noexec on /dev/shm

Mon Jan 3 15:48:24 UTC 2011

On Thu, 2010-12-23 at 22:59 +0100, Lennart Poettering wrote:
> On Mon, 20.12.10 19:16, Fernando Lopez-Lezcano (nando at ccrma.Stanford.EDU) wrote:
> 
> > this isn't exactly correct.
> > 
> > in /dev/shm on linux we have:
> > 
> >     (a) unix-domain sockets for non-RT communication with the server
> >     (b) FIFOs for RT wakeups (this could use semaphores now)
> 
> If this uses O_NOATIME it shouldnt matter whether the backing fs is
> tmpfs or real disk.

Sadly this turns out not to be the case, at least if I'm reading
fs/pipe.c correctly.  O_NOATIME will turn off atime updates, but mtime
and ctime are still modified on every pipe write, and there's no such
thing as O_NOCMTIME even though the filesystem layer does have the
concept internally.  Which means device-backed filesystems will see
write traffic just for using named pipes.

Heck of lame.  Someone should fix that.

- ajax