Bug#1115317: Technical Committee resolution on /var/lock and systemd

To: Simon Josefsson <simon@josefsson.org>, 1115317@bugs.debian.org
Cc: Matthew Vernon <matthew@debian.org>, 1110980@bugs.debian.org, debian-devel@lists.debian.org
Subject: Bug#1115317: Technical Committee resolution on /var/lock and systemd
From: Helmut Grohne <helmut@subdivi.de>
Date: Tue, 7 Oct 2025 14:50:52 +0200
Message-id: <[🔎] 20251007125052.GA3863139@subdivi.de>
Reply-to: Helmut Grohne <helmut@subdivi.de>, 1115317@bugs.debian.org
In-reply-to: <[🔎] 87zfa3vsf1.fsf@josefsson.org>
References: <b74edbae-4e43-93f5-b8a7-52dc5695601c@alteholz.de> <[🔎] 9f082e3c-3552-4d8c-9f79-c0dd0e91b366@debian.org> <b74edbae-4e43-93f5-b8a7-52dc5695601c@alteholz.de> <[🔎] 87zfa3vsf1.fsf@josefsson.org> <b74edbae-4e43-93f5-b8a7-52dc5695601c@alteholz.de>

Hi Simon,

On Tue, Oct 07, 2025 at 01:54:10PM +0200, Simon Josefsson wrote:
> Has it been discussed that /var/lock could be provided by some other
> package than systemd?

Technically speaking, /var/lock is owned by base-files. It is a symbolic
link pointing to /run/lock. So let's pretend you really asked about
/run/lock instead.

> Is there a reason the /var/lock directory MUST be provided by systemd
> and no other package could provide it?

systemd used to install /usr/lib/tmpfiles.d/debian.conf with a line

    d /run/lock    1777 root root -   -

overriding the systemd upstream configuration
/usr/lib/tmpfiles.d/legacy.conf containing

    d /run/lock 0755 root root -

as the earlier lexicographical occurrence takes precedence. We could
have a file /usr/lib/tmpfiles.d/fhs_run_lock.conf adding this back and
it could also be installed by a different package, so yeah what you're
proposing could be a middle ground.

> Then all packages that need /var/lock in Debian can depend on this
> 'var-lock' package, which would also allow us to better track which
> packages still use this suboptimal interface for device locking.  Or
> just move the directory to 'base-files' or similar.

I relate to the idea of only installing a permissive /run/lock when
there is a package that actually benefits from it. Keep in mind though
that what is being objected here is not the change itself, but the way
it is being done. Once said package exists and policy is updated to
document the additional dependency needed for obtaining FHS semantics,
systemd can go back to its restrictive /run/lock permission.

We hope that a solution is being found and that the requested reversion
is of temporary nature without imposing what that solution is.

Also keep in mind that we cannot just move packages from /var/lock based
locking to flock() based locking one at a time. If two different
packages compete about a device and they use different locking schemes,
they'll both think they had exclusive access. Going for flock()
practically needs to be a flag-day transition where all packages are
updated at roughly the same time.

Helmut

Reply to:

Follow-Ups:
- Bug#1115317: Technical Committee resolution on /var/lock and systemd
  - From: Simon Josefsson <simon@josefsson.org>

References:
- Bug#1115317: Technical Committee resolution on /var/lock and systemd
  - From: Matthew Vernon <matthew@debian.org>
- Bug#1115317: Technical Committee resolution on /var/lock and systemd
  - From: Simon Josefsson <simon@josefsson.org>

Prev by Date: Bug#1115317: Technical Committee resolution on /var/lock and systemd
Next by Date: Bug#1115317: Technical Committee resolution on /var/lock and systemd
Previous by thread: Re: Bug#1115317: Technical Committee resolution on /var/lock and systemd
Next by thread: Bug#1115317: Technical Committee resolution on /var/lock and systemd
Index(es):
- Date
- Thread