severity 635131 important thanks On 22.07.2011 23:27, Roger Leigh wrote:
> /run/user is created by systemd. This contains within it directories > owned by logged in users e.g. /run/user/rleigh in my case, and the > environment variable XDG_RUNTIME_DIR is set to this location. > > There are a few problems with this: > > 1) Any user can now trivially DoS the system by filling up /run. I think that is a valid problem and a possible solution would be to use a separate tmpfs for /run/user as long as we don't have quota support for tmpfs. mountall (upstart) goes this route and uses none /run/user tmpfs nodev,noexec,nosuid,size=104857600,mode=0755 0 0 in /lib/init/fstab. The only tricky part here is the size. We can either: a/ hard code it and ship a run-user.mount unit in /lib/systemd/system b/ generate it dynamically upon installation and store the mount unit in /etc/systemd/system If a/, the question is which size we chose, if b/ which percentage of the available RAM we use. Michael -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
