On 07/14/2010 03:20 PM, Lennart Poettering wrote: > On Wed, 14.07.10 14:24, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > >>>> myapp_t creating a directory in var_run_t will be labeled >>>> myapp_var_run_t. I would just need to go through all the policy that >>>> uses var_run_t directories and make sure it has this rule. >>> >>> Hmm, if you would be willing to do that, then it would be great to find >>> somebody who fixed the .specs and makes a list of packages whose selinux >>> policy needs fixing. Anyone? Rahul you should vague interest on IRC? >>> >>> Lennart >>> >> What is the big benefit of changing to tmpfs for /var/run? > > Well, various little things: > > The reboot cleanup of those dirs will become unnecessary and automatic. > > Socket accesses won't put pressure on the HDD due to atime updates. > > Security reg. left-over files > > Stateless bootup > > Multi-instance root fs with r/o mounts. > > And stuff like this. And of course this is just cleaner this way, since > the files in /var/run and /var/lock are runtime objects that are used > for synchronization and establishment of communication channels > only. They happen to live in the file system namespace because that is > how Unix works, but there is really no point at all to ever write them > to disk. > > Lennart > Ok that is what I thought, I was just wondering if there was some magical boot speedup. I also run with /tmp as a tmpfs for a lot of the same reasons. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
