On Mon, 07.11.11 16:08, Simo Sorce (simo@xxxxxxxxxx) wrote: > On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote: > > -----BEGIN PGP SIGNED MESSAGE----- > > Hash: SHA1 > > > > On 11/07/2011 03:38 PM, Matej Cepl wrote: > > > Dne 7.11.2011 20:50, Daniel J Walsh napsal(a): > > >> systemd as of Fedora 16 has the ability to run system services > > >> with private /tmp and /var/tmp. I would like to propose that we > > >> make this the default in Fedora 17, or at least open a bugzilla > > >> on all system services that we know of that use /tmp and /var/tmp > > >> to make them use private /tmp and /var/tmp. > > > > > > I am afraid, the proper way how to propose new Feature in Fedora is > > > described on http://fedoraproject.org/wiki/Features/Policy . > > > Throwing it on fedora-devel is I am afraid most likely a waste of > > > time. > > > > > > Matěj > > > > > > > I know I just opened a couple of other features on Fedora 17. I just > > wanted to open discussion on this about what would be the best way to > > do this. > > > > * Make it default in systemd > > * Open bugzillas on apps that SELinux discovers uses /tmp and ask them > > to change. > > * Maybe a bad idea. Since admins might get confused by different /tmp(s). > > * Reasonable reasons for service apps to use /tmp. > > Why not simply open bugs to have apps use /var/run/<name> ? I think in some cases /tmp is preferable over /run, i.e. think apache where users upload huge files. You don't want that on /run which always is tmpfs. Having them on /tmp (which doesn't have to be tmpfs and currently isn't by default) is advisable. > I did something similar patching samba long ago to not export the > winbindd pipes in /tmp and sounds cleaner and avoid confusion. > > The main issue with moving /tmp to /var/run or something is if you > *really* need to allow random users to write in it. There's $XDG_RUNTIME_DIR for that. But in general I belive that /run as in "runtime" is different from /tmp as in "temporary". /run should only include sockets, pid files, shared memory areas and other communication primitives, i.e. stuff which is small. /tmp OTOH is something where apache should be able to store big blobs of data that a user is uploading to a web site. > Because in that case you risk local DoS if users fill up the space (not > necessarily out of malice). There's currently a discussion on lkml on this, regarding introduction of RLIMIT_TMPFSQUOTA. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
