Features/tmp-on-tmpfs

= /tmp on tmpfs =

Summary
We'd like to mount a tmpfs on /tmp by default. (Administrators can override this)

Owner

 * Name: Lennart Poettering
 * Email: lennart at poettering dot net
 * Name: Kay Sievers
 * Email: kay at redhat com

Current status

 * Targeted release: Fedora 18
 * Last updated: 2012-04-02
 * Percentage of completion: 10%

Detailed Description
We'd like to mount a tmpfs on /tmp by default, but still allow administrators to opt out from this.

Solaris has been doing this since 1994. (Much like other Unixes, too.) Debian's next release defaults to tmpfs on /tmp, too. ArchLinux defaults to this as well. Ubuntu has plans for their 12.10 release.

Benefit to Fedora
By implementing this we, by default, generate less IO on disks. This increases SSD lifetime, saves a bit of power and makes things a bit faster.

/tmp is automatically flushed at boot.

We bring Fedora closer to commercial Unixes and other Linux distributions.

We make the delta to stateless read-only systems smaller.

Scope
systemd upstream needs a minimal change to ship a mount unit for /tmp by default. (Upstream already made this change)

We might need to patch a couple of packages not to store big files and files needing boot persistance in /tmp, but rather in /var/tmp. This work has already progressed due to Debian's work.

Programs should follow the rule: if you are privileged, place it in /run//. Otherwise, if it's large or needs persistancy across reboots, place it in /var/tmp. Otherwise place it in /tmp. For a longer explanation see this blog story.

The distinction of /tmp vs. /var/tmp regarding the lifetime and storage capacity is well established in most commercial Unixes.

How To Test
The system should boot up and work as normal. Applications should work as normal. However, /bin/mount should show /tmp to be a tmpfs. Besides that the system operates normally and a check that /tmp is actually a tmpfs there is little to test.

User Experience
The user experience should barely change. This is mostly a low-level change that has little visibility to the user.

Dependencies
Possibly a few other packages need to be updated to move their temporary files from /tmp into /var/tmp. We are not aware of any in particular where this is necessary, but we expect we might encounter a small number as we turn this feature on in F18.

We'll create a tracker bug and add all relevant bugs in the various packages to it as they show up.

We'll announce this on fedora-devel when we turn this on (with references to documentation), to ensure everybody is aware, and informed.

Contingency Plan
The plan is like this:

Turn on /tmp as tmpfs very early in the Fedora 18 cycle. Fix any problems coming up, and revert back to non-tmpfs /tmp if they become too many. Programs that are fixed should stay how they are, their changes need not to be reverted.

The reverting (if necessary) should by fairly trivial and isolated. It just consists of dropping a unit file from the systemd package.

Documentation
Nothing really.

Release Notes
/tmp now defaults to tmpfs. This might break a few programs which assume that they can place large files in /tmp or that /tmp is persistant across boot. If these programs cannot be fixed to use /var/tmp instead of /tmp for this, there are two options to undo the /tmp-on-tmpfs change locally:


 * Disable mounting of tmpfs on /tmp by issuing "systemctl mask tmp.mount", and reboot. Note that this will entirely disable any mounting of any file system to /tmp. /tmp will hence reside on the root fs if this is done. (Undo with "systemctl unmask tmp.mount")


 * To mount a different file system (instead of tmpfs) to this place simply edit /etc/fstab, and add an entry for it there, it will take precedence over our new distro default. Also, reboot.

Also, many programs understand the $TMPDIR variable, which can be used to redirect the temporary directory for a one specific program invocation to a different directory. Use this on the shell like this:

$ mkdir -p $HOME/waldo $ TMPDIR=$HOME/waldo foobar

This will execute "foobar" with the temporary directory set to $HOME/waldo. Note that not all applications support $TMPDIR.

Comments and Discussion
A couple of FAQs:

'''What about quota on /tmp? tmpfs does not support quota!'''

That is true, however no different than with /run or /dev/shm where unprivileged users have write access, too. The quota on tmpfs problem needs to be fixed in the kernel anyway; whether it is 2 or 3 file systems that are writable by normal users makes little difference.

My CD burning application writes huge .iso files to /tmp, and this breaks on tmpfs!

The application should be fixed to use /var/tmp.

My application writes temporary files to /tmp and they are gone after a reboot!

The application should be fixed to use /var/tmp. FHS recommends that /tmp is flushed on reboot, and that's what we do here.

My application writes huge user downloads to /tmp, and this breaks on tmpfs!

The application should be fixed to use XDG user-dir's Download directory, as exposed in GLib's g_get_user_special_dir(G_USER_DIRECTORY_DOWNLOAD)

I don't want to use tmpfs for my /tmp

See the "Release Notes" section above for hints how to turn this off. This is just a default, and is overridable.

Why is this mount established via a systemd unit file, instead of an entry in /etc/fstab?

We believe that /etc/fstab is the place to configure real file systems, for actual user data, backed by real devices. The API file system /tmp does not qualify for that in our eyes. /tmp is very much something that should just exist as part of the OS and needs no user configuration. It is our goal to allow systems to boot up fully functional with an (almost) empty /etc/fstab. Also it is much easier to enable this logic for existing installs without the need to patch /etc/fstab. This is especially the case since making code that patches /etc/fstab like this idempotent is very hard since the user could just remove the entry we patched in and we couldn't distuingish this case from the not-yet-patched case.

Note that /etc/fstab takes precedence over the systemd unit file. Systems which mount a specific file system to /tmp hence will continue to work as always. Only systems with /tmp on the root fs will be updated to get tmpfs by default.

Why is this mount established via a systemd unit file, instead of a built-in mount or one already established in the initrd?

We want to allow the administrator to disable the tmpfs mount or replace it with something else. This is very hard to accomplish if we mount that directory with built-in code or already in the initrd. Also, it's a good idea to keep the built-in mounts minimal, and since /tmp files are primarily a utility for user code (system code should instead use files in private directories in /run), there's no need to mount this before user code is executed.

What happens with my old /tmp directory as soon as this feature is enabled?

On the next boot we'll simply mount the directory over with a tmpfs.


 * See Talk:Features/tmp-on-tmpfs