Bug#942051: debian-policy: [4.9] requirement to write only to /tmp, /var/tmp, ${TMPDIR} is too strict
Package: debian-policy
Version: 4.4.1.1
Severity: minor
While checking the upgrade checklist I noticed this new requirement:
+---
| 4.9
| Required targets must not write outside of the unpacked source
| package tree, except for TMPDIR, /tmp and /var/tmp.
+---
The wording is a bit too strict and should be relaxed. There are
other paths that should be fine to be written to during the build
process, for example /dev/shm, /run/lock[1], or possibly anything
below /proc/<pid> for processes spawned by the build process.
Ansgar
[1] Which I noticed is world-writable which I'm not sure should be
as users could then fill /run... Note that /run/user/<uid> has
separate filesystems to avoid this problem; but then there are
many paths below /run writable by service users which can cause
the same problems.
Reply to: