systemd fills /run/systemd/propagate until out of inodes

Question

I have configured Pyzor for rspamd following these instructions: https://www.rspamd.com/doc/modules/external_services.html#pyzor-specific-details

The instructions also have some systemd configs for the socket and the service.

Pyzor is now a socket activated service which is started at every connection. The problem is that systemd then creates a new directory for every run:

drw-------     (…) 08:30 [email protected]:5953-127.0.0.1:60656.service
drw-------     (…) 08:30 [email protected]:5953-127.0.0.1:60662.service
drw-------     (…) 08:30 [email protected]:5953-127.0.0.1:60676.service
drw-------     (…) 08:30 [email protected]:5953-127.0.0.1:60684.service
drw-------     (…) 08:30 [email protected]:5953-127.0.0.1:60694.service
drw-------     (…) 08:30 [email protected]:5953-127.0.0.1:60706.service

These directories are never deleted, and after a few days, /run runs out of inodes, preventing the creation of new Pyzor processes or any other process with an isolated namespace.

How can I prevent this situation or reconfigure the unit to delete these directories after a certain period of time?

The socket unit:

# /usr/lib/systemd/system/pyzor.socket

[Unit]
Description=Pyzor socket

[Socket]
ListenStream=127.0.0.1:5953
Accept=yes

[Install]
WantedBy=sockets.target

The service unit:

# /usr/lib/systemd/system/[email protected]

[Unit]
Description=Pyzor Socket Service
Requires=pyzor.socket

[Service]
Type=simple
ExecStart=-/usr/bin/pyzor check
StandardInput=socket
StandardError=journal
TimeoutStopSec=10

User=_rspamd
NoNewPrivileges=true
PrivateDevices=true
PrivateTmp=true
PrivateUsers=true
ProtectControlGroups=true
ProtectHome=true
ProtectKernelModules=true
ProtectKernelTunables=true
ProtectSystem=strict

[Install]
WantedBy=multi-user.target