core: implicitly order units with PrivateTmp= after systemd-tmpfiles-setup.service

Preparation for fixing #4401.

diff --git a/man/systemd.exec.xml b/man/systemd.exec.xml
index 812e61553068d4b8b060a54c380909792e89234e..68af3857da182a00b7e5238621bee29e625bde33 100644 (file)
--- a/man/systemd.exec.xml
+++ b/man/systemd.exec.xml
@@ -93,10 +93,10 @@
     the specified paths. This is equivalent to having them listed
     explicitly in <varname>RequiresMountsFor=</varname>.</para>
 
-    <para>Similar, units with <varname>PrivateTmp=</varname> enabled
-    automatically get mount unit dependencies for all mounts
-    required to access <filename>/tmp</filename> and
-    <filename>/var/tmp</filename>.</para>
+    <para>Similar, units with <varname>PrivateTmp=</varname> enabled automatically get mount unit dependencies for all
+    mounts required to access <filename>/tmp</filename> and <filename>/var/tmp</filename>. They will also gain an
+    automatic <varname>After=</varname> dependency on
+    <citerefentry><refentrytitle>systemd-tmpfiles-setup.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
 
     <para>Units whose standard output or error output is connected to <option>journal</option>, <option>syslog</option>
     or <option>kmsg</option> (or their combinations with console output, see below) automatically acquire dependencies
@@ -1006,8 +1006,11 @@
         <citerefentry><refentrytitle>systemd.unit</refentrytitle><manvolnum>5</manvolnum></citerefentry> for
         details. This setting is implied if <varname>DynamicUser=</varname> is set. For this setting the same
         restrictions regarding mount propagation and privileges apply as for <varname>ReadOnlyPaths=</varname> and
-        related calls, see above.</para></listitem>
-
+        related calls, see above. Enabling this setting has the side effect of adding <varname>Requires=</varname> and
+        <varname>After=</varname> dependencies on all mount units necessary to access <filename>/tmp</filename> and
+        <filename>/var/tmp</filename>. Moreover an implicitly <varname>After=</varname> ordering on
+        <citerefentry><refentrytitle>systemd-tmpfiles-setup.service</refentrytitle><manvolnum>8</manvolnum></citerefentry>
+        is added.</para></listitem>
       </varlistentry>
 
       <varlistentry>

diff --git a/src/basic/special.h b/src/basic/special.h
index 5276bcf598f3e34b74937efd8408b8e21588d2f1..feb8e5fe21eddfa09347cdf6c43ebeb69b20dc23 100644 (file)
--- a/src/basic/special.h
+++ b/src/basic/special.h
@@ -103,6 +103,7 @@
 #define SPECIAL_DBUS_SOCKET "dbus.socket"
 #define SPECIAL_JOURNALD_SOCKET "systemd-journald.socket"
 #define SPECIAL_JOURNALD_SERVICE "systemd-journald.service"
+#define SPECIAL_TMPFILES_SETUP_SERVICE "systemd-tmpfiles-setup.service"
 
 /* Magic init signals */
 #define SPECIAL_KBREQUEST_TARGET "kbrequest.target"

diff --git a/src/core/unit.c b/src/core/unit.c
index 5d0b17425b100b2df9033f0e8f8785cfad288f54..409668f6d20724630e22dd6f5702dba45ec2ac82 100644 (file)
--- a/src/core/unit.c
+++ b/src/core/unit.c
@@ -866,11 +866,15 @@ int unit_add_exec_dependencies(Unit *u, ExecContext *c) {
                 return 0;
 
         if (c->private_tmp) {
-                r = unit_require_mounts_for(u, "/tmp");
-                if (r < 0)
-                        return r;
+                const char *p;
+
+                FOREACH_STRING(p, "/tmp", "/var/tmp") {
+                        r = unit_require_mounts_for(u, p);
+                        if (r < 0)
+                                return r;
+                }
 
-                r = unit_require_mounts_for(u, "/var/tmp");
+                r = unit_add_dependency_by_name(u, UNIT_AFTER, SPECIAL_TMPFILES_SETUP_SERVICE, NULL, true);
                 if (r < 0)
                         return r;
         }