I have found, by accident, a few dozen files in /usr/bin that have a semicolon ; in them. If I remember correctly files like that are created when a file opened by some program is written to (e.g. during an OS update). However, I thought that these would be deleted during the next reboot. In my case, however, these files are not open:
# find /usr -name \*\;\* | grep c++
/usr/bin/c++;5cf64746
/usr/bin/c++;5cfffc10
/usr/bin/c++;5cfb88d7
/usr/bin/c++;5cf8e8e4
/usr/bin/c++;5cfcd91f
/usr/bin/c++;5cc1f485
/usr/bin/c++;5cf4f405
/usr/bin/c++;5cfffc85
/usr/bin/c++;5cf7968b
/usr/bin/c++;5cfe28b9
/usr/bin/c++;5cff80b7
/usr/bin/c++;5cf57b84
/usr/bin/c++;5cfc4cbf
# lsof | fgrep /c++
Exit 1
Questions:
-
May I safely remove these files?
-
Why are they here in the first place?
The computer has never crashed, all clean reboots. It is a CentOS 7 system. Updates were installed by yum.
Many files are actually identical (though all inodes differ, I checked):
# ll /usr/bin/c++?5*
-rwxr-xr-x. 2 root root 772688 Mar 6 2018 /usr/bin/c++;5cc1f485
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cf4f405
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cf57b84
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cf64746
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cf7968b
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cf8e8e4
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cfc4cbf
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cfb88d7
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cfcd91f
-rwxr-xr-x. 4 root root 772688 Apr 10 2018 /usr/bin/c++;5cfe28b9
-rwxr-xr-x. 4 root root 772720 May 15 2018 /usr/bin/c++;5cff80b7
-rwxr-xr-x. 4 root root 772720 May 15 2018 /usr/bin/c++;5cfffc10
-rwxr-xr-x. 4 root root 772720 May 15 2018 /usr/bin/c++;5cfffc85
Does the explanation by updates still make sense?
Best Answer
I have found out why these files were created. I had a process running in a container (featuring a Linux kernel mount (filesystem) namespace), created by Firejail. Firejail masks some files (e.g. executables and libraries) from being accessed by the process within the container. These files are therefore still referenced by the Linux kernel when they are deleted by
yum update/dnf update. Hence they are not removed at that time.This also means that the files can be safely removed after a reboot - or really, after the last container process using them exits.
The question remains why these files are not removed when the container/computer is shut down. I suspect this is a bug not fixed in the kernel (ext4 filesystem driver?) on these machines.