Re: Bug#727708: tech-ctte: Decide which init system to default to in Debian.
On Mon, Nov 11, 2013 at 10:24:36PM +0100, Olav Vitters wrote:
> On Mon, Nov 11, 2013 at 08:20:58PM +0000, Thorsten Glaser wrote:
> > >Or a private tmp?
> > I shudder at the mere thought of allowing a dæmon to unshare
> > its /tmp from the rest of the system, because of the maintenance
> > nightmare this creates, from a Unix PoV (maybe it’s “cool” to
> > you and “usual” to Plan 9 guys, but things like this, or POSIX
> > ACLs, or SELinux, massively make the system opaque to Unix admins).
Olav answered other points, I'll just answer this one.
PrivateTmp directiories are accessible from the outside, given suitable
priviledges. If you look into /tmp/systemd-<service>.service-XXXXXXX/tmp
and /var/tmp/systemd-<service>.service-XXXXXXX/tmp, you'll find the
contents of the /tmp and /var/tmp directories of <service>.service.
In fact, we make use of this functionality: the systemd-tmpfiles
cleaner also removes old stuff from PrivateTmp directories, just
like from normal /tmp and /var/tmp.
(Until relatively recently, the service name wasn't used in the
directory name, so all dirs were called /tmp/systemd-private-XXXXXXX,
where XXXXXX is some random string, but now the service is included,
so finding the right dir is rather simple.)