From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by finch.gentoo.org (Postfix) with ESMTPS id 3E256159C96 for ; Tue, 30 Jul 2024 07:13:03 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 41CE32BC01E; Tue, 30 Jul 2024 07:12:56 +0000 (UTC) Received: from mail2.aachalon.net (mail2.aachalon.net [138.201.2.46]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by pigeon.gentoo.org (Postfix) with ESMTPS id BDA5E2BC018 for ; Tue, 30 Jul 2024 07:12:53 +0000 (UTC) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=bricart.de; s=dkey201501; t=1722323569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=c3Scj25Z7mBLB2u+kjadVnPJCWenM517jxZBbNRLEx4=; b=tYHplcCtStBLzFsfVSswI3QfiZg92eEOq4ryQP7Yp0/UjEj8Z8Tm2Eac963tJdifJpLa/A O1sUbBSmWv2cGbjITLIcuszBObvY5Pt/M59uEvKPjLNB+V6yfeeP8u+h186DulUXtijyn2 TGhX5dBMPeA+wALBmoRo3kS4C5je1NBm/K1FPiOPayg6Di4MpbxnGP3dF2tvBylmEnwYyE F5uQlMSCuO5FwPcIXHDoUQP03Lo4YXWxRBq6MTzfHXfBgpV8bD1JmFktspES69GwXvjogh s/ZV2+vFfT7iBfiSOX67rSaRFbZ2tQzdhhnB8rvJQmuewWWIAixocb+Wm1/6uQ== Authentication-Results: ORIGINATING; auth=pass smtp.auth=shiva smtp.mailfrom=christian@bricart.de ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=bricart.de; s=dkey201501; t=1722323569; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references:autocrypt:autocrypt; bh=c3Scj25Z7mBLB2u+kjadVnPJCWenM517jxZBbNRLEx4=; b=h0oc5j+K9hevEV9pDEb7Dg/u7O58JcU9teia1M3GAhiLCVfa1Sfj1bXdxR2jT25hfJ1EfR C5hrR5XKfgL9bZnptd/awZ8gQ8BnZG50uJIChd0nsLF8VweFanydL0IJITtKYaLw4HAcZz V9+fh1WdXR23Io3cpYYs8mxfsMc3BZc6rWQG82RxVMRUGgU7L7s2hGdpV4bNbPZOPNGcI6 a4VVRDKCCJph/z5lJKCRwqJdeaY2B6VMo7HVBz9VlpFFYM/5O/xP3TJp7gnjx+JtrmLzt0 dic0mNWMlDFNSXSqJLOKypzr1bDOJL/3Y1dpB4bkBPsQwIOfCaLerbZlHmqlDw== ARC-Authentication-Results: i=1; ORIGINATING; auth=pass smtp.auth=shiva smtp.mailfrom=christian@bricart.de ARC-Seal: i=1; s=dkey201501; d=bricart.de; t=1722323569; a=rsa-sha256; cv=none; b=uHr/B+WzYBlKjhqLahVDmjC2LoRqZSCO/BdLmoNEJZf8znunLrQzRj/LXd9q7lM95pT4Tg t5xQYZMsWmi7M0fEzKZg3RU0Y8HqnB7sHDWxAMKZobbfISRUiQpO+8B0SNpKXVEkB0LJuZ xGJXDZfQC0vHyRIai/egUbXmFpJZolWX6hJhT0oOo7zG3pAYPBK4ujJ5Uaaa3veHp3boV/ iXiESqFTeseG7MqM4XWfJeWQoWIUjtTIKhM55UcLEMy+LHvlbG5luaax4B8Nqdt7r13sCF dijhEZHpgFmrI3IjzTLG2K78sVUpvLSIHhGFwRvR8DYQjiY1H9z3/JSNmvUWvA== Message-ID: Date: Tue, 30 Jul 2024 09:12:47 +0200 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@lists.gentoo.org Reply-to: gentoo-dev@lists.gentoo.org X-Auto-Response-Suppress: DR, RN, NRN, OOF, AutoReply MIME-Version: 1.0 User-Agent: Mozilla Thunderbird Subject: Re: [gentoo-dev] [RFC PATCH v2 04/20] www-servers/nginx: add nginx.tmpfiles for managing /var/tmp/nginx To: gentoo-dev@lists.gentoo.org References: <20240729215241.13243-1-zurabid2016@gmail.com> <20240729215241.13243-5-zurabid2016@gmail.com> Content-Language: de-CH From: Christian Bricart Autocrypt: addr=christian@bricart.de; keydata= xsFNBFYpZBgBEAC6yuq8iNFYHb8g1al3sACEW/I16R6A9HhMtifbcOYFxb1xkywWb3c6xOh7 h/9/POw/c/kLqLFFqgFIwgppA8BMk00kWeqALCQCEL8u+kkXmxhp9+OsFxJ2UAGjIXpbrVll RGHXnS47SzuJQCGUzzCPn4RKqPd7Qp1H1FbIU1gOzkg0ANEp/sfjSQV+LSTVR5Zn4JrRZxOx jaJBHpssyZANtkhI19oBFO2JwBGkETwVVh6uhUhcbN+9hmBbnC3pkwgv1Exral6pBUgEN0HS oTlIRbuCmyGi/ZleYdFw/+/rTIbNV8erMKyapKt5DYrtYOwUNU1K0LcRlqzLQdgNSRzfvmSE KUpN+Al3A/fuSM8vfPgrFcfa7tCRITzYOGaoDWV8OJ7ihN+NPVzSHB0eW+ppzFS7R0kazZzW HttocTG566lnMFgSslPGFyRvGxdMkGNKwsLDruKZ8xD/7mLxUQ/e4omfhWCAnLMmXVpQLsdz AaNCwXvkUT1D8FoobHn59RsCatQ6ivtd907pfKk0BHDLBmbOrM60OTjFlqcPHYHMdHcQC2/L lbvQt0wpvlZnRLmScq4nnwdCVd/gGiE9mcyxj8kqMYsEdL/0IkDV2kJOnEjk7InU1FEZfJY4 KjCB8lXxLQ25P5G/cSG/Z4iaVG91jbHWiVGasTOuQbgbjtUT9wARAQABzShDaHJpc3RpYW4g QnJpY2FydCA8Y2hyaXN0aWFuQGJyaWNhcnQuZGU+wsFyBBMBCgAcAhsDAh4BAheAAwsJCAUV CgkICwUCVjFJawIZAQAKCRBTRG/729Iq8qvpD/0fk9T6K51N33CtIyqdBjGuZiEZltrhVsTm Y/i3brnko/hK4eO5tpb8TcDqfCuYxIli5sYdr62UG6K00rWTLBM/2Ydltg0nIO3djPbIH4EO 5ReyyDaAYzhZyhvZoXZ5N8cGaJA1f/Hjg8Oh0OTk89B7u/GVdIdvc1pD964r0bfHo9kT6CXe O2xMTMXSCXqY6dlGyrQlO9P9FGIrABYn9awmxDAQa5kRJLUCN21OgMonG7QQPI5LMCumlb8N cxM/mr4BhPzQQP2CHS1Sgm/SFZKsg/cVzLZKVpl0vpL8sVbC1BjZq5nmBQBD+MCsCVZD3WUI 8TEDWB1BCXAh6zQaJzEWTtIAw4ZOUBPA5zQwUF9Syd5Ka92LMw6+KwfCsUH0lFDD4JV9aPkj GhfkqQu/ipW2oNbMXA9+cGMTb0P3fdvMbZB7VAz7kAtKJX6FDWdCNZNIZh7D+NgAIisGmxxt PHw+sCKplieKvQVLiYuudMJ1glaJ40uaTAK0UyV+/3dFIYOy32lFeCwGkjquW/XaKBn0xkza oWN38hCLfpBVLb2GmKRbK5wcU1iv1R0GaLVcgEVZH2hIdoXR3HfmeB4WirFJqi6LCsHwQDzy pesajhP0jGRf4yDoDzjrp73eB5PNBPrmC290JADI9VuTlKPdx17MkbB9cPgK5FvlkZ0QsXal Xc7BTQRWKWQYARAAvRkdoqdaU7JlxkZbOVdx4x4yV4jbZgYX06hCbDIuJoBxio+cfEkVCKNl j7VQzsdus84Hf6lglWZ85lEOyJ5Sf7SM5IQ3UcOCB6/zBSbuzAFOssI3+zl8guk4xHKxkDyN V3BXa2joSNFgsiGaPciSYekPv80SGbYe1InSd16oDLE/niIxRQWzLW+HWjR7diA7AY/qNHUL zVpOONPMcLS0a9hNYGf4VGp78+5klvQGHoYY80L4t8UivJBvKjeRAGaOKZ76FFZINSZI/Lsa RQvEV2kw7dsMRbEoy8maLIrsNzzKt7zVzaYxloo7p+dSvY2DwEp348wVOBCH1q9Epx1reiSU MqkqZuKw2q7+hXODBImdX60TuCK+Lu7zJ8ZosYaYN1pyHLoqPAhfKO4tC1ABYoqoyU+ukPuj oIWVuoX6W6yjeJyk8q+rhNxEgV23ymlAnYu+eDud5GjSuRCBm9ZctXBY7CTd4ceTpCsZTJGE oZkGNxpontTKg6IE0RaAAZgS9PcKUKO5O1tLD69uoUTd7K4/47TQvz/rfZpAUr4B/vo2iZpu gQ9bjFKwDa91Y4t4+txgo4N7+1/5UUmUQ0LbLzwlevILGgtishtEXs2VusNci4sXvfyPxEiS P3hhoHTa+MFoa13IC4ILUSwsLZL4+LoAnVcEAk0KmevC6thczHkAEQEAAcLBXwQYAQoACQUC VilkGAIbDAAKCRBTRG/729Iq8g9UD/9xeAlpIAElJvuXUbW/klB91qkfY5HvkNPtHLavsDN5 9rEq6SyZcgo9oLusEdhbMj71hEUiUP37pjKoLc4K+mYwp1YbzPsO2gl+fndLkaT2GqNFUVdp iwxVMi1472fb2lGSMR/WKUlIt31UikctFg9WWFI7hY1lFF8pFImMiPzRhVgEH84pobFzMNta J0Iw2np/WadL/a3gG+RkTGu3MQ/WUtJsTt4RtTXkodKp7wUt1DOWVID8p8A+xAEbBNHMEXwv 53AO6uY9hEiSaa1JG5jfLodDbqOUsF5RPgYIRVOlS9iMARnEXy4tiroIocs/2m0I882zny58 0GEIjQaOVFuTnTgh9UNIpPATnr9PhFEXwZ1dYqGunhdDip8bThXRpI5GMvhygd/yNwj5MIP8 G2BSxz3K/rbaPh3heekLjo6Ev8ft5LTGElCv07p6J08MEKWs84UfYTnlxkw04yE5+5F2gefz KHoXg/4dJbU9nrNmn1WsEwdP3SgGvaxxvhDiMFpc5B83wLZviNP4GtlK2N/66jaBqVBN4v6F M9PSJ4kWamEldqb8HRa+02Chiv7ui0DEQ+5H31USJygicyws5AFI0Tu8gFJts6+8RPP4R5Q4 WxyDYswrlNTanV0lJYC7x0OhNzyPregvIec2LZ9FdgcrktCKZ4Scrtp3U3l57jYYhA== In-Reply-To: <20240729215241.13243-5-zurabid2016@gmail.com> Content-Type: text/plain; charset=UTF-8; format=flowed Content-Transfer-Encoding: 8bit X-Rspamd-Action: no action X-Rspamd-Server: fwd.aachalon.cloud X-Rspamd-Queue-Id: 4WY5z50Yb0z25fx X-Spamd-Bar: --- X-Spamd-Result: default: False [-3.10 / 15.00]; BAYES_HAM(-3.00)[100.00%]; MIME_GOOD(-0.10)[text/plain]; RCVD_COUNT_ZERO(0.00)[0]; MID_RHS_MATCH_FROM(0.00)[]; ARC_NA(0.00)[]; RCPT_COUNT_ONE(0.00)[1]; NEURAL_HAM(-0.00)[-0.979]; FROM_HAS_DN(0.00)[]; DKIM_SIGNED(0.00)[bricart.de:s=dkey201501]; FROM_EQ_ENVFROM(0.00)[]; MIME_TRACE(0.00)[0:+]; TO_DN_NONE(0.00)[]; TO_MATCH_ENVRCPT_ALL(0.00)[]; ARC_SIGNED(0.00)[bricart.de:s=dkey201501:i=1] X-Archives-Salt: 5103730b-f8ce-43c5-a1d2-f938d206d9b4 X-Archives-Hash: b44a014dafd98923d1869c62871859b8 just my 2¢ here and sorry if I might have overlookt a rationale earlier why moving nginx's temp dir to "generic purpose" /var/tmp/… and not keeping it at /var/lib/nginx/tmp/* ? Especially, when there even is/would be a tmpfiles entry taking care of it's existence and ownership. Christian Am 29.07.24 um 23:52 schrieb Zurab Kvachadze: > This places the burden on creating and cleaning /var/tmp/nginx in > world-writable /var/tmp on systemd-tmpfiles(8). > > Signed-off-by: Zurab Kvachadze > --- > www-servers/nginx/files/nginx.tmpfiles | 2 ++ > 1 file changed, 2 insertions(+) > create mode 100644 www-servers/nginx/files/nginx.tmpfiles > > diff --git a/www-servers/nginx/files/nginx.tmpfiles b/www-servers/nginx/files/nginx.tmpfiles > new file mode 100644 > index 000000000000..af9cdd26973f > --- /dev/null > +++ b/www-servers/nginx/files/nginx.tmpfiles > @@ -0,0 +1,2 @@ > +D /var/tmp/nginx 0755 root root > +x /var/tmp/nginx