Summary: | www-servers/nginx - Add /var/tmp/nginx/{client,proxy,fastcgi,scgi,uwsgi} in tmpfiles.d. | ||
---|---|---|---|
Product: | Gentoo Linux | Reporter: | Yuan Ye <yuanyelele> |
Component: | [OLD] Server | Assignee: | Benedikt Böhm (RETIRED) <hollow> |
Status: | RESOLVED INVALID | ||
Severity: | normal | CC: | dev-zero, nikoli, tomwij |
Priority: | Normal | ||
Version: | unspecified | ||
Hardware: | All | ||
OS: | Linux | ||
Whiteboard: | |||
Package list: | Runtime testing required: | --- | |
Bug Depends on: | 396003 | ||
Bug Blocks: |
Description
Yuan Ye
2012-12-12 06:25:55 UTC
Discussion on lwn.net about /var/tmp and /tmp: http://lwn.net/Articles/436118/ tmpfiles.d support has been added in OpenRC. http://git.overlays.gentoo.org/gitweb/?p=proj%2Fopenrc.git&a=search&h=HEAD&st=commit&s=tmpfiles.d freenode #systemd irc log (11:07:20 AM) yuanyelele: Hi, all. When I use systemd to start nginx, it complains 'nginx: [emerg] mkdir() "/var/tmp/nginx/client" failed (2: No such file or directory)' but that directory do exist. However, if I start nginx manually, no error occurs. I use service file here: http://en.gentoo-wiki.com/wiki/Systemd#nginx (11:24:14 AM) mue_: yuanyelele: it will work if you comment the PrivateTmp directive, however that's just a workaround. i don't know what the proper fix is (11:26:06 AM) yuanyelele: mue_: thanks! what does PrivateTmp mean? (11:27:23 AM) mue_: "If enabled this option will ensure that the /tmp directory the service will see is private and isolated from the host system's /tmp. /tmp traditionally has been a shared space for all local services and users." (11:27:32 AM) mue_: http://0pointer.de/blog/projects/security.html (11:30:01 AM) yuanyelele: Ok, but /var/tmp and /tmp are two differient dirs (11:31:19 AM) mue_: yuanyelele: /var/tmp can and should be a symlink ti /tmp (11:31:35 AM) yuanyelele: what? (11:32:25 AM) yuanyelele: I'm on gentoo system. Some package (ccache, nginx, for example) install files in /var/tmp (11:36:09 AM) yuanyelele: So I guess, if PrivateTmp is enabled, in the new file system namespace that systemd enabled, /var/tmp is symlinked to /tmp. (11:36:52 AM) mue_: yea (11:43:29 AM) yuanyelele: FHS: "Files and directories located in /var/tmp must not be deleted when the system is booted. Although data stored in /var/tmp is typically deleted in a site-specific manner, it is recommended that deletions occur at a less frequent interval than /tmp. " (11:46:46 AM) ohsix: quoting FHS isn't a good way to make a point (11:49:58 AM) yuanyelele: systemd is said to be distribution-neutral, but at least in gentoo, /var/tmp and /tmp are differient. (11:50:52 AM) yuanyelele: So maybe PrivateTmp and PrivateVarTmp? Or even better, PrivateDir /tmp (11:52:15 AM) ohsix: patch around the gentoo problems :] (11:53:54 AM) yuanyelele: :( (11:54:05 AM) ohsix: think about when it's safe to clean /tmp, and what it means to do it "less often" for /var/tmp (11:55:05 AM) ohsix: FHS reads like a forensic investigation about what some distro/unix-alike did (11:57:44 AM) ohsix: if you never get to a safe situation to clean /tmp, then you will also never clean /var/tmp; their relationship is irrelevant because they are equivalent for any nontrivial timeframe (11:57:48 AM) yuanyelele: Yes, I admit FHS is not very clear about this issue. (11:59:55 AM) ohsix: interestingly enough, private /tmp lets you keep it way more clean, as its lifestyle is tied to the service and it running or not, instead of the machine running or not (12:01:24 PM) yuanyelele: But there is also NOT any standard that states /var/tmp should be a symlink to /tmp. So systemd should not make that assumption. (12:01:48 PM) ohsix: if they are equivalent then why not? (12:02:28 PM) ohsix: you clean both when it's safe, at shutdown, but one is "less often"; how less often? (12:03:07 PM) yuanyelele: "Files and directories located in /var/tmp must not be deleted when the system is booted." (12:03:17 PM) ohsix: every other reboot? is that useful for software that stores stuff in /var/tmp because it's cleaned less often? (12:03:51 PM) ohsix: it's not safe to delete anything in a tmp dir outside of boot/shutdown (12:04:12 PM) ohsix: fifos and files for long running applications are kept there (12:04:22 PM) yuanyelele: So is that nginx's problem that they need /var/tmp/nginx/client directory created before starting nginx? (12:04:36 PM) ohsix: is it? (12:04:55 PM) meskarune: anyone here know something about gunicorn and systemd? (12:04:59 PM) ohsix: if it expects the package manager to do it, then it probably is (12:06:40 PM) ohsix: yuanyelele: line 324 says it's a packaging problem http://sources.gentoo.org/cgi-bin/viewvc.cgi/gentoo-x86/www-servers/nginx/nginx-1.3.8.ebuild?view=markup (12:08:35 PM) ohsix: http://nginx.org/en/docs/http/ngx_http_core_module.html#client_body_temp_path (12:10:37 PM) yuanyelele: ohsix: So your opinion is gentoo should not set client_body_temp_path to something in /var/tmp? (12:11:57 PM) ohsix: well, the documentation says /spool; that doesn't imply /var/spool, but it does imply something other than /tmp; you would probably talk to the ebuild maintainer to see if there is a reason to configure it at all (12:13:19 PM) ohsix: just the same, you can work around the packaging problem with tmpfiles.d, and have it create the directory at boot (12:14:48 PM) yuanyelele: Oh, thank you. I did not know that! (12:14:59 PM) ohsix: even the ebuilds usage of /var/tmp isn't incorrect, per-se; but assuming a directory created at install time will survive indefinitely is (12:17:31 PM) ohsix: specifically, it should be documented somewhere in the gentoo project that the lifecycle of /var/tmp is assured in some way, or the package is broken the second someone doesn't follow it (12:21:10 PM) mue_: yuanyelele: are you going to file a bug? these directories are already created in the init script ... i have removed the keepdir from the ebuild |