Re: [opensuse] Cant rename/remove /var/tmp in 12.3?
On 07/31/2013 10:51 AM, Josef Wolf wrote:

in all my linux installations, I used to replace /var/tmp by a symlink to a
directory on my main user partition. The intent of this is to ensure that
there is no private information on the root partition.

With 12.3, this won't work anymore:

raven:/ # mv /var/tmp /var/tmp-orig
mv: cannot move ‘/var/tmp’ to ‘/var/tmp-orig’: Device or resource busy

raven:/ # ls -ld /var/tmp
drwxrwxrwt 15 root root 4096 Jul 31 10:41 /var/tmp

raven:/ # getfacl /var/tmp
getfacl: Removing leading '/' from absolute path names
# file: var/tmp
# owner: root
# group: root
# flags: --t

raven:/ # df /var/tmp
Filesystem 1K-blocks Used Available Use% Mounted on
/dev/mapper/cr_sda8 20649592 8361332 11239320 43% /

I get the same error when trying to delete. Even rebooting into single user
mode won't help.

Any ideas why the directory appears to be busy? Even if I remove all the
contents of the directory, it still appears to be busy. BTW: a busy directory
seems to be totally new semantics to me.

man 2 rename:

EBUSY The rename fails because oldpath or newpath is a directory that
is in use by some process (perhaps as current working directory,
or as root directory, or because it was open for reading) or is
in use by the system (for example as mount point), while the
system considers this an error. (Note that there is no require-
ment to return EBUSY in such cases—there is nothing wrong with
doing the rename anyway—but it is allowed to return EBUSY if the
system cannot otherwise handle such situations.)

That means the kernel could refuse to rename(2) the directory if it was
the current directory - but the openSUSE kernels permit it.

Another reason would be an active mount point:

linux-gbg1:~ # mkdir d

linux-gbg1:~ # mount -t tmpfs tmpfs d

linux-gbg1:~ # strace -e rename,stat,lstat mv d d-orig
stat("d-orig", 0x7fff2a9143c0) = -1 ENOENT (No such file or
lstat("d", {st_mode=S_IFDIR|S_ISVTX|0777, st_size=40, ...}) = 0
lstat("d-orig", 0x7fff2a914080) = -1 ENOENT (No such file or
rename("d", "d-orig") = -1 EBUSY (Device or resource busy)
mv: cannot move ‘d’ to ‘d-orig’: Device or resource busy
+++ exited with 1 +++

Your commands above show that /var/tmp is not the mount point (but "/" is").
How does your strace look like?

In a plain installation, I can't imagine much other reasons for EBUSY.
Did you play with some other restricting methods like SELinux etc.?
Are there suspicious entries in /proc/self/mounts?
Does "lsof /var/tmp" or "fuser /var/tmp" show something, e.g. a process
chroot-ed to /var/tmp?

Have a nice day,
