[systemd-devel] users and per user limits (tmpfs)
Mantas Mikulėnas
grawity at gmail.com
Tue Apr 28 03:17:27 PDT 2015
On Tue, Apr 28, 2015 at 1:06 PM, Lennart Poettering <lennart at poettering.net>
wrote:
> On Tue, 28.04.15 12:03, Michał Zegan (webczat_200 at poczta.onet.pl) wrote:
>
> > (sorry, I haven't sent a reply to the list)
> > What about namespacing and mounting tmpfs per user? You can specify a
> > filesystem size when mounting tmpfs can't you?
>
> Well, you can set this up with some packages for individual systems,
> but this cannot work for general purpose systems since X11 uses /tmp
> for placing its communication sockets.
That *should* work as long as the X server itself is started by the same
user (GDM 3.16 works that way because of Wayland, as does startx).
> Moreover, when this is set up
> the mount propagation from the user's namespace to the rest of system
> must be turned off for the root directory, and this will break general
> assumptions around mounting things through tools like "su" or "sudo"
> then, as those mounts will not propagate to the rest of the system
> either...
>
Wondering how the existing pam_namespace deals with this. Maybe / could be
kept shared, just /tmp made private.
I don't really like the idea of littering regular systems with even more
tangled mount namespaces, but still curious if this could work.
--
Mantas Mikulėnas <grawity at gmail.com>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freedesktop.org/archives/systemd-devel/attachments/20150428/31b62e14/attachment-0001.html>
More information about the systemd-devel
mailing list