[systemd-devel] generators, private /tmp
Lennart Poettering
lennart at poettering.net
Wed Nov 27 08:35:56 UTC 2024
On Mi, 27.11.24 02:18, James Muir (jamesmui) (jamesmui at cisco.com) wrote:
> > > Thanks for your reply.
> > >
> > > Is my second statement also correct?
> > >
> > > i.e. is there no way to prevent mounting a private /tmp when executing generators using something like an environment variable or config setting?
> >
> > There is none.
>
> I am considering preparing a patch that makes it configurable via system.conf.
>
> e.g., "GeneratorsUsePrivateTmp=yes"
>
> Would a contribution like that be welcome?
Uh, what's the usecase?
If you add a new config knob you need a very good reason too, we are
not fans of of random config knobs with no clear usecase behind them.
Hence, why would this be desirable?
note that generators run in an extremely early context already, where
the real /tmp/ is not available yet, and read-only. hence, it's almost
certainly *wrong* to allow applications to see the real-one: they
should not expect they can write there, and its a terrible place to
read information from (since it's an unmanaged shared namespace).
Hence, you probably will have a very tough time convincing me that
such a knob is desirable, but let's hear it?
Lennart
--
Lennart Poettering, Berlin
More information about the systemd-devel
mailing list