Hello. > I am on a personal crusade to stop all system services (processes running as UID=0) from using /tmp. /var/tmp I'm interested in this topic but I don't know how to find processes running as UID=0 using /tmp or /var/tmp. Thanks in advance. 2009/8/14 Daniel J Walsh <dwalsh@xxxxxxxxxx>: > On 08/14/2009 08:50 AM, Arthur Dent wrote: >> On Fri, 2009-08-14 at 08:25 -0400, Daniel J Walsh wrote: >>> On 08/14/2009 12:19 AM, Richard Chapman wrote: >>>> Daniel J Walsh wrote: >>>>> On 08/12/2009 07:53 PM, Richard Chapman wrote: >> >> [snip] >> >>>>> >>>>> I always use tmpfs for /tmp, so I never end up with garbage on a reboot. >>>>> >>>>> >>>> I like your idea of using tmpfs - but is it ever a problem that tmpfs is >>>> relatively small and finite? Also - please excuse my ignorance - but how >>>> do I make tmpfs the tmp folder? >>>> >>>> Richard. >>>> >>>> >>> Must have changed between RHEL5 and F11 >>> >>> Try >>> >>> chcon -R -t xdm_xserver_tmp_t /tmp/.X11-unix >>> >>> Add this line to /etc/fstab >>> >>> tmpfs /tmp tmpfs rootcontext="system_u:object_r:tmp_t:s0",defaults 0 0 >>> >>> And reboot. >>> >>> I don't tend to store huge abouts of stuff in /tmp. If I want to store big stuff I can always use /var/tmp >> >> Forgive the off-topic response, but I too like the idea of a >> self-washing /tmp. However I am concerned that I don't really understand >> how it works. What, for example, would be the effect of doing this on >> server which has only limited RAM and is only rebooted periodically. >> Would all the RAM get filled up over time by tmpfs and then everything >> would have to run in swap? >> >> Would I need to reboot regularly just to clean tmpfs? >> > Well there are tools like tmpwatch and tmpreaper that periodically clean up /tmp files. > > On a server or system with limited ram, this might not be a great idea, since you could run out of > memory. I do not know if you can put a quota on it. I just don't store a lot of junk on /tmp, so it is > never a problem. And I have had problems in the past with mislabeled files either via SELinux or UID problems in > /tmp causing havoc with login. > > I am on a personal crusade to stop all system services (processes running as UID=0) from using /tmp. /var/tmp > >> I do like the idea and have just implemented it on my desktop machine >> which has more RAM and gets shut down every day... >> >> Thanks... >> >> Mark >> >> >> >> ------------------------------------------------------------------------ >> >> -- >> fedora-selinux-list mailing list >> fedora-selinux-list@xxxxxxxxxx >> https://www.redhat.com/mailman/listinfo/fedora-selinux-list > > -- > fedora-selinux-list mailing list > fedora-selinux-list@xxxxxxxxxx > https://www.redhat.com/mailman/listinfo/fedora-selinux-list > -- http://intrajp.no-ip.com/ Home Page -- fedora-selinux-list mailing list fedora-selinux-list@xxxxxxxxxx https://www.redhat.com/mailman/listinfo/fedora-selinux-list
