Proposing Fedora Feature for private /tmp and /var/tmp for all systemd services in Fedora 17.

Daniel J Walsh dwalsh at redhat.com
Tue Nov 8 14:07:43 UTC 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 11/07/2011 08:48 PM, Lennart Poettering wrote:
> On Mon, 07.11.11 19:15, Chris Adams (cmadams at hiwaay.net) wrote:
> 
>> Once upon a time, Lennart Poettering <mzerqung at 0pointer.de>
>> said:
>>> Yes, since they are created as subdirectories of the real /
>>> with mkdtemp() and thus can be found there like any other
>>> directory if you are running in the main namespaces.
>>> 
>>> No, since there's currently no sane way to figure out the
>>> private /tmp directory of a running service. i.e. there's
>>> currently no sane way to figure out which directory in /tmp
>>> appears as /tmp to avahi-daemon.service. So, while you see all
>>> the subdirs, you'll have a hard time to figure out which one is
>>> which one.
>> 
>> So are they subdirectories of / or /tmp?
> 
> The latter.
> 
>> How do standard tools like fuser and lsof see them?
> 
> If run on the main namespace all they see is that the files are in
> some randomized subdir of /tmp, instead of /tmp itself.
> 
>> I'm thinking of cases like "daemon gets cracked", where
>> script-kiddie starts downloading attempted rootkits into /tmp, or
>> where luser does something that starts filling up the disk, etc.
>> If fuser/lsof can tell me correctly which process is accessing
>> that directory, that's probably good enough.
> 
> Yes, this works as it always did. We made sure that the behaviour
> change is as minimal as possible and all the accounting and
> discoverability is unchanged.
> 
> Lennart
> 


One suggestion would be to create a directory in /tmp at early boot.
/tmp/.systemd  Which would only have root only access.

ls -ld /tmp/.systemd/
drwx------. 2 root root 40 Nov  8 09:04 /tmp/.systemd/

When systemd boots before it starts any other processes it could check
for the existance of this directory and if it has any permissions that
differ, destroy it and recreate it.  Then it could create the services
directories underneath it with well known names.  And bind mount those
directories over /tmp.  Then it would be easier for the administrators
to find the /tmp directories.


-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/

iEYEARECAAYFAk65N64ACgkQrlYvE4MpobNkzgCfX+BlELexPQhiRUQhV27Ni2Uo
UnAAn1MrpVAWKX6uqEgfBQCSyenpmzBY
=38FG
-----END PGP SIGNATURE-----

More information about the devel mailing list