~yerinalexey

Using tmpfs

October 17, 2021

Yesterday I got reminded that something was wrong with my system. After going into /tmp to temporarily clone a repository, it appeared that the directory was not wiped on reboot. I just thought it was some weird bug and moved on.

Today the situation didn't change, so I went deeper. By checking some init scripts, I found the following in /etc/init.d/bootmisc:

cleanup_tmp_dir()
{
	# ...
	cd "$dir" || return 1
	if yesno $wipe_tmp; then
		ewarn "The wipe_tmp setting has been enabled in /etc/conf.d/bootmisc."
		ewarn "This setting is no longer recommended by Alpine due to reported"
		ewarn "data loss incidents relating to it."
		ewarn "See alpine/aports#13070 for more information."

		ebegin "Wiping $dir directory"

		# ...
	else
		# ...
	fi
}

=> Linked Alpine issue

In short: the wipe_tmp option was disabled because it ran 'rm -rf' on the entire disk.

Initially wiping /tmp appeared weird, because it was not supposed to be even written to disk. But it is by default.

Switching to tmpfs

This brings to the feature in Linux called 'tmpfs'. It's a non-persistent filesystem that lives in memory and thus is destroyed on reboot. This is exactly what I want for /tmp!

To enable it, add the following to /etc/fstab and reboot. Just make sure that old /tmp is wiped before because it won't be easily accessible.

tmpfs /tmp tmpfs mode=1777,nosuid,nodev,strictatime

It has a special type 'tmpfs', mounted on /tmp with some options: set mode to sticky + read-write-execute for all users, disable setuid binaries, disable block devices, and allow to request access time updates.

Note: sticky bit only allows the owner or root to move or delete their files.

It's also possible to dynamically mount tmpfs by using mount:

# mount \
	-t tmpfs \
	-o mode=1777,nosuid,nodev,strictatime \
	tmpfs /my-custom-tmp

Considerations

When using 'tmpfs' it should be considered that the system has enough RAM to handle everything there. So, it's not recommended to build large trees in /tmp because it may lock up or crash with out of memory error.

That's it for today, hope you're having a great day :)