On Mon, 07.11.11 15:25, Chris Adams (cmadams@xxxxxxxxxx) wrote: > Once upon a time, Daniel J Walsh <dwalsh@xxxxxxxxxx> said: > > I think this is a question for lennart, I am not sure how he sets them > > up. If I was setting them up, I would probably set them up by default > > under /run/SERVICE/tmp and bind mount over /tmp or something like > > that. And I would figure the root user could see them. If he is only > > mounting as tmpfs then I don't think the admin could easily get into > > the namespaces to see them. > > I would be against something that hides stuff from root. That's a > recipie for disaster. Yes, I agree. By placing the private /tmp dirs beneath the real /tmp we tried to make sure that the private /tmp for the services are visible to the admin inside /tmp, are subject to automatic /tmp cleaning and are attributed to the quota settings the admin might have set on /tmp. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
