On Mon, 23 Feb 2015 18:05, Andrei Borzenkov <arvidjaar@...> wrote:
В Mon, 23 Feb 2015 11:22:20 -0500 Patrick Shanahan <paka@opensuse.org> пишет:
The files below /usr/lib/tmpfiles.d/ indicate a 30d default for the most part, but do not show what I was looking for, time for removing stale systemd-private* directories
I think it was discussed on this list already. It is not safe to delete them because it is not known whether they belong to a running service. Current upstream version now removes these directories when service stops (change is rather intrusive to integrate in version used by 13.2). This leaves us with directories left as result of system crash which can be (unless already done) removed on startup.
I believe among packages in default installation there are probably couple of those using systemd-private-* directories and I'm not sure whether they are even enabled by default. So unless you permanently restart them it hardly can be considered an issue. On startup I delete them with
bor@opensuse:~> cat /etc/tmpfiles.d/remove-systemd-private.conf R /tmp/systemd-private-* R /var/tmp/systemd-private-* bor@opensuse:~>
Two services spring to mind: haveged.service rtkit-daemon.service Both of these have the "PrivateTmp=yes" setting, but I have never seen these two services use any tmpfiles at all. Additional, haveged is installed on all systems, rtkit is 'required' by pulseaudio and thus installed on most desktops. Could the PrivateTmp setting be removed of these two? That would reduce the impact for most users. I can accept the "PrivateTmp=yes" setting for rsyncd, there it makes sense in terms of privacy and security. - Yamaban.