[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFD: use transient /var/run (tmpfs) or not?

On Sat, 25 Sep 2004, Russell Coker wrote:
> On Tue, 21 Sep 2004 21:37, Matus UHLAR - fantomas <uhlar@fantomas.sk> wrote:
> The problem is that many daemons want/need to create files under /var/run.  So 
> those daemons have write access to /var/run for whatever they want to create.

I see how that would be suboptimal under SELinux, since before you could
have better control over it by only allowing dpkg and postinsts to do so.

Still, it CAN be made safe even for SELinux, if the init script first tests
if the directory is there before mucking around with it... *and* we include
the /var/run/<package> inside the deb, or create it on postinst.

SELinux users would better not use an ephemeral /var/run, then, but it would
work fine for everybody since the codepaths would run only if the /var/run
directories are missing.

-- 
  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh
Reply to: