Re: Mounting /dev/shm noexec

To: debian-user@lists.debian.org
Subject: Re: Mounting /dev/shm noexec
From: Valter Jaakkola <valter.jaakkola@elisanet.fi>
Date: Sun, 04 Oct 2020 23:47:29 +0300
Message-id: <[🔎] 36ae2a7626a64b6d5e7800a6cd86e2af907c96c3.camel@elisanet.fi>
In-reply-to: <[🔎] E1kOV4L-00074T-KV@mail.einval.com>
References: <[🔎] 2543cc569115136a021c132be3ed0cc73eb3cc66.camel@elisanet.fi> <[🔎] 2543cc569115136a021c132be3ed0cc73eb3cc66.camel@elisanet.fi> <[🔎] E1kOV4L-00074T-KV@mail.einval.com>

Hi, and thank you all for the great replies!

So I added the following line to fstab:
    tmpfs /dev/shm tmpfs rw,nosuid,nodev,noexec 0 0
and it works, just as you said it would. No second /dev/shm popping up or other
stuff I had assumed.

(I'm not sure if it now takes a second longer for the GNOME login screen to
appear after boot, but I didn't find any errors in logs and things seem to
work.)

Steve McIntyre wrote:
> Andy Smith wrote:
> 
> > Though note that it seems systemd once did use "noexec" for /dev/shm
> > but stopped 10 years ago because it broke some uses of mmap:
> > 
> >    https://github.com/systemd/systemd/commit/501c875bffaef3263ad42c32485c7fde41027175
> 
> libffi also has a habit of using /dev/shm for writing temporary
> trampolines for cross-language calls, and they need to be executable.

I'll keep these in mind if I run into problems later on.

Kind regards,
Valter Jaakkola

Reply to:

References:
- Mounting /dev/shm noexec
  - From: Valter Jaakkola <valter.jaakkola@elisanet.fi>
- Re: Mounting /dev/shm noexec
  - From: Steve McIntyre <steve@einval.com>

Prev by Date: Re: preseed ansible problem
Next by Date: Frequent freeze and Gnome restart
Previous by thread: Re: Mounting /dev/shm noexec
Next by thread: Re: Re: Mounting /dev/shm noexec
Index(es):
- Date
- Thread