Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-21 Thread drago01
On Wed, Jan 21, 2015 at 4:59 PM, Lennart Poettering mzerq...@0pointer.de wrote: On Wed, 21.01.15 09:49, Daniel J Walsh (dwa...@redhat.com) wrote: * Other developers: ** Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem) ** Enable namespaces in

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-21 Thread Lennart Poettering
On Wed, 21.01.15 09:49, Daniel J Walsh (dwa...@redhat.com) wrote: * Other developers: ** Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem) ** Enable namespaces in /etc/security/namespace.conf (packagename: PAM) ** Enable proper selinux context and

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-21 Thread Huzaifa Sidhpurwala
On 01/20/2015 05:59 PM, Lennart Poettering wrote: Well, /tmp is used by X11 among other for IPC across user boundaries. If you give each other their private instance of it, they cannot use this for communication anymore. You are breaking X11 this way. Did you read the attached references

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-21 Thread Lennart Poettering
On Wed, 21.01.15 14:34, Huzaifa Sidhpurwala (huzai...@redhat.com) wrote: On 01/20/2015 05:59 PM, Lennart Poettering wrote: Well, /tmp is used by X11 among other for IPC across user boundaries. If you give each other their private instance of it, they cannot use this for communication

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-21 Thread Daniel J Walsh
On 01/20/2015 07:29 AM, Lennart Poettering wrote: On Tue, 20.01.15 12:53, Jaroslav Reznik (jrez...@redhat.com) wrote: = Proposed System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default = https://fedoraproject.org/wiki/Changes/Polyinstantiated_tmp_by_Default

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread Lennart Poettering
On Tue, 20.01.15 12:53, Jaroslav Reznik (jrez...@redhat.com) wrote: = Proposed System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default = https://fedoraproject.org/wiki/Changes/Polyinstantiated_tmp_by_Default Change owner(s): Huzaifa Sidhpurwala

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread Tom Hughes
On 20/01/15 12:16, Tomas Hozza wrote: On 01/20/2015 01:08 PM, Tom Hughes wrote: On 20/01/15 11:53, Jaroslav Reznik wrote: * Other developers: ** Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem) ** Enable namespaces in /etc/security/namespace.conf (packagename: PAM)

F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread Jaroslav Reznik
= Proposed System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default = https://fedoraproject.org/wiki/Changes/Polyinstantiated_tmp_by_Default Change owner(s): Huzaifa Sidhpurwala huzai...@redhat.com Polyinstantiation of temperary directories is a pro-active security

F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread Jaroslav Reznik
= Proposed System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default = https://fedoraproject.org/wiki/Changes/Polyinstantiated_tmp_by_Default Change owner(s): Huzaifa Sidhpurwala huzai...@redhat.com Polyinstantiation of temperary directories is a pro-active security

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread Tomas Hozza
On 01/20/2015 01:08 PM, Tom Hughes wrote: On 20/01/15 11:53, Jaroslav Reznik wrote: * Other developers: ** Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem) ** Enable namespaces in /etc/security/namespace.conf (packagename: PAM) ** Enable proper selinux

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread Tom Hughes
On 20/01/15 11:53, Jaroslav Reznik wrote: * Other developers: ** Add /tmp-inst and /var/tmp/tmp-inst to filesystem. (packagename: filesystem) ** Enable namespaces in /etc/security/namespace.conf (packagename: PAM) ** Enable proper selinux context and polyinstantiation_enabled boolean to be set

Re: F22 System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default

2015-01-20 Thread J├│hann B. Gu├░mundsson
On 01/20/2015 11:53 AM, Jaroslav Reznik wrote: = Proposed System Wide Change: Enable Polyinstantiated /tmp and /var/tmp directories by default = https://fedoraproject.org/wiki/Changes/Polyinstantiated_tmp_by_Default Change owner(s): Huzaifa Sidhpurwala huzai...@redhat.com Polyinstantiation of