sys-devel/gcc-config 1.8 sys-devel/libtool 2.4.2 sys-devel/make 3.82-r4 sys-freebsd/freebsd-lib (none) sys-kernel/linux-headers 3.6 sys-libs/glibc 2.16.0 sys-libs/uclibc (none) Repository installed: format vdb location /var/db/pkg builddir /var/tmp/paludis eapi_when_unknown 0 names_cache /var/cache/paludis/names root /
Discussion on lwn.net about /var/tmp and /tmp: http://lwn.net/Articles/436118/
tmpfiles.d support has been added in OpenRC. http://git.overlays.gentoo.org/gitweb/?p=proj%2Fopenrc.git&a=search&h=HEAD&st=commit&s=tmpfiles.d
freenode #systemd irc log (11:07:20 AM) yuanyelele: Hi, all. When I use systemd to start nginx, it complains 'nginx: [emerg] mkdir() "/var/tmp/nginx/client" failed (2: No such file or directory)' but that directory do exist. However, if I start nginx manually, no error occurs. I use service file here: http://en.gentoo-wiki.com/wiki/Systemd#nginx (11:24:14 AM) mue_: yuanyelele: it will work if you comment the PrivateTmp directive, however that's just a workaround. i don't know what the proper fix is (11:26:06 AM) yuanyelele: mue_: thanks! what does PrivateTmp mean? (11:27:23 AM) mue_: "If enabled this option will ensure that the /tmp directory the service will see is private and isolated from the host system's /tmp. /tmp traditionally has been a shared space for all local services and users." (11:27:32 AM) mue_: http://0pointer.de/blog/projects/security.html (11:30:01 AM) yuanyelele: Ok, but /var/tmp and /tmp are two differient dirs (11:31:19 AM) mue_: yuanyelele: /var/tmp can and should be a symlink ti /tmp (11:31:35 AM) yuanyelele: what? (11:32:25 AM) yuanyelele: I'm on gentoo system. Some package (ccache, nginx, for example) install files in /var/tmp (11:36:09 AM) yuanyelele: So I guess, if PrivateTmp is enabled, in the new file system namespace that systemd enabled, /var/tmp is symlinked to /tmp. (11:36:52 AM) mue_: yea (11:43:29 AM) yuanyelele: FHS: "Files and directories located in /var/tmp must not be deleted when the system is booted. Although data stored in /var/tmp is typically deleted in a site-specific manner, it is recommended that deletions occur at a less frequent interval than /tmp. " (11:46:46 AM) ohsix: quoting FHS isn't a good way to make a point (11:49:58 AM) yuanyelele: systemd is said to be distribution-neutral, but at least in gentoo, /var/tmp and /tmp are differient. (11:50:52 AM) yuanyelele: So maybe PrivateTmp and PrivateVarTmp? Or even better, PrivateDir /tmp (11:52:15 AM) ohsix: patch around the gentoo problems :] (11:53:54 AM) yuanyelele: :( (11:54:05 AM) ohsix: think about when it's safe to clean /tmp, and what it means to do it "less often" for /var/tmp (11:55:05 AM) ohsix: FHS reads like a forensic investigation about what some distro/unix-alike did (11:57:44 AM) ohsix: if you never get to a safe situation to clean /tmp, then you will also never clean /var/tmp; their relationship is irrelevant because they are equivalent for any nontrivial timeframe (11:57:48 AM) yuanyelele: Yes, I admit FHS is not very clear about this issue. (11:59:55 AM) ohsix: interestingly enough, private /tmp lets you keep it way more clean, as its lifestyle is tied to the service and it running or not, instead of the machine running or not (12:01:24 PM) yuanyelele: But there is also NOT any standard that states /var/tmp should be a symlink to /tmp. So systemd should not make that assumption. (12:01:48 PM) ohsix: if they are equivalent then why not? (12:02:28 PM) ohsix: you clean both when it's safe, at shutdown, but one is "less often"; how less often? (12:03:07 PM) yuanyelele: "Files and directories located in /var/tmp must not be deleted when the system is booted." (12:03:17 PM) ohsix: every other reboot? is that useful for software that stores stuff in /var/tmp because it's cleaned less often? (12:03:51 PM) ohsix: it's not safe to delete anything in a tmp dir outside of boot/shutdown (12:04:12 PM) ohsix: fifos and files for long running applications are kept there (12:04:22 PM) yuanyelele: So is that nginx's problem that they need /var/tmp/nginx/client directory created before starting nginx? (12:04:36 PM) ohsix: is it? (12:04:55 PM) meskarune: anyone here know something about gunicorn and systemd? (12:04:59 PM) ohsix: if it expects the package manager to do it, then it probably is (12:06:40 PM) ohsix: yuanyelele: line 324 says it's a packaging problem http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-servers/nginx/nginx-1.3.8.ebuild?view=markup (12:08:35 PM) ohsix: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path (12:10:37 PM) yuanyelele: ohsix: So your opinion is gentoo should not set client_body_temp_path to something in /var/tmp? (12:11:57 PM) ohsix: well, the documentation says /spool; that doesn't imply /var/spool, but it does imply something other than /tmp; you would probably talk to the ebuild maintainer to see if there is a reason to configure it at all (12:13:19 PM) ohsix: just the same, you can work around the packaging problem with tmpfiles.d, and have it create the directory at boot (12:14:48 PM) yuanyelele: Oh, thank you. I did not know that! (12:14:59 PM) ohsix: even the ebuilds usage of /var/tmp isn't incorrect, per-se; but assuming a directory created at install time will survive indefinitely is (12:17:31 PM) ohsix: specifically, it should be documented somewhere in the gentoo project that the lifecycle of /var/tmp is assured in some way, or the package is broken the second someone doesn't follow it (12:21:10 PM) mue_: yuanyelele: are you going to file a bug?
these directories are already created in the init script ... i have removed the keepdir from the ebuild
