[systemd-devel] logind vs CAP_SYS_ADMIN-lessness
Lennart Poettering
lennart at poettering.net
Fri Jan 23 09:57:05 PST 2015
On Fri, 23.01.15 15:45, Christian Seiler (christian at iwakd.de) wrote:
> Am 2015-01-23 08:29, schrieb Mantas Mikulėnas:
> >IIRC, the reason for tmpfs on /run/user/* was lack of tmpfs quotas...
> >if thats still a problem, maybe there could be one tmpfs at /run/user,
> >still preventing users from touching root-only /run?
>
> Yes, that's a good idea. Initially when posting this thread I thought
> that there just had to be a trade-off between dropping CAP_SYS_ADMIN
> (and making it more difficult to escape the container), and a user
> inside the container DOSing the container by filling up /run.
>
> But with your idea, I can at least separate /run/user from /run
> itself
Hmm, which container manager are you using? I am tempted to just
change nspawn to mount a private tmpfs into /run/user, too, as it
already mounts /run anyway.
> (the same way mode=1777 /run/lock is a separate tmpfs already)
> by just a simple static mount entry for the container.
Hmm, /run/lock is a sepatate tmpfs? /run/lock is a pretty useless,
legacy thing. Which distro is this?
Lennart
--
Lennart Poettering, Red Hat
More information about the systemd-devel
mailing list