tmpfiles: automatically remove old machine snapshots at boot

Remove old temporary snapshots, but only at boot. Ideally we'd have
"self-destroying" btrfs snapshots that go away if the last last
reference to it does. To mimic a scheme like this at least remove the
old snapshots on fresh boots, where we know they cannot be referenced
anymore. Note that we actually remove all temporary files in
/var/lib/machines/ at boot, which should be safe since the directory has
defined semantics. In the root directory (where systemd-nspawn
--ephemeral places snapshots) we are more strict, to avoid removing
unrelated temporary files.

This also splits out nspawn/container related tmpfiles bits into a new
tmpfiles snippet to systemd-nspawn.conf

diff --git a/tmpfiles.d/systemd-nspawn.conf b/tmpfiles.d/systemd-nspawn.conf
new file mode 100644 (file)
index 0000000..5a3124a
--- /dev/null
+++ b/tmpfiles.d/systemd-nspawn.conf
@@ -0,0 +1,23 @@
+#  This file is part of systemd.
+#
+#  systemd is free software; you can redistribute it and/or modify it
+#  under the terms of the GNU Lesser General Public License as published by
+#  the Free Software Foundation; either version 2.1 of the License, or
+#  (at your option) any later version.
+
+# See tmpfiles.d(5) for details
+
+v /var/lib/machines 0700 - - -
+
+# Remove old temporary snapshots, but only at boot. Ideally we'd have
+# "self-destroying" btrfs snapshots that go away if the last last
+# reference to it does. To mimic a scheme like this at least remove
+# the old snapshots on fresh boots, where we know they cannot be
+# referenced anymore. Note that we actually remove all temporary files
+# in /var/lib/machines/ at boot, which should be safe since the
+# directory has defined semantics. In the root directory (where
+# systemd-nspawn --ephemeral places snapshots) we are more strict, to
+# avoid removing unrelated temporary files.
+
+R! /var/lib/machines/.#*
+R! /.#machine.*