On Mon, 25.10.10 23:24, Andrew Edmunds ([email protected]) wrote:
> The following entries appear in /lib/init/fstab (Upstart's > private list of mounts): > none /var/run tmpfs mode=0755,nosuid,showthrough 0 0 > none /var/lock tmpfs nodev,noexec,nosuid,showthrough 0 0 Do you happen to know why /var/run doesn't have nodev,noexec set too? I have now added all three options to both mounts for all distros, as I think all distros oculd benefit equally from it. I figure people will report back if that breaks something... > The "showthrough" option is Upstart specific but the remaining > options should be honoured. Hmm, just out of curiousity, do you know what it does? > +[Unit] > +Description=Runtime Directory > +Before=local-fs.target > + > +[Mount] > +What=tmpfs > +Where=/var/run > +Type=tmpfs > +m4_ifdef(`TARGET_UBUNTU', > +`Options=nosuid,mode=755', > +`Options=mode=755') I have decided not to merge this part for now. I'd much prefer if ubuntu would adopt the lock group too, since everything else appears to be a security nightmare to me. Also note that Ubuntu and Debian are in the same boat here, so if we merge some fix for this I want something that covers both cases. Tollef, Michael, can you comment on your plans on Debian regarding the lock group and the default mount flags for /var/run? Would it be feasible to simply create the group from the systemd .deb for now, and see what breaks? Andrew, are your .debs based on Michael's/Tollef's Debian .debs? Lennart -- Lennart Poettering - Red Hat, Inc. _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
