noexec on /dev/shm

[Lennart Poettering]

On Fri, 24.12.10 16:17, Fernando Lopez-Lezcano (nando at ccrma.Stanford.EDU) wrote:

> 
> On 12/23/2010 01:52 PM, Lennart Poettering wrote:
> > On Mon, 20.12.10 13:07, Fernando Lopez-Lezcano (nando at ccrma.Stanford.EDU) wrote:
> >> I raise this issue because "The API for /dev/shm is shm_open()"
> >> statement above means to me that in the future there will be no file api
> >> access to a ram mounted filesystem in Fedora (I understand that this is
> >> my own conclusion, but I can't see any other given the wording of the
> >> statement above). Before someone implements that idea, please consider
> >> the needs of a filesystem in ram for such uses as those mentioned in
> >> this thread (and that is supported by the Fedora distribution by
> >> default). Just in case...
> > This too appears to be a good usecase for XDG_RUNTIME_DIR btw.
> 
> If I understand correctly this would only be available for logged in 
> users only. If /var/run is going to be a tmpfs in fc15+ (if I understand 
> correctly another message you posted in this thread) then that would 
> appear to be a better option to my eyes (the main Jack developers might 
> have other opinions/ideas, I'll try to keep them posted).

For the precise semantics of XDG_RUNTIME_DIR please refer to the XDG
basedir spec:

http://standards.freedesktop.org/basedir-spec/basedir-spec-latest.html

Most distributions and many programs implement this spec in one way or
another, however the XDG_RUNTIME_DIR part is a relatively new addition,
and F15 is probably the first bigger distro which implements it.

Lennart

-- 
Lennart Poettering - Red Hat, Inc.