On Mon, 23.05.11 10:17, Roger Leigh ([email protected]) wrote: > > > Do we want to allow users to create files under /run, or reserve it > > > solely for system use? Right now, on Debian, it's not user-writable, > > > with the exception of /run/lock (which can be a separate tmpfs mount, > > > and we're looking at adding a lock group like other distros use to make > > > this not globally writable) and /run/shm (which again is a separate > > > tmpfs). > > > > Dude, you want to weaken the access restrictions on /run? Uh, no! If we > > did that then everybody could just go there are and create /run/dbus and > > subsequently D-Bus couldn't be started anymore. > > Having /run/user/$user writable by the user does not imply having /run > writable by the user in any case (other than indirectly via DoS using > all blocks/inodes). But in general, I think that having any part of > /run user-writable is a legitimate concern--this wasn't part of its > original remit, and it /does/ have implications that need careful > consideration.
Well, I certainly always had in mind creating /run/user, when we pushed for /run. If the quota problem is such a big issue for you and you do not want to wait for a kernel fix introducing quota for tmpfs, and are willing to ignore the security issues with /dev/shm and /tmp on tmpfs, then nothing stops you from making /run/user a tmpfs of its own. Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ fhs-discuss mailing list [email protected] https://lists.linux-foundation.org/mailman/listinfo/fhs-discuss
