Am 06.03.2015 um 10:10 schrieb Martin Pitt: > Control: found -1 215-12 > Control: tag -1 confirmed > > Ça va Didier, > > Didier Roche [2015-03-06 9:36 +0100]: >> In debian, tmp.mount is disabled through a distro-patch by default. It means >> we don't want user's system to get /tmp on tmpfs without explicit enablement >> (either by enabling tmp.mount unit or via fstab). >> >> We noticed that starting an unit using "PrivateTmp=yes" will pull tmp.mount >> (which mounts /tmp on tmpfs) in its requirements chain (even if this unit is >> condition fail). > > Confirmed. "systemctl start colord" or "systemd-timesyncd" will start > tmp.mount and thus overmount the existing /tmp in the running system. > I reproduced that in a clean sid VM (with LXDE, but I suppose that > doesn't matter much).
The odd thing though is, that PrivateTmp=yes does not trigger the start of tmp.mount during boot at least on all the test systems I have. Do we know, why that is? A Required=tmp.mount should always start the referenced unit, but it seemingly doesn't. >> We need to find a way to ensure that tmp.mount is never accidentally >> trigger, while still enabling the user using fstab to enable /tmp as tmpfs. >> Enabling the unit to get the same effect would be a nice addition. > > I dislike masking it, as that will most probalby lead to problems with > units which have a Requires=tmp.mount (directly or indirectly), these > would block on a masked unit. > > I think the best way forward is to either not ship the unit at all and > document in README.Debian to add /tmp as tmpfs in fstab [1], or ship > it in /usr/share/doc/systemd/ as an example, and document how to > enable it from there. > > Michael, WDYT? This would also mean, to revert the existing work to migrate the RAMTMP=yes setting and clean up existing symlinks. Not really a fan of that, tbh. I think, PrivateTmp=yes pulling in tmp.mount is a bug and I would simply revert b46a529c [1] or replace unit_require_mounts_for with a After dependency [2] only. Michael [1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=b46a529c [2] http://cgit.freedesktop.org/systemd/systemd/tree/src/core/mount.c#n265 -- Why is it that all of the instruments seeking intelligent life in the universe are pointed away from Earth?
signature.asc
Description: OpenPGP digital signature
