[systemd-devel] [PATCH] core: reuse the same /tmp and /var/tmp
Zbigniew Jędrzejewski-Szmek
zbyszek at in.waw.pl
Mon Feb 4 17:42:54 PST 2013
On Mon, Feb 04, 2013 at 11:58:30AM +0000, Colin Guthrie wrote:
> [and the crowd goes wild!]
>
> Thanks for this work. I've also had a few bug reports about this one.
>
> 'Twas brillig, and Michal Sekletar at 02/02/13 09:10 did gyre and gimble:
> > thank you very much for the review, it is very appreciated. I've sent
> > out the patch to get a feedback on a general approach, since there are
> > no objections to it, I will hack up the rest, inaccessible dirs, man
> > page etc...
>
> As a small bit of bikeshedding/feature creep: would it be possible to
> name the directories with a little bit of context in them? e.g. it would
> be great if they could be called systemd-myunit-service-XXXXXX.
That would be useful. Probably better as a separate patch.
> There may be valid reasons for not doing this, but when debugging things
> and poking about as root user it might add a little bit of clarity when
> several such folders exist (of course slight obfuscation here may be
> deliberate)
For system units, obfuscation as a security measure is useless here:
the knowledge which units started is public, and units definitions too.
So the extra time required to iterate over directories is unimportant
for an attacker, but annoying for the administrator.
For user units, PrivateTmp doesn't work.
Zbyszek
More information about the systemd-devel
mailing list