From dc33b3ab4e5e6fb98d0220f8c5eeb49e04b72b0f Mon Sep 17 00:00:00 2001
From: Franco Fichtner <franco@opnsense.org>
Date: Thu, 9 Jun 2022 10:34:31 +0200
Subject: [PATCH] system: narrow /var MFS down to /var/log and cap to 50% of
 physical memory #5727

Here we remove all persistently stored data from /root/var as configured
by the *_var_mfs rc variable.  The cap should be able to be adjusted in
the GUI but will follow in a separate commit.

Eventually this also helps us with #5475.
---
 src/etc/rc.subr.d/var                         | 78 ++++++-------------
 .../controllers/OPNsense/Proxy/forms/main.xml |  2 +-
 src/www/system_advanced_misc.php              | 10 +--
 3 files changed, 30 insertions(+), 60 deletions(-)

diff --git a/src/etc/rc.subr.d/var b/src/etc/rc.subr.d/var
index 19e1ce7c4..cb1592c98 100755
--- a/src/etc/rc.subr.d/var
+++ b/src/etc/rc.subr.d/var
@@ -1,7 +1,7 @@
 #!/bin/sh
 
 # Copyright (C) 2019 Deciso B.V.
-# Copyright (c) 2014-2021 Franco Fichtner <franco@opnsense.org>
+# Copyright (c) 2014-2022 Franco Fichtner <franco@opnsense.org>
 # Copyright (c) 2004-2010 Scott Ullrich <sullrich@gmail.com>
 # Copyright (c) 2003-2004 Manuel Kasper <mk@neon1.net>
 #
@@ -28,40 +28,9 @@
 # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
 # SUCH DAMAGE.
 
-ROOTDIR="/root"
-
-setup_mfs_link()
-{
-	ROOT=${ROOTDIR}
-	MFS=${1}
-
-	# Create dummy directory for MFS-bound
-	# directories that require a persistent
-	# storage underneath to run.
-
-	if [ ! -d "${ROOT}${MFS}" ]; then
-		mkdir -p "${ROOT}${MFS}" "${MFS}"
-		for DIR in $(find "${MFS}" -depth 1); do
-			mv "${DIR}" "${ROOT}${MFS}/"
-		done
-	fi
-}
-
-install_mfs_link()
-{
-	ROOT=${ROOTDIR}
-	MFS=${1}
-
-	# Redirect persistent, but MFS-bound
-	# directory after tmpfs mount.
-
-	mkdir -p "$(dirname ${MFS})"
-	ln -s "${ROOT}${MFS}" "${MFS}"
-}
-
 remove_mfs_link()
 {
-	ROOT=${ROOTDIR}
+	ROOT="/root"
 	MFS=${1}
 
 	# Persistent copies of MFS-bound directories
@@ -114,7 +83,7 @@ for RC_FILE in ${RC_FILES}; do
 	done
 done
 
-USE_MFS_VAR=$(/usr/bin/grep -c 'use_mfs_var[^_]' /conf/config.xml)
+USE_MFS_VAR=$(grep -c 'use_mfs_var[^_]' /conf/config.xml)
 
 # see if / is writable (aka. non-LiveCD boot)
 if _tmpdir=$(mktemp -d -q /.diskless.XXXXXX); then
@@ -122,29 +91,16 @@ if _tmpdir=$(mktemp -d -q /.diskless.XXXXXX); then
 	rmdir ${_tmpdir}
 else
 	# config restore for install media does not support
-	# this as neither /var nor /root are persistent
+	# this as neither /var/log nor /root are persistent
 	USE_MFS_VAR=0
 fi
 
-if [ ${USE_MFS_VAR} -ne 0 ]; then
-	echo -n "Setting up memory disks..."
-
-	for DIR in ${MFS_DIRS}; do
-		setup_mfs_link ${DIR}
-	done
-
-	mount -t tmpfs tmpfs /var
-
-	for DIR in ${MFS_DIRS}; do
-		install_mfs_link ${DIR}
-	done
-
-	echo "done."
-else
-	for DIR in ${MFS_DIRS}; do
-		remove_mfs_link ${DIR}
-	done
-fi
+# XXX remove all renmants of /root/var handling after 22.7
+for DIR in ${MFS_DIRS}; do
+	# unconditionally remove old /var links now that the
+	# feature is constrained to /var/log directory
+	remove_mfs_link ${DIR}
+done
 
 # ensure default directories in /var
 if ! mtree -deiU -f /etc/mtree/BSD.var.dist -p /var > /dev/null; then
@@ -155,6 +111,20 @@ fi
 # old config files are stored in this place
 mkdir -p /var/etc
 
+if [ ${USE_MFS_VAR} -ne 0 ]; then
+	MAX_MFS_VAR=$(grep 'max_mfs_var' /conf/config.xml | sed 's/[^>]*>\([^<]*\)<.*/\1/')
+	MAX_MEM_SYS=$(sysctl -n hw.physmem)
+
+	if [ -z "${MAX_MFS_VAR}" ]; then
+		# cap to 50% by default to avoid swapping
+		MAX_MFS_VAR=50
+	fi
+
+	echo -n "Setting up /var/log memory disk..."
+	mount -t tmpfs -o size=$((MAX_MEM_SYS / 100 * MAX_MFS_VAR)) tmpfs /var/log
+	echo "done."
+fi
+
 # Clear all files in this directory to prevent stale state of
 # services.  At one point this also helped to prevent shutdown(8)
 # from dropping "nologin" into the directory, preventing login on
diff --git a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
index 1f038b15d..4677be88a 100644
--- a/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
+++ b/src/opnsense/mvc/app/controllers/OPNsense/Proxy/forms/main.xml
@@ -140,7 +140,7 @@
                 <id>proxy.general.cache.local.enabled</id>
                 <label>Enable local cache</label>
                 <type>checkbox</type>
-                <help>Enable or disable the local cache. Only UFS directory cache type is supported. Do not enable on embedded systems with SD or CF cards without the /var MFS option as this will wear down your drive.</help>
+                <help>Enable or disable the local cache. Only UFS directory cache type is supported. Do not enable on embedded systems with SD or CF cards as this will wear down your drive.</help>
             </field>
             <field>
                 <id>proxy.general.cache.local.size</id>
diff --git a/src/www/system_advanced_misc.php b/src/www/system_advanced_misc.php
index f05a48737..4b234a330 100644
--- a/src/www/system_advanced_misc.php
+++ b/src/www/system_advanced_misc.php
@@ -485,13 +485,13 @@ include("head.inc");
                 </td>
               </tr>
               <tr>
-                <td><a id="help_for_use_mfs_var" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('/var RAM disk'); ?></td>
+                <td><a id="help_for_use_mfs_var" href="#" class="showhelp"><i class="fa fa-info-circle"></i></a> <?=gettext('/var/log RAM disk'); ?></td>
                 <td>
-                  <input name="use_mfs_var" type="checkbox" id="use_mfs_var" value="yes" <?=!empty($pconfig['use_mfs_var']) ? 'checked="checked"' : '';?>/>
-                  <?=gettext("Use memory file system for /var"); ?>
+                  <input name="use_mfs_var" type="checkbox" id="use_mfs_var" value="yes" <?= !empty($pconfig['use_mfs_var']) ? 'checked="checked"' : '' ?>/>
+                  <?= gettext('Use memory file system for /var/log') ?>
                   <div class="hidden" data-for="help_for_use_mfs_var">
-                    <?=gettext("Set this if you wish to use /var as a RAM disk (memory file system disks) " .
-                      "rather than using the hard disk. Setting this will cause the data /var to be lost on reboot, including log data."); ?>
+                    <?= gettext('Set this if you wish to use /var/log as a RAM disk (memory file system disks) ' .
+                      'rather than using the hard disk. Setting this will cause the log data to be lost on reboot.') ?>
                   </div>
                 </td>
               </tr>