[systemd-devel] [PATCH 3/3] units: Ubuntu has different mount options for /var/lock & /var/run
Kay Sievers
kay.sievers at vrfy.org
Mon Oct 25 06:55:24 PDT 2010
On Mon, Oct 25, 2010 at 15:24, Andrew Edmunds
<Andrew.Edmunds at yahoo.com.au> wrote:
> +Where=/var/lock
> +Type=tmpfs
> +m4_dnl
> +m4_ifdef(`TARGET_UBUNTU',
> +`Options=nosuid,nodev,noexec',
> +`Options=mode=775,gid=lock')
Are you sure that /var/lock is world-writable? That's something that
should be fixed on Ubuntu, I guess. We have far too many directories
already where untrusted users can drop/hide crap, and consume RAM with
tmpfs.
> +Where=/var/run
> +Type=tmpfs
> +m4_ifdef(`TARGET_UBUNTU',
> +`Options=nosuid,mode=755',
> +`Options=mode=755')
Same as above, I don't see a problem adding these additional
restrictions for everyone.
In general, we should not add distro ifdefs where it's not absolutely
needed, or it's something new to find out how it works in the field.
Most of these distro-specific things will go away some day later
anyway, when the systemd integration period is over and we know what
the sane defaults are, and the work to maintain the differences should
be on the distro packaging and not the upstream systemd tree.
The general goal is to unify the system config across all
distributions here, and not to have useless differences without any
benefit for the user. In almost all cases, the common sane default is
more worth than any distro specific convenience for specific options.
If distros go and try something new, that diverges from the common
behavior, that is totally supported, and maybe adopted later for
everybody. But such useless differences should be avoided for many
reasons, and in the long run, everybody should just get rid of them.
In short, it means, you should try to get that changed in Ubuntu, even
for non-systemd installations. :)
Thanks,
Kay
More information about the systemd-devel
mailing list