[systemd-devel] [PATCH 3/3] units: Ubuntu has different mount options for /var/lock & /var/run
Lennart Poettering
lennart at poettering.net
Mon Oct 25 12:29:28 PDT 2010
On Mon, 25.10.10 23:24, Andrew Edmunds (Andrew.Edmunds at yahoo.com.au) wrote:
> The following entries appear in /lib/init/fstab (Upstart's
> private list of mounts):
> none /var/run tmpfs mode=0755,nosuid,showthrough 0 0
> none /var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0
Do you happen to know why /var/run doesn't have nodev,noexec set too?
I have now added all three options to both mounts for all distros, as I
think all distros oculd benefit equally from it. I figure people will
report back if that breaks something...
> The "showthrough" option is Upstart specific but the remaining
> options should be honoured.
Hmm, just out of curiousity, do you know what it does?
> +[Unit]
> +Description=Runtime Directory
> +Before=local-fs.target
> +
> +[Mount]
> +What=tmpfs
> +Where=/var/run
> +Type=tmpfs
> +m4_ifdef(`TARGET_UBUNTU',
> +`Options=nosuid,mode=755',
> +`Options=mode=755')
I have decided not to merge this part for now. I'd much prefer if ubuntu
would adopt the lock group too, since everything else appears to be a
security nightmare to me. Also note that Ubuntu and Debian are in the
same boat here, so if we merge some fix for this I want something that
covers both cases.
Tollef, Michael, can you comment on your plans on Debian regarding the
lock group and the default mount flags for /var/run?
Would it be feasible to simply create the group from the systemd .deb
for now, and see what breaks?
Andrew, are your .debs based on Michael's/Tollef's Debian .debs?
Lennart
--
Lennart Poettering - Red Hat, Inc.
More information about the systemd-devel
mailing list