Re: Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



On Tue, Nov 08, 2011 at 02:47:02AM +0100, Lennart Poettering wrote:
> On Mon, 07.11.11 16:08, Simo Sorce (simo@xxxxxxxxxx) wrote:
> 
> > On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote:
> > > -----BEGIN PGP SIGNED MESSAGE-----
> > > Hash: SHA1
> > > 
> > > On 11/07/2011 03:38 PM, Matej Cepl wrote:
> > > > Dne 7.11.2011 20:50, Daniel J Walsh napsal(a):
> > > >> systemd as of Fedora 16 has the ability to run system services
> > > >> with private /tmp and /var/tmp.  I would like to propose that we
> > > >> make this the default in Fedora 17, or at least open a bugzilla
> > > >> on all system services that we know of that use /tmp and /var/tmp
> > > >> to make them use private /tmp and /var/tmp.
> > > > 
> > > > I am afraid, the proper way how to propose new Feature in Fedora is
> > > >  described on http://fedoraproject.org/wiki/Features/Policy .
> > > > Throwing it on fedora-devel is I am afraid most likely a waste of
> > > > time.
> > > > 
> > > > Matěj
> > > > 
> > > 
> > > I know I just opened a couple of other features on Fedora 17.  I just
> > > wanted to open discussion on this about what would be the best way to
> > > do this.
> > > 
> > > * Make it default in systemd
> > > * Open bugzillas on apps that SELinux discovers uses /tmp and ask them
> > > to change.
> > > * Maybe a bad idea.  Since admins might get confused by different /tmp(s).
> > > * Reasonable reasons for service apps to use /tmp.
> > 
> > Why not simply open bugs to have apps use /var/run/<name> ?
> 
> I think in some cases /tmp is preferable over /run, i.e. think
> apache where users upload huge files. You don't want that on /run which
> always is tmpfs. Having them on /tmp (which doesn't have to be tmpfs and
> currently isn't by default) is advisable.
> 
Note in the same vein, keeping /tmp and /var/tmp separate in the
implementation is useful for the same reason.  Some sites I've worked at
in the past had /tmp as part of / and the size was very small.  Those sites
configured the tmpdir for the services generating large files to /var/tmp/
instead.  So if the implementation backs services requesting a directory in
/tmp/ with a subdiretcory in /tmp/ and services requesting a directory in
/var/tmp/ with a subdirectory in /var/tmp/ that would satisfy this need.

> But in general I belive that /run as in "runtime" is different from /tmp
> as in "temporary". /run should only include sockets, pid files, shared
> memory areas and other communication primitives, i.e. stuff which is
> small. /tmp OTOH is something where apache should be able to store big
> blobs of data that a user is uploading to a web site.
> 
Well... in reading dwalsh's previous mail on this subject, it seems that
he'd like (for the purposes of making things more secure) to move as much of
this use case out of tmp as feasible.  Existing directories that could fit
the bill aside from /run include /var/cache and /var/lib.  (/var/lib is
probably a better place for a generic layer at the systemd level as what
individual apps are storing inside may not be as transient in nature as
/var/cache defines.  Porting of the app directly to one of these directories
could make use of /var/cache where appropriate).

Moving out of tmp would also mean that directories with descriptive
filenames would become less of a risk to the unknowing admin as the new
directory would be writable by systemd, not by any user of the system.

-Toshio

Attachment: pgpcZk1eW8_Yt.pgp
Description: PGP signature

-- 
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux