Re: Default size limits for /run (/var/run) and /run/lock (/var/lock)
First of all, thanks to Roger Leigh for leading this effort.
Roger Leigh wrote:
> Switch the default for all tmpfs mounts from 50% to 20%; it's
> still very large, but you have to mount many more to be able to
> break your system.
He should have said "... but you have to mount *and fill* many more
to be able to break your system."
The current tmpfs size of 50% suffices to protect the system should
any *one* tmpfs be completely filled by a wayward process. Is that
not good enough? I.e., do we really need to worry about the case
where multiple tmpfses get filled simultaneously?
Does it matter whether the system fails due to filesystem full or
due to OOM? Broken is broken.
If we do need to worry about that case then the real solution is
not arbitrarily to increase the number-of-tmpfses-to-fill-up-in-
order-to-break-the-system from 2 to 5. One real solution is to
limit the total amount of memory that all tmpfses can take up to
some value less than 100%. Another is to look more closely at which
tmpfses could reasonably be attacked and limit the sum of *their*
sizes to something less than 100%.