tmpfs and XDG_RUNTIME_DIR

Every Wayland socket, D-Bus endpoint, and PipeWire connection lives in a tmpfs mount the kernel creates for your session. Understanding tmpfs is understanding where IPC happens.

tmpfs: The Ephemeral Per-User Filesystem

Kernel Foundation

XDG_RUNTIME_DIR points to /run/user/$UID/ — a tmpfs mount that lives entirely in RAM.

mount | grep /run/user
# tmpfs on /run/user/1000 type tmpfs (rw,nosuid,nodev,relatime,size=...,mode=700,uid=1000,gid=1000)

The kernel provides tmpfs via mm/shmem.c. It is backed by the page cache and swappable, but has no persistent storage — it vanishes on power-off. systemd-logind creates the mount when a user session starts, with mode=700 so only the owning UID can access it.

Why It Exists

POSIX has no concept of "a directory that belongs to this logged-in user and vanishes when they log out." The freedesktop.org XDG Base Directory Specification invented XDG_RUNTIME_DIR to fill that gap — a standardized location for per-session IPC endpoints.

What Lives There

ls -la /run/user/1000/
# wayland-1     (Wayland compositor socket)
# bus           (D-Bus session socket)
# pipewire-0   (PipeWire audio socket)
# pulse/        (PulseAudio socket)

These are all AF_UNIX sockets — kernel-managed IPC channels implemented in net/unix/af_unix.c. When a process calls socket(AF_UNIX, SOCK_STREAM, 0) and bind() to a path under /run/user/1000/, the kernel creates a socket inode in the tmpfs filesystem. The VFS layer enforces the same uid/gid/mode permission checks as any file — mode=700 on the mount prevents other users from connecting to your sockets.

The Memory Model

tmpfs pages live in the page cache (struct address_space), same as file-backed pages, but with no backing store. The kernel’s reclaim path can swap them out under memory pressure (unless noswap mount option is set). This means /run/user/ contents can theoretically touch disk via swap — a security consideration for sensitive IPC data.

Kernel Source Map

Source File What It Does Key Functions

Source File	What It Does	Key Functions
`mm/shmem.c`	tmpfs implementation	`shmem_fill_super()`, `shmem_get_inode()`
`net/unix/af_unix.c`	AF_UNIX socket inode creation in tmpfs	`unix_bind()`, `unix_find_other()`
`fs/namei.c`	VFS path resolution and permission enforcement	`path_lookupat()`, `inode_permission()`

mm/shmem.c

tmpfs implementation

shmem_fill_super(), shmem_get_inode()

net/unix/af_unix.c

AF_UNIX socket inode creation in tmpfs

unix_bind(), unix_find_other()

fs/namei.c

VFS path resolution and permission enforcement

path_lookupat(), inode_permission()

Exploration Exercises

# Inspect the tmpfs mount options
findmnt /run/user/$(id -u)

# See what's using the namespace
ls -la /run/user/$(id -u)/

# Check socket types
file /run/user/$(id -u)/wayland-*

# Watch tmpfs memory usage
df -h /run/user/$(id -u)