SUSE Support

Here When You Need Us

systemd services fail to start with PrivateTmp set to true and the OS has symbolic linked /var/tmp.

This document (7018508) is provided subject to the disclaimer at the end of this document.

Environment

SUSE Linux Enterprise Server 12
SUSE Linux Enterprise Server 12 Service Pack 1 (SLES 12 SP1)
SUSE Linux Enterprise Server 12 Service Pack 2 (SLES 12 SP2)

Situation

On system with symlinked /var/tmp, if systemd.service has PrivateTmp=true configured, the service fails to start.

For instance, ntpd service has the following configuration (/usr/lib/systemd/system/ntpd.service)
...
[Service]
Type=forking
PIDFile=/var/run/ntp/ntpd.pid
ExecStart=/usr/sbin/start-ntpd start
RestartSec=11min
Restart=always
PrivateTmp=true
...
and if the system has /var/tmp symbolic-linked to /tmp, starting ntpd.service would give following error:
sles12-06011:~ # systemctl start ntpd.service
Job for ntpd.service failed. See "systemctl status ntpd.service" and "journalctl -xn" for details.
Looking at the details:
sles12-06011:~ # systemctl status -l ntpd.service
ntpd.service - NTP Server Daemon
   Loaded: loaded (/etc/systemd/system/ntpd.service; disabled)
  Drop-In: /run/systemd/generator/ntpd.service.d
           +-50-insserv.conf-$time.conf
   Active: activating (auto-restart) (Result: exit-code) since Wed 2017-01-11 10:55:10 SGT; 6s ago
     Docs: man:ntpd(1)
  Process: 1974 ExecStart=/usr/sbin/start-ntpd start (code=exited, status=226/NAMESPACE)

Jan 11 10:55:10 sles12-06011.microfocus.com systemd[1]: ntpd.service: control process exited, code=exited status=226
Jan 11 10:55:10 sles12-06011.microfocus.com systemd[1]: Failed to start NTP Server Daemon.
Jan 11 10:55:10 sles12-06011.microfocus.com systemd[1]: Unit ntpd.service entered failed state.

Resolution

Please open a service request to receive a program temporary fix (PTF) until a regular maintenance is available.

Cause

PrivateTmp option makes a new filesystem namespace (CLONE_NEWNS) at clone(2) time for ntpd and mounts private (--make-private) /tmp and /var/tmp directories therein.  When /var/tmp is a symlink to /tmp, this breaks.

Disclaimer

This Support Knowledgebase provides a valuable tool for SUSE customers and parties interested in our products and solutions to acquire information, ideas and learn from one another. Materials are provided for informational, personal or non-commercial use within your organization and are presented "AS IS" WITHOUT WARRANTY OF ANY KIND.

  • Document ID:7018508
  • Creation Date: 23-Jan-2017
  • Modified Date:03-Mar-2020
    • SUSE Linux Enterprise Server

< Back to Support Search

For questions or concerns with the SUSE Knowledgebase please contact: tidfeedback[at]suse.com

SUSE Support Forums

Get your questions answered by experienced Sys Ops or interact with other SUSE community experts.

Join Our Community

Support Resources

Learn how to get the most from the technical support you receive with your SUSE Subscription, Premium Support, Academic Program, or Partner Program.

Support FAQ

Open an Incident

Open an incident with SUSE Technical Support, manage your subscriptions, download patches, or manage user access.

Go to Customer Center