]] Sunil Mohan Adapa > During today's FreedomBox meet, we have discussed that systemd'd > PrivateTmp= is a better solution than libpam-tmpdir for FreedomBox at > least as systemd makes a cleaner mount isolation between processes > instead of managing directories and permissions. > > For this reason, we believe that we can stop using libpam-tmpdir if > most of the daemons on the system use PrivateTmp=yes. For a while now, > FreedomBox has been forcefully adding systemd security features to > daemons that don't enable them. Without upstream blessing, we can only > do this for smaller applications than something like MariaDB/MySQL due > the testing effort needed.
They solve completely different problems, though. One handles PAM sessions, the other handles services. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are