Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

To: 1023778@bugs.debian.org, debian-devel@lists.debian.org, 1022994@bugs.debian.org
Subject: Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
From: Tollef Fog Heen <tfheen@err.no>
Date: Sun, 13 Nov 2022 17:33:56 +0100
Message-id: <[🔎] 87mt8uzudn.fsf@err.no>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] 3e1a4145-bab8-f3de-54b2-a9dac14b5047@medhas.org> (Sunil Mohan Adapa's message of "Sat, 12 Nov 2022 16:35:10 -0800")
References: <Y2xLylfKj34Fbaou@tapette.crustytoothpaste.net> <[🔎] 20221110072617.GQ28869@mal.justgohome.co.uk> <[🔎] 87leoiwyse.fsf@err.no> <[🔎] CAOU6tABQ26_geaUbknCF+SoXd6ksURVqpn4RSjJUHBjDjf8orQ@mail.gmail.com> <[🔎] CABVffEPzUv-pV+cRzLwjk37D9iFrkmdXRNx3obu7yocMEN7UfA@mail.gmail.com> <[🔎] 3e1a4145-bab8-f3de-54b2-a9dac14b5047@medhas.org>

]] Sunil Mohan Adapa 

> During today's FreedomBox meet, we have discussed that systemd'd
> PrivateTmp= is a better solution than libpam-tmpdir for FreedomBox at 
> least as systemd makes a cleaner mount isolation between processes
> instead of managing directories and permissions.
> 
> For this reason, we believe that we can stop using libpam-tmpdir if
> most of the daemons on the system use PrivateTmp=yes. For a while now, 
> FreedomBox has been forcefully adding systemd security features to
> daemons that don't enable them. Without upstream blessing, we can only 
> do this for smaller applications than something like MariaDB/MySQL due
> the testing effort needed.

They solve completely different problems, though.  One handles PAM
sessions, the other handles services.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are

Reply to:

References:
- TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Robie Basak <robie.basak@ubuntu.com>
- Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Tollef Fog Heen <tfheen@err.no>
- Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Otto Kekäläinen <otto@kekalainen.net>
- Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Daniel Black <daniel@mariadb.org>
- Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
  - From: Sunil Mohan Adapa <sunil@medhas.org>

Prev by Date: Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
Next by Date: Re: Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
Previous by thread: Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
Next by thread: Re: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]
Index(es):
- Date
- Thread