From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <pve-devel-bounces@lists.proxmox.com>
Received: from firstgate.proxmox.com (firstgate.proxmox.com [212.224.123.68])
	by lore.proxmox.com (Postfix) with ESMTPS id B34771FF183
	for <inbox@lore.proxmox.com>; Tue, 13 May 2025 12:57:12 +0200 (CEST)
Received: from firstgate.proxmox.com (localhost [127.0.0.1])
	by firstgate.proxmox.com (Proxmox) with ESMTP id AAFD51F009;
	Tue, 13 May 2025 12:57:28 +0200 (CEST)
From: Fiona Ebner <f.ebner@proxmox.com>
To: pve-devel@lists.proxmox.com
Date: Tue, 13 May 2025 12:56:49 +0200
Message-Id: <20250513105652.67403-2-f.ebner@proxmox.com>
X-Mailer: git-send-email 2.39.5
In-Reply-To: <20250513105652.67403-1-f.ebner@proxmox.com>
References: <20250513105652.67403-1-f.ebner@proxmox.com>
MIME-Version: 1.0
X-SPAM-LEVEL: Spam detection results:  0
 AWL -2.536 Adjusted score from AWL reputation of From: address
 BAYES_00                 -1.9 Bayes spam probability is 0 to 1%
 DMARC_MISSING             0.1 Missing DMARC policy
 KAM_DMARC_STATUS 0.01 Test Rule for DKIM or SPF Failure with Strict Alignment
 KAM_SOMETLD_ARE_BAD_TLD      5 .bar, .beauty, .buzz, .cam, .casa, .cfd, .club,
 .date, .guru, .link, .live, .monster, .online, .press, .pw, .quest, .rest,
 .sbs, .shop, .stream, .top, .trade, .wiki, .work, .xyz TLD abuse
 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_RPBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 RCVD_IN_VALIDITY_SAFE_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to
 Validity was blocked. See
 https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more
 information.
 SPF_HELO_NONE           0.001 SPF: HELO does not publish an SPF Record
 SPF_PASS               -0.001 SPF: sender matches SPF record
 URIBL_BLOCKED 0.001 ADMINISTRATOR NOTICE: The query to URIBL was blocked. See
 http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more
 information. [proxmox-ve-default.link]
Subject: [pve-devel] [PATCH manager 1/4] add tpmfiles.d config to create
 /run/pve directory
X-BeenThere: pve-devel@lists.proxmox.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Proxmox VE development discussion <pve-devel.lists.proxmox.com>
List-Unsubscribe: <https://lists.proxmox.com/cgi-bin/mailman/options/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=unsubscribe>
List-Archive: <http://lists.proxmox.com/pipermail/pve-devel/>
List-Post: <mailto:pve-devel@lists.proxmox.com>
List-Help: <mailto:pve-devel-request@lists.proxmox.com?subject=help>
List-Subscribe: <https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel>, 
 <mailto:pve-devel-request@lists.proxmox.com?subject=subscribe>
Reply-To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: pve-devel-bounces@lists.proxmox.com
Sender: "pve-devel" <pve-devel-bounces@lists.proxmox.com>

The pve-lxc-syscalld systemd service currently uses /run/pve as a
runtime directory. This means, that when the service is restarted, the
directory will be recreated. But the /run/pve directory is not just
used as the runtime directory of this service, but also for other
things, e.g. storage tunnel and mtunnel sockets, container stderr logs
as well as pull metric cache and lock, which will be lost when the
service is restarted.

The plan is to give the service its own runtime directory that is only
used for that purpose and nothing else. However, this means the
/run/pve directory will not get created automatically anymore (e.g.
pull metric relies on the existence already). Add this tmpfiles.d
configuration to create it automatically again. Note that the
permissions/owner are different now. As the runtime directory, it was
created with 0755 root:root. This tmpfiles.conf configuration
aligns the permissions/owner with the ones /run/pve-cluster has, i.e.
0750 root:www-data.

Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
---

We could also opt for 0750 root:root, not sure.

 configs/Makefile          | 1 +
 configs/pve-tmpfiles.conf | 2 ++
 2 files changed, 3 insertions(+)
 create mode 100644 configs/pve-tmpfiles.conf

diff --git a/configs/Makefile b/configs/Makefile
index fa586e28..36f4f75a 100644
--- a/configs/Makefile
+++ b/configs/Makefile
@@ -14,6 +14,7 @@ install: country.dat vzdump.conf pve-sources.list pve-initramfs.conf pve-blackli
 	install -D -m 0644 pve-initramfs.conf $(DESTDIR)/etc/initramfs-tools/conf.d/pve-initramfs.conf
 	install -D -m 0644 country.dat $(DESTDIR)/usr/share/$(PACKAGE)/country.dat
 	install -D -m 0644 proxmox-ve-default.link $(DESTDIR)/usr/lib/systemd/network/99-default.link.d/proxmox-mac-address-policy.conf
+	install -D -m 0644 pve-tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/pve-tmpfiles.conf
 
 clean:
 	rm -f country.dat
diff --git a/configs/pve-tmpfiles.conf b/configs/pve-tmpfiles.conf
new file mode 100644
index 00000000..01c3275b
--- /dev/null
+++ b/configs/pve-tmpfiles.conf
@@ -0,0 +1,2 @@
+#Type Path     Mode User Group    Age Argument
+d     /run/pve 0750 root www-data -   -
-- 
2.39.5



_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel