On Mon, 07.11.11 15:25, Chris Adams (cmadams(a)hiwaay.net) wrote:
Once upon a time, Daniel J Walsh <dwalsh(a)redhat.com> said:
> I think this is a question for lennart, I am not sure how he sets them
> up. If I was setting them up, I would probably set them up by default
> under /run/SERVICE/tmp and bind mount over /tmp or something like
> that. And I would figure the root user could see them. If he is only
> mounting as tmpfs then I don't think the admin could easily get into
> the namespaces to see them.
I would be against something that hides stuff from root. That's a
recipie for disaster.
Yes, I agree.
By placing the private /tmp dirs beneath the real /tmp we tried to make
sure that the private /tmp for the services are visible to the admin
inside /tmp, are subject to automatic /tmp cleaning and are attributed
to the quota settings the admin might have set on /tmp.
Lennart
--
Lennart Poettering - Red Hat, Inc.