From df99a9ef5bb7a89b92ccfb103b2f3e7046c62ef5 Mon Sep 17 00:00:00 2001
From: Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl>
Date: Thu, 2 Jan 2014 00:02:31 -0500
Subject: tmpfiles: do not bump access times of directories we are cleaning up

Both plain opendir() and glob() will bump access time. Privileged
option O_NOATIME can be used to prevent the access time from being
updated. We already used it for subdirectories of the directories
which we were cleaning up. But for the directories specified directly
in the config files, we wouldn't do that. This means that,
paradoxically, our own temporary directories for PrivateTmp would stay
around forever, as long as one let systemd-tmpfiles-clean.service run
regularly, because they had their own glob patterns specified.

https://bugzilla.redhat.com/show_bug.cgi?id=1183684
---
 man/systemd-tmpfiles.xml | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'man')

diff --git a/man/systemd-tmpfiles.xml b/man/systemd-tmpfiles.xml
index 9a9bf17136..d4c5bf26e4 100644
--- a/man/systemd-tmpfiles.xml
+++ b/man/systemd-tmpfiles.xml
@@ -184,6 +184,19 @@
 
         </refsect1>
 
+        <refsect1>
+                <title>Unprivileged --cleanup operation</title>
+
+                <para><command>systemd-tmpfiles</command> tries to
+                avoid changing the access and modification times on
+                the directories it accesses, which requires
+                <constant>CAP_ADMIN</constant> privileges. When
+                running as non-root, directories which are checked for
+                files to clean up will have their access time bumped,
+                which might prevent their cleanup.
+                </para>
+        </refsect1>
+
         <refsect1>
                 <title>Exit status</title>
 
-- 
cgit v1.2.3-54-g00ecf