tmpfiles: automatically remove old machine snapshots at boot

Remove old temporary snapshots, but only at boot. Ideally we'd have
"self-destroying" btrfs snapshots that go away if the last last
reference to it does. To mimic a scheme like this at least remove the
old snapshots on fresh boots, where we know they cannot be referenced
anymore. Note that we actually remove all temporary files in
/var/lib/machines/ at boot, which should be safe since the directory has
defined semantics. In the root directory (where systemd-nspawn
--ephemeral places snapshots) we are more strict, to avoid removing
unrelated temporary files.

This also splits out nspawn/container related tmpfiles bits into a new
tmpfiles snippet to systemd-nspawn.conf

diff --git a/Makefile.am b/Makefile.am
index a2e8709e5236f746048c6a159d5b4a0773b9dbd0..6ca303f6a4b9d9ef7b0f36447d1b0bfd039c055d 100644 (file)
--- a/Makefile.am
+++ b/Makefile.am
@@ -2183,7 +2183,8 @@ dist_tmpfiles_DATA = \
        tmpfiles.d/tmp.conf \
        tmpfiles.d/x11.conf \
        tmpfiles.d/var.conf \
-       tmpfiles.d/home.conf
+       tmpfiles.d/home.conf \
+       tmpfiles.d/systemd-nspawn.conf
 
 if HAVE_SYSV_COMPAT
 dist_tmpfiles_DATA += \

diff --git a/src/nspawn/nspawn.c b/src/nspawn/nspawn.c
index 7b22b8c21b882918d91f3588c737466a7bac7536..080bf060777e8791b9728394a408cf7e25ffe5a4 100644 (file)
--- a/src/nspawn/nspawn.c
+++ b/src/nspawn/nspawn.c
@@ -4522,9 +4522,9 @@ int main(int argc, char *argv[]) {
                                 goto finish;
                         }
                         if (r > 0)
-                                r = tempfn_random_child(arg_directory, NULL, &np);
+                                r = tempfn_random_child(arg_directory, "machine.", &np);
                         else
-                                r = tempfn_random(arg_directory, NULL, &np);
+                                r = tempfn_random(arg_directory, "machine.", &np);
                         if (r < 0) {
                                 log_error_errno(r, "Failed to generate name for snapshot: %m");
                                 goto finish;

diff --git a/tmpfiles.d/systemd-nspawn.conf b/tmpfiles.d/systemd-nspawn.conf
new file mode 100644 (file)
index 0000000..5a3124a
--- /dev/null
+++ b/tmpfiles.d/systemd-nspawn.conf
@@ -0,0 +1,23 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+v /var/lib/machines 0700 - - -
+
+# Remove old temporary snapshots, but only at boot. Ideally we'd have
+# "self-destroying" btrfs snapshots that go away if the last last
+# reference to it does. To mimic a scheme like this at least remove
+# the old snapshots on fresh boots, where we know they cannot be
+# referenced anymore. Note that we actually remove all temporary files
+# in /var/lib/machines/ at boot, which should be safe since the
+# directory has defined semantics. In the root directory (where
+# systemd-nspawn --ephemeral places snapshots) we are more strict, to
+# avoid removing unrelated temporary files.
+
+R! /var/lib/machines/.#*
+R! /.#machine.*

diff --git a/tmpfiles.d/var.conf b/tmpfiles.d/var.conf
index 814652a22c8b0613b21677c815f670836eb9d787..472680c3bfdcfc168ad9e6867d2fafb9fc5e2d47 100644 (file)
--- a/tmpfiles.d/var.conf
+++ b/tmpfiles.d/var.conf
@@ -18,6 +18,5 @@ f /var/log/btmp 0600 root utmp -
 d /var/cache 0755 - - -
 
 d /var/lib 0755 - - -
-v /var/lib/machines 0700 - - -
 
 d /var/spool 0755 - - -