| 1 |
On 4/26/19 12:53 AM, Michał Górny wrote: |
| 2 |
> |
| 3 |
> No. tmpfiles is also used for programs started directly by user, such |
| 4 |
> as eix. |
| 5 |
> |
| 6 |
|
| 7 |
This configuration is buggy to begin with: if I run eix-update as my |
| 8 |
user, then the permissions on the files it creates under /var/cache/eix |
| 9 |
are wrong (mjo:mjo, mode 664). If I run eix as root and it drops |
| 10 |
privileges, then the permissions on the files it creates are correct |
| 11 |
(portage:portage, mode 664). But when I run eix as root, eix can create |
| 12 |
/var/cache/eix itself! It doesn't need the tmpfiles entry in the |
| 13 |
scenario that works. Maybe a setgid bit could make sense of things, but |
| 14 |
the simplest solution is probably best: a per-user cache. |
| 15 |
|
| 16 |
Regardless of the particulars of eix, I'm a lot skeptical of treating |
| 17 |
directories under /var/cache as temporary in the first place. It leads |
| 18 |
to problems just like this one, where a non-root process can't be sure |
| 19 |
that its cache directory will exist and have the correct permissions. In |
| 20 |
this case we've solved the problem by requiring either OpenRC or |
| 21 |
systemd, but that's not a good answer. |
| 22 |
|
| 23 |
We would be much better off if the ebuild could create that directory |
| 24 |
with the correct permissions once, and know that it will persist. The |
| 25 |
FHS is ambiguous here: |
| 26 |
|
| 27 |
https://refspecs.linuxfoundation.org/FHS_3.0/fhs/ch05s05.html |
| 28 |
|
| 29 |
It calls out files specifically, |
| 30 |
|
| 31 |
Files located under /var/cache may be expired in an application |
| 32 |
specific manner, by the system administrator, or both. The application |
| 33 |
must always be able to recover from manual deletion of these files |
| 34 |
(generally because of a disk space shortage). No other requirements |
| 35 |
are made on the data format of the cache directories. |
| 36 |
|
| 37 |
The fact that we can't track the directory /var/cache/eix without a file |
| 38 |
at /var/cache/eix/.keep is something else to worry about, but that's a |
| 39 |
problem we've caused ourselves and one worth ignoring if it saves us |
| 40 |
enough trouble. |
Archives