From f856099e6d16eb1270f81bedc94369e96d5fd095 Mon Sep 17 00:00:00 2001
From: Thomas Bellman <bellman@lysator.liu.se>
Date: Mon, 12 Aug 2024 00:30:00 +0200
Subject: [PATCH] Don't use --remove when running systemd-tmpfiles.

Running systemd-tmpfiles(8) with the --remove option after modifying
the tmpfiles.d configuration, is apparently a bad idea.  There are
several packages distributing tmpfiles.d entries of type "D" that put
critical files in those directories.

E.g, Fail2Ban has a type "D" entry for /run/fail2ban.  Running
'systemd-tmpfiles --remove' will empty that directory, removing the
communication socket located there.  it then becomes impossible to
get status from the Fail2Ban daemon, or tell it to flush its logs
(which lograte(8) does).

Thus, change systemd::tmpfiles to use only the --create and --clean
options after it has updated config files in /etc/tmpfiles.d.
---
 manifests/tmpfiles.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/tmpfiles.pp b/manifests/tmpfiles.pp
index c5eacb7..e86700b 100644
--- a/manifests/tmpfiles.pp
+++ b/manifests/tmpfiles.pp
@@ -102,7 +102,7 @@ class systemd::tmpfiles::trigger
     exec {
 	'systemd::tmpfiles::trigger':
 	    command => shellquote(
-		'systemd-tmpfiles', '--create', '--remove', '--clean'),
+		'systemd-tmpfiles', '--create', '--clean'),
 	    path => [ '/bin', '/usr/bin', '/sbin', '/usr/sbin', ],
 	    refreshonly => true;
     }
-- 
GitLab