On Sun, 2010-10-31 at 15:07 -0400, Matt McCutchen wrote: > On Wed, 2010-10-20 at 08:13 -0400, Daniel J Walsh wrote: > > I have been trying to get system processes to stop using /tmp for years. > > > > http://danwalsh.livejournal.com/11467.html > > > > As some one who lives with polyinstatiated namespace /tmp, The only > > problem I know of now is handing of kerberos tickets. Whenever a system > > process (root) needs to communicate with a user via /tmp. namespace > > /tmp breaks it. sssd can not create kerberos tickets in my /tmp and > > gssd can not find my kerberos tickets in /tmp. I believe the solution > > to both is to move the tickets to be managed by sssd and leave /tmp to > > users. > > > > BTW, X has solved this problem a couple of years ago by using virtual > > namespace for its sockets. > > In the abstract namespace, don't you have the same problem where if the > real X server dies for any reason, other users can create a socket at > the same path and mess with your applications? There are multiple "problems" ... the one that using the abstract socket namespace solves is that you can have a per. user /tmp and still communicate between users. Much like if you have a per. user /tmp but /tmp/global was shared among all users, and kerberos/X/whatever all used that (IMNSHO much better than using the abstract namespace ... but meh). -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
