Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

Daniel J Walsh dwalsh at redhat.com
Mon Nov 7 21:44:54 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/07/2011 04:08 PM, Simo Sorce wrote:
> On Mon, 2011-11-07 at 15:42 -0500, Daniel J Walsh wrote:
>> -----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
>> 
>> On 11/07/2011 03:38 PM, Matej Cepl wrote:
>>> Dne 7.11.2011 20:50, Daniel J Walsh napsal(a):
>>>> systemd as of Fedora 16 has the ability to run system
>>>> services with private /tmp and /var/tmp.  I would like to
>>>> propose that we make this the default in Fedora 17, or at
>>>> least open a bugzilla on all system services that we know of
>>>> that use /tmp and /var/tmp to make them use private /tmp and
>>>> /var/tmp.
>>> 
>>> I am afraid, the proper way how to propose new Feature in
>>> Fedora is described on
>>> http://fedoraproject.org/wiki/Features/Policy . Throwing it on
>>> fedora-devel is I am afraid most likely a waste of time.
>>> 
>>> Matěj
>>> 
>> 
>> I know I just opened a couple of other features on Fedora 17.  I
>> just wanted to open discussion on this about what would be the
>> best way to do this.
>> 
>> * Make it default in systemd * Open bugzillas on apps that
>> SELinux discovers uses /tmp and ask them to change. * Maybe a bad
>> idea.  Since admins might get confused by different /tmp(s). *
>> Reasonable reasons for service apps to use /tmp.
> 
> Why not simply open bugs to have apps use /var/run/<name> ?
> 
> I did something similar patching samba long ago to not export the 
> winbindd pipes in /tmp and sounds cleaner and avoid confusion.
> 
> The main issue with moving /tmp to /var/run or something is if you 
> *really* need to allow random users to write in it.
> 
> Because in that case you risk local DoS if users fill up the space
> (not necessarily out of malice).
> 
> Not that filling /tmp is not a problem. and with /var/run baing a
> tmpfs perhaps not a too bid deal either, at least users are not
> eating into / or /var
> 
> Simo.
> 
> Simo.
> 

I often do this, (Probably did it with winbind.) but in some cases the
maintainer might not know how to make the change or upstream would not
want the change.  Plus if we made it the default then someone
downloading a non fedora package would get it by default.

Also some packages like bash do this automatically.

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk64UVYACgkQrlYvE4MpobPlmgCgys6SUI0eiBLmMZ6Zn3GCUWH+
4w8AoNbt8a5Ua6uR2xgoESUJC1mQSsD4
=KPSB
-----END PGP SIGNATURE-----

More information about the devel mailing list