Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.
Chris Adams
cmadams at hiwaay.net
Tue Nov 8 01:15:14 UTC 2011
Once upon a time, Lennart Poettering <mzerqung at 0pointer.de> said:
> Yes, since they are created as subdirectories of the real / with mkdtemp()
> and thus can be found there like any other directory if you are running
> in the main namespaces.
>
> No, since there's currently no sane way to figure out the private /tmp
> directory of a running service. i.e. there's currently no sane way to
> figure out which directory in /tmp appears as /tmp to
> avahi-daemon.service. So, while you see all the subdirs, you'll have a
> hard time to figure out which one is which one.
So are they subdirectories of / or /tmp?
How do standard tools like fuser and lsof see them? I'm thinking of
cases like "daemon gets cracked", where script-kiddie starts downloading
attempted rootkits into /tmp, or where luser does something that starts
filling up the disk, etc. If fuser/lsof can tell me correctly which
process is accessing that directory, that's probably good enough.
> But we could definitely add this if necessary, as a property on the bus
> object of the service, which would then be queriable with "systemctl
> show".
If it isn't too hard, that would be good as well.
--
Chris Adams <cmadams at hiwaay.net>
Systems and Network Administrator - HiWAAY Internet Services
I don't speak for anybody but myself - that's enough trouble.
More information about the devel
mailing list