On Mon, Oct 25, 2010 at 15:24, Andrew Edmunds <[email protected]> wrote:
> +Where=/var/lock > +Type=tmpfs > +m4_dnl > +m4_ifdef(`TARGET_UBUNTU', > +`Options=nosuid,nodev,noexec', > +`Options=mode=775,gid=lock') Are you sure that /var/lock is world-writable? That's something that should be fixed on Ubuntu, I guess. We have far too many directories already where untrusted users can drop/hide crap, and consume RAM with tmpfs. > +Where=/var/run > +Type=tmpfs > +m4_ifdef(`TARGET_UBUNTU', > +`Options=nosuid,mode=755', > +`Options=mode=755') Same as above, I don't see a problem adding these additional restrictions for everyone. In general, we should not add distro ifdefs where it's not absolutely needed, or it's something new to find out how it works in the field. Most of these distro-specific things will go away some day later anyway, when the systemd integration period is over and we know what the sane defaults are, and the work to maintain the differences should be on the distro packaging and not the upstream systemd tree. The general goal is to unify the system config across all distributions here, and not to have useless differences without any benefit for the user. In almost all cases, the common sane default is more worth than any distro specific convenience for specific options. If distros go and try something new, that diverges from the common behavior, that is totally supported, and maybe adopted later for everybody. But such useless differences should be avoided for many reasons, and in the long run, everybody should just get rid of them. In short, it means, you should try to get that changed in Ubuntu, even for non-systemd installations. :) Thanks, Kay _______________________________________________ systemd-devel mailing list [email protected] http://lists.freedesktop.org/mailman/listinfo/systemd-devel
