On Tue, Nov 08, 2011 at 02:47:02AM +0100, Lennart Poettering wrote: > On Mon, 07.11.11 16:08, Simo Sorce (simo@xxxxxxxxxx) wrote: > > > On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote: > > > -----BEGIN PGP SIGNED MESSAGE----- > > > Hash: SHA1 > > > > > > On 11/07/2011 03:38 PM, Matej Cepl wrote: > > > > Dne 7.11.2011 20:50, Daniel J Walsh napsal(a): > > > >> systemd as of Fedora 16 has the ability to run system services > > > >> with private /tmp and /var/tmp. I would like to propose that we > > > >> make this the default in Fedora 17, or at least open a bugzilla > > > >> on all system services that we know of that use /tmp and /var/tmp > > > >> to make them use private /tmp and /var/tmp. > > > > > > > > I am afraid, the proper way how to propose new Feature in Fedora is > > > > described on http://fedoraproject.org/wiki/Features/Policy . > > > > Throwing it on fedora-devel is I am afraid most likely a waste of > > > > time. > > > > > > > > Matěj > > > > > > > > > > I know I just opened a couple of other features on Fedora 17. I just > > > wanted to open discussion on this about what would be the best way to > > > do this. > > > > > > * Make it default in systemd > > > * Open bugzillas on apps that SELinux discovers uses /tmp and ask them > > > to change. > > > * Maybe a bad idea. Since admins might get confused by different /tmp(s). > > > * Reasonable reasons for service apps to use /tmp. > > > > Why not simply open bugs to have apps use /var/run/<name> ? > > I think in some cases /tmp is preferable over /run, i.e. think > apache where users upload huge files. You don't want that on /run which > always is tmpfs. Having them on /tmp (which doesn't have to be tmpfs and > currently isn't by default) is advisable. > Note in the same vein, keeping /tmp and /var/tmp separate in the implementation is useful for the same reason. Some sites I've worked at in the past had /tmp as part of / and the size was very small. Those sites configured the tmpdir for the services generating large files to /var/tmp/ instead. So if the implementation backs services requesting a directory in /tmp/ with a subdiretcory in /tmp/ and services requesting a directory in /var/tmp/ with a subdirectory in /var/tmp/ that would satisfy this need. > But in general I belive that /run as in "runtime" is different from /tmp > as in "temporary". /run should only include sockets, pid files, shared > memory areas and other communication primitives, i.e. stuff which is > small. /tmp OTOH is something where apache should be able to store big > blobs of data that a user is uploading to a web site. > Well... in reading dwalsh's previous mail on this subject, it seems that he'd like (for the purposes of making things more secure) to move as much of this use case out of tmp as feasible. Existing directories that could fit the bill aside from /run include /var/cache and /var/lib. (/var/lib is probably a better place for a generic layer at the systemd level as what individual apps are storing inside may not be as transient in nature as /var/cache defines. Porting of the app directly to one of these directories could make use of /var/cache where appropriate). Moving out of tmp would also mean that directories with descriptive filenames would become less of a risk to the unknowing admin as the new directory would be writable by systemd, not by any user of the system. -Toshio
Attachment:
pgpcZk1eW8_Yt.pgp
Description: PGP signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
