Comments (2)
TMPDIR
is explicitly defined to be a /tmp
equivalent: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap10.html . I don’t think it makes any sense to define a c/image-specific semantics of TMPDIR
which is different, causing users to possibly have a general TMPDIR
setting and a Podman-specific TMPDIR
override.
Yes, Podman did decide to interpret TMPDIR
that way, and *shrug*, that can’t be resolved in this c/image repo.
I think this needs to be handled in Podman proper; it is not too onerous to structure the SystemContext
creation in a way that there are some values shared process-wide, consistently, without unmaintainable code duplication.
In fact, looking at the code as it is right now, AFAICS the relevant code path uses vendor/github.com/containers/buildah/pkg/parse/parse.go:SystemContextFromFlagSet
, which always sets BigFilesTemporaryDir
to some value. So adding an extra environment read into temporaryDirectoryForBigFiles
would not change the behavior at all, it seems to me. (There could well be other code paths that don’t work exactly the same way, and some things might need fixing; just not this one.)
from image.
Thanks for the reply! :)
TMPDIR is explicitly defined to be a /tmp equivalent: https://pubs.opengroup.org/onlinepubs/9699919799/xrat/V4_xbd_chap10.html.
Yes, but (AFAIK) /var/tmp
isn't a POSIX standard at all, so I guess it should be no surprise that /var/tmp
isn't mentioned there, right?
Also: https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap08.html#tag_08_03 uses a generic definition (that doesn't exclude /var/tmp
, at least IMO):
TMPDIR: This variable shall represent a pathname of a directory made available for programs that need a place to create temporary files.
I'm not sure where /var/tmp
originates from (maybe it was first formalized in the FHS?) but standards that are aware of it do state that $TMPDIR
should be used:
https://www.freedesktop.org/software/systemd/man/latest/file-hierarchy.html:
/var/tmp/
The place for larger and persistent temporary files. In contrast to /tmp/, this directory is usually mounted from a persistent physical file system and can thus accept larger files. (Use /tmp/ for small ephemeral files.) This directory is generally not flushed at boot-up, but time-based cleanup of files that have not been accessed for a certain time is applied.If applications find the environment variable $TMPDIR set, they should use the directory specified in it instead of /var/tmp/ (see environ(7) for details).
The same security restrictions as with /tmp/ apply: mkstemp(3), mkdtemp(3), and similar calls should be used. For further details about this directory, see Using /tmp/ and /var/tmp/ Safely.
Added in version 215.
https://systemd.io/TEMPORARY_DIRECTORIES/:
If the $TMPDIR environment variable is set, use that path, and neither use /tmp/ nor /var/tmp/ directly
So I would argue that, at least on modern Linux+systemd systems, the correct (/ standard conformant) behavior would actually be to use $TMPDIR
over /var/tmp
(and this should also make it easier and more intuitive for users to change the temporary files directory - IMO there should be a way to override the default path, even if $TMPDIR
wouldn't be used but I guess sys.BigFilesTemporaryDir
should be sufficient in that case).
It should also be more in line with the Windows specific logic and the user could easily ensure that all temporary files end up in the desired $TMPDIR
.
I think this needs to be handled in Podman proper
IMO it would ideally be handled in both repos/projects but it should certainly be possible to only change it there.
from image.
Related Issues (20)
- Blob reuse decisions do not take into account manifest support HOT 1
- Cannot copy buildkit cache images HOT 2
- Support for structured logging (using `log/slog`) HOT 5
- proposal: Support append images into docker archive HOT 1
- Make a new release HOT 2
- Docker client code can no longer talk to the latest verson of the docker daemon 25.0.0 HOT 5
- Allow empty OCI configs for artifacts HOT 9
- policy.json overwrite not honouring $XDG_CONFIG_HOME HOT 3
- Podman cannot pull image from local registry HOT 4
- copy.Options.EnsureCompressionVariantsExist doesn’t detect existing variants with zstd:chunked
- support multiple sigstore keys HOT 6
- How can I copy from a tar file stream HOT 7
- "slices" module only in go 1.21 HOT 1
- Cannot pull sigstore signed image with podman HOT 4
- Error inspecting local manifest-lists HOT 6
- platform.WantedPlatforms is noisy on macOS HOT 7
- Incorrect syntax highlighting in containers-transports.5
- Why do we get the whole image when inspect with docker daemon? HOT 2
- Support sigstore BYO PKI verification HOT 1
- Support more arbitrary credential helper executable names? HOT 4
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from image.