Ben Howard [2016-01-13 14:26 +0200]: > On the Ubuntu Cloud Images, we have a request to make /tmp a tmpfs. The > rationale, from the bug: > * Performance - much faster read/write access to data in /tmp > * Security - sensitive data would be cleared from memory on boot, > rather than written (leaked) to disk -- important for encryption > scenarios > > Since the Ubuntu Cloud Images are used by a wide number of users, I > wanted to gather feedback and gather consensus on whether or not we > should make this change.
I really wish we would do this in general for new installs, at least as the first thing after releasing 16.04 LTS. I also do this on my boxes, not only for the reasons above [1], but also because it is much more power efficient -- as I literally work in /tmp a lot of my time the disk doesn't need to spin up often. The main reason AFAIK why we didn't yet do that was the concern that there is some broken software out there which potentially dumps really large files into /tmp (yes firefox, I'm looking at YOU!). These would need to be fixed to go to /var/tmp. This is a chicken-and-egg problem, though: We won't find out what's broken until we actually enable it on real-life installations. This problem applies to cloud image use cases just as much as desktop or "classic" servers. My gut feeling is that we should do it if there is ≥ 4 GB RAM, so that /tmp as at least 2 GB of space (That should be a rather simple installer/cloud-init decision?). We don't want to do this on small embedded devices with 512 MB of RAM or so, but there is absolutely no reason to not do it on beefy servers or laptops. In a perfect world we'd have some clever tmpfs file system which would use RAM as available and start overflowing onto a disk partition (which could be LUKS with a random key) when necessary.. But even without that, I've hardly ever run into ENOSPC on my /tmp in many years. Thanks, Martin [1] all my schroot, qemu, and container overlays go into /tmp on a tmpfs, which makes builds, tests, or test installs reeeeally fast -- Martin Pitt | http://www.piware.de Ubuntu Developer (www.ubuntu.com) | Debian Developer (www.debian.org)
signature.asc
Description: Digital signature
-- ubuntu-devel mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
