Re: [pve-devel] [PATCH manager 1/4] add tpmfiles.d config to create /run/pve directory

From: Thomas Lamprecht <t.lamprecht@proxmox.com>
To: Proxmox VE development discussion <pve-devel@lists.proxmox.com>,
	Fiona Ebner <f.ebner@proxmox.com>
Subject: Re: [pve-devel] [PATCH manager 1/4] add tpmfiles.d config to create /run/pve directory
Date: Wed, 14 May 2025 20:08:03 +0200	[thread overview]
Message-ID: <e8801885-0dae-4e29-aea4-c7dc542be750@proxmox.com> (raw)
In-Reply-To: <20250513105652.67403-2-f.ebner@proxmox.com>

Am 13.05.25 um 12:56 schrieb Fiona Ebner:
> The pve-lxc-syscalld systemd service currently uses /run/pve as a
> runtime directory. This means, that when the service is restarted, the
> directory will be recreated. But the /run/pve directory is not just
> used as the runtime directory of this service, but also for other
> things, e.g. storage tunnel and mtunnel sockets, container stderr logs
> as well as pull metric cache and lock, which will be lost when the
> service is restarted.
> 
> The plan is to give the service its own runtime directory that is only
> used for that purpose and nothing else. However, this means the
> /run/pve directory will not get created automatically anymore (e.g.
> pull metric relies on the existence already). Add this tmpfiles.d
> configuration to create it automatically again. Note that the
> permissions/owner are different now. As the runtime directory, it was
> created with 0755 root:root. This tmpfiles.conf configuration
> aligns the permissions/owner with the ones /run/pve-cluster has, i.e.
> 0750 root:www-data.
> 
> Signed-off-by: Fiona Ebner <f.ebner@proxmox.com>
> ---
> 
> We could also opt for 0750 root:root, not sure.

Would indeed better match the currently used /run/pve ownership.

> 
>  configs/Makefile          | 1 +
>  configs/pve-tmpfiles.conf | 2 ++
>  2 files changed, 3 insertions(+)
>  create mode 100644 configs/pve-tmpfiles.conf
> 
> diff --git a/configs/Makefile b/configs/Makefile
> index fa586e28..36f4f75a 100644
> --- a/configs/Makefile
> +++ b/configs/Makefile
> @@ -14,6 +14,7 @@ install: country.dat vzdump.conf pve-sources.list pve-initramfs.conf pve-blackli
>  	install -D -m 0644 pve-initramfs.conf $(DESTDIR)/etc/initramfs-tools/conf.d/pve-initramfs.conf
>  	install -D -m 0644 country.dat $(DESTDIR)/usr/share/$(PACKAGE)/country.dat
>  	install -D -m 0644 proxmox-ve-default.link $(DESTDIR)/usr/lib/systemd/network/99-default.link.d/proxmox-mac-address-policy.conf
> +	install -D -m 0644 pve-tmpfiles.conf $(DESTDIR)/usr/lib/tmpfiles.d/pve-tmpfiles.conf

You can use dh_installtmpfiles [0] for this and just add the relevant config in
a "debian/package.tmpfiles" file. With debhelper compat level 13 that helper
will be run by default [1], and as level 13 is the recommended level for Trixie,
I plan to switch all packages over to that anyway.

0: https://manpages.debian.org/trixie/debhelper/dh_installtmpfiles.1.en.html
1: https://manpages.debian.org/testing/debhelper/debhelper-compat-upgrade-checklist.7.en.html#v13

>  
>  clean:
>  	rm -f country.dat
> diff --git a/configs/pve-tmpfiles.conf b/configs/pve-tmpfiles.conf
> new file mode 100644
> index 00000000..01c3275b
> --- /dev/null
> +++ b/configs/pve-tmpfiles.conf
> @@ -0,0 +1,2 @@
> +#Type Path     Mode User Group    Age Argument
> +d     /run/pve 0750 root www-data -   -

_______________________________________________
pve-devel mailing list
pve-devel@lists.proxmox.com
https://lists.proxmox.com/cgi-bin/mailman/listinfo/pve-devel