[systemd-devel] [PATCH 3/3] units: Ubuntu has different mount options for /var/lock & /var/run

Lennart Poettering lennart at poettering.net
Mon Oct 25 12:29:28 PDT 2010


On Mon, 25.10.10 23:24, Andrew Edmunds (Andrew.Edmunds at yahoo.com.au) wrote:

> The following entries appear in /lib/init/fstab (Upstart's
> private list of mounts):
> none  /var/run   tmpfs  mode=0755,nosuid,showthrough    0 0
> none  /var/lock  tmpfs  nodev,noexec,nosuid,showthrough 0 0

Do you happen to know why /var/run doesn't have nodev,noexec set too?

I have now added all three options to both mounts for all distros, as I
think all distros oculd benefit equally from it. I figure people will
report back if that breaks something...

> The "showthrough" option is Upstart specific but the remaining
> options should be honoured.

Hmm, just out of curiousity, do you know what it does?

> +[Unit]
> +Description=Runtime Directory
> +Before=local-fs.target
> +
> +[Mount]
> +What=tmpfs
> +Where=/var/run
> +Type=tmpfs
> +m4_ifdef(`TARGET_UBUNTU',
> +`Options=nosuid,mode=755',
> +`Options=mode=755')

I have decided not to merge this part for now. I'd much prefer if ubuntu
would adopt the lock group too, since everything else appears to be a
security nightmare to me. Also note that Ubuntu and Debian are in the
same boat here, so if we merge some fix for this I want something that
covers both cases.

Tollef, Michael, can you comment on your plans on Debian regarding the
lock group and the default mount flags for /var/run?

Would it be feasible to simply create the group from the systemd .deb
for now, and see what breaks?

Andrew, are your .debs based on Michael's/Tollef's Debian .debs?

Lennart

-- 
Lennart Poettering - Red Hat, Inc.


More information about the systemd-devel mailing list