On Tue, Apr 28, 2015 at 1:06 PM, Lennart Poettering <lenn...@poettering.net> wrote:
> On Tue, 28.04.15 12:03, Michał Zegan (webczat_...@poczta.onet.pl) wrote: > > > (sorry, I haven't sent a reply to the list) > > What about namespacing and mounting tmpfs per user? You can specify a > > filesystem size when mounting tmpfs can't you? > > Well, you can set this up with some packages for individual systems, > but this cannot work for general purpose systems since X11 uses /tmp > for placing its communication sockets. That *should* work as long as the X server itself is started by the same user (GDM 3.16 works that way because of Wayland, as does startx). > Moreover, when this is set up > the mount propagation from the user's namespace to the rest of system > must be turned off for the root directory, and this will break general > assumptions around mounting things through tools like "su" or "sudo" > then, as those mounts will not propagate to the rest of the system > either... > Wondering how the existing pam_namespace deals with this. Maybe / could be kept shared, just /tmp made private. I don't really like the idea of littering regular systems with even more tangled mount namespaces, but still curious if this could work. -- Mantas Mikulėnas <graw...@gmail.com>
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
