[systemd-devel] logind vs CAP_SYS_ADMIN-lessness

Lennart Poettering lennart at poettering.net
Fri Jan 23 09:57:05 PST 2015


On Fri, 23.01.15 15:45, Christian Seiler (christian at iwakd.de) wrote:

> Am 2015-01-23 08:29, schrieb Mantas Mikul─Śnas:
> >IIRC, the reason for tmpfs on /run/user/* was lack of tmpfs quotas...
> >if thats still a problem, maybe there could be one tmpfs at /run/user,
> >still preventing users from touching root-only /run?
> 
> Yes, that's a good idea. Initially when posting this thread I thought
> that there just had to be a trade-off between dropping CAP_SYS_ADMIN
> (and making it more difficult to escape the container), and a user
> inside the container DOSing the container by filling up /run.
> 
> But with your idea, I can at least separate /run/user from /run
> itself 

Hmm, which container manager are you using? I am tempted to just
change nspawn to mount a private tmpfs into /run/user, too, as it
already mounts /run anyway.

> (the same way mode=1777 /run/lock is a separate tmpfs already)
> by just a simple static mount entry for the container.

Hmm, /run/lock is a sepatate tmpfs? /run/lock is a pretty useless,
legacy thing. Which distro is this?

Lennart

-- 
Lennart Poettering, Red Hat


More information about the systemd-devel mailing list