[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Default size limits for /run (/var/run) and /run/lock (/var/lock)

On Thu, Apr 14, 2011 at 11:32 AM, Bastien ROUCARIES
<roucaries.bastien@gmail.com> wrote:
> On Thu, Apr 14, 2011 at 11:15 AM, Roger Leigh <rleigh@codelibre.net> wrote:
>> On Thu, Apr 14, 2011 at 10:44:08AM +0200, Bastien ROUCARIES wrote:
>>> On Thu, Apr 14, 2011 at 4:20 AM, Karl Goetz <karl@kgoetz.id.au> wrote:
>>> > On Wed, 13 Apr 2011 10:32:42 +0100
>>> > Roger Leigh <rleigh@codelibre.net> wrote:
>>> >
>>> >> On Tue, Apr 12, 2011 at 12:38:03PM +0100, Roger Leigh wrote:
>>> >
>>> >> Following the discussion yesterday, I'd like to propose doing
>>> >> something like the example below.  It's possible to size a tmpfs
>>> >> as a percentage of core memory, the default being -o size=50%.
>>> >> Rather than setting an absolute value, we can size e.g. /run
>>> >> as a percentage of total memory, which should scale with /run
>>> >> usage better than a fixed value.
>>> >>
>>> >> Proposal:
>>> > [...]
>>> >> /run/shm: No default (use general tmpfs default of 20%)
>>> >> /tmp: No default (use general tmpfs default of 20%)
>>> >
>>> > 20% doesn't seem like a lot for /tmp when people try and compile
>>> > something. While its not something most people end up doing, it does
>>> > seem odd to make people change their tempfs size before they can start
>>> > building packages for debian/themselves.
>>> > just a thought,
>>>
>>> And moreover for scientific computation /tmp need to be on an
>>> harddisk. I do not want my 16GiB matric to go to memory when I have
>>> only 8GiB of RAM....
>>>
>>> Please do not put /tmp on tmpfs use a bind mount of a rw partition
>>
>> If it wasn't already clear, having /tmp as a tmpfs is a
>> /configurable option/, and it is /not/ the default (except when
>> root is read-only (ro) in fstab).
>
> Could you bind mount /var/tmp under /tmp in this case ?

And BTW it seems that since 2.6.14 (subtree bind mount) we could also
mount bind mount of /tmp as noexec nosuid...

Need to test but could work and improve your security

Bastien
>
> Bastien that use is android phone sometime to solve math problem...
>
>>
>>
>> Regards,
>> Roger
>>
>> --
>>  .''`.  Roger Leigh
>>  : :' :  Debian GNU/Linux             http://people.debian.org/~rleigh/
>>  `. `'   Printing on GNU/Linux?       http://gutenprint.sourceforge.net/
>>   `-    GPG Public Key: 0x25BFB848   Please GPG sign your mail.
>>
>> -----BEGIN PGP SIGNATURE-----
>> Version: GnuPG v1.4.10 (GNU/Linux)
>>
>> iEYEARECAAYFAk2muxsACgkQVcFcaSW/uEjw7gCgkYgVs+3SvHhF+8Sgk4SboCQF
>> thgAn38DpDR+iJCv7YdlzTA1nBEfgb8G
>> =2T+k
>> -----END PGP SIGNATURE-----
>>
>>
>
Reply to: