Join GitHub today
GitHub is home to over 28 million developers working together to host and review code, manage projects, and build software together.Sign up
Handle systemd PrivateTmp #1475
On Systemd-based distributions such as Red Hat 7, Apache likely runs with PrivateTmp. Because of this, passenger-status cannot access the instance registry directory without explicit configuration.
There is no other obvious default directory we can use. /var/run is not world-writable. /var/tmp is not cleared on reboot, though this may not matter if passenger-status cleans up stale directories.
So the next best thing to do, is to autodetect PrivateTmp, and if it is used, ask the user to configure an explicit instance registry directory outside /tmp.
PrivateTmp works by creating a directory /tmp/systemd-private-XXXX, and spawning the process with /tmp private mounted to that directory. This directory is accessible by the target user only.
I have considered making passenger-status and related tools to look inside PrivateTmp directories too, but that requires root privileges, which conflicts with the desire to allow 'passenger-config restart-app' to work without root privileges (see #1392).
The RPM packages can configure a default PassengerInstanceRegistryDir, but then we still have to tell command line tools where that instance registry dir is.
Maybe we can modify the command line tools to look in multiple directories by default for the instance registry dir, so that the command line tools need no configuration. We can set PassengerInstanceRegistryDir to /var/passenger-instances, and have the command line tools look in /tmp and /var/passenger-instances at the same time.
/var/passenger-instances must only be writable by root. This breaks PassengerDefaultUser, so the documentation for that option must be updated tell the user to adjust PassengerInstanceRegistryDir when using the RPMs.
The advantage of this approach is that Apache doesn't need to have read/write access to the