[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Why do we have to support tmpfs for /var/run (policy changes in 3.8.1)



OoO En  ce début de soirée du  dimanche 05 avril 2009,  vers 21:56, Russ
Allbery <rra@debian.org> disait :

>> I don't  know for proftpd,  but a daemon  can use an empty  directory in
>> /var/run to chroot into it.

> Seems like a good use for /var/lib to me.  There's no reason that I can
> see  to put  such  a directory  on  a file  system  that's defined  as
> transient.

Both   /var/lib  and   /var/run  are   for  files,   not   really  empty
directories. It seems to be more usual to put an empty (or almost empty)
directory into  /var/run than into /var/lib.  Googling a bit,  I did not
find  any  rationale  behind  this.   It  seems  not  advisable  to  use
/var/empty (an hole in an  application could permit to share the exploit
with another for example).

This  is not  an  argument against  having  /var/run in  tmpfs, just  an
information about what  kind of daemon could be run  from inetd and need
something in /var/run.
-- 
I WILL NOT HANG DONUTS ON MY PERSON
I WILL NOT HANG DONUTS ON MY PERSON
I WILL NOT HANG DONUTS ON MY PERSON
-+- Bart Simpson on chalkboard in episode 2F13

Attachment: pgpDwz2B1v4u6.pgp
Description: PGP signature


Reply to: