noexec on /dev/shm

Richard W.M. Jones rjones at redhat.com
Fri Jan 21 15:01:04 UTC 2011 

On Thu, Jan 20, 2011 at 08:37:21AM +0100, Miloslav Trmač wrote:
> Nathanael D. Noblet píše v Čt 20. 01. 2011 v 00:33 -0700: 
> > On 01/19/2011 12:11 PM, Callum Lerwick wrote:
> > > On Thu, Dec 23, 2010 at 11:26 AM, drago01<drago01 at gmail.com>  wrote:
> > >> Well /tmp should be mounted tmpfs anyway (I have been doing this for
> > >> years and it is working just fine).
> > >> tmp isn't a persistent storage so it makes a lot of sense, and it is
> > >> *not* a dumping ground for giant files (apps that try to do that are
> > >> just broken).
> > >
> > > Unfortunately firefox is one of those apps. I experimented with tmpfs
> > > /tmp a while back, and ran into very much badness. /tmp rapidly gets
> > > all full of large PDFs I've clicked on, as well as the flash plugin
> > > seems to like to spool video its streaming in /tmp.
> > 
> > Playing around with flash spooling, I noticed that Chrome uses 
> > ~/.cache/google-chrome... I wonder if firefox and friends should use 
> > places like that instead?
> If /tmp is not supposed to be used for data that is inconvenient to
> store in memory for whatever reason, and that should be automatically
> removed when it is not used, what _is_ it supposed to be used for?

The FHS has some scattered guidance:

(1) http://www.pathname.com/fhs/pub/fhs-2.3.html#THEROOTFILESYSTEM

(2) http://www.pathname.com/fhs/pub/fhs-2.3.html#VARTMPTEMPORARYFILESPRESERVEDBETWEE

(3) http://www.pathname.com/fhs/pub/fhs-2.3.html#TMPTEMPORARYFILES

I read from this: that (1) the root filesystem should be considered a
limited resource (as it is on some embedded systems, not necessarily
on Fedora) and so you shouldn't store excessively large files there.
"Root filesystem" would include /tmp in many but not all cases.

That (3) also says that /tmp can be cleaned up at each reboot.  It
isn't on Fedora, but it is on Debian for example.  On Fedora /tmp is
cleaned after 10 days.

That (2) says /var/tmp is suitable for files that need to persist
across reboots.  And because of (1) is also suitable for large files.
On Fedora /var/tmp is cleaned after 30 days.

If what you're storing isn't a temporary file (whatever that means)
then there are better places to put them: eg. the home directory,
/var/cache, /var/spool etc.

After reading this I made some changes to libguestfs so it behaves
more according to these rules.

Rich.

-- 
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw

More information about the devel mailing list