[systemd-devel] Mount options of /var/run/users/<pid>

[Lennart Poettering]

B1;3802;0cOn Sun, 15.02.15 16:31, Павел Самсонов (pvsamsonov76 at gmail.com) wrote:

> Good day, I see a new Debian jessie, and I mean, that /var/run/<pid>
> filesystems must be mounted with noexec options, so thay have user write
> access. On some installations this very important. Were I may configure
> this, or may be You change your default mount options?
> Sorry my English, best regards, Pavel, Russia.

I cannot parse this. Do you mean /run/user/<uid>? /var/run/<pid> is
not a separate mount, /run is, and that is not user writable.

The /run/user/<uid> directory is mounted to implement
XDG_RUNTIME_DIR. We guarantee certain functionality on it, including
the ability to have executable files there, and that's specified in
the XDG_RUNTIME_DIR spec.

Hence, the only way to change it is by patching logind, and we will
not add a configuration option for this, since it would mean
XDG_RUNTIME_DIR would not provide what it's supposed to provide
anymore.

Note though that /run/user/<uid> is mounted as per-user tmpfs
instance, with nosuid and nodev, and a size limit applied. It should
hence be a pretty safe thing.

Also note that "noexec" doesn't really do what people think it does.

Lennart

-- 
Lennart Poettering, Red Hat