On Sat, Jun 14, 2014 at 3:52 AM, Petter Reinholdtsen <[email protected]> wrote: > One nice way to isolate users a bit more from each other is to ensure > that each user but their temporary files in separate directories > instead of /tmp/. This can be easily done in Debian by installing the > libpam-tmpdir package, and I believe we should do it in the freedombox. > > It make it slightly harder to use su/sudo, as one might end up > inheriting a TMP/TMPDIR environment setting where one lack access, but > it is easily solved by remembering to changing how one call su/sudo. > > Any objections?
No objection to this change, but I found a bug while trying to build an image with freedom-maker: Setting up ssl-cert (1.0.34) ... mktemp: failed to create file via template '/tmp/user/0/tmp.XXXXXXXXXX': No such file or directory dpkg: error processing package ssl-cert (--configure): subprocess installed post-installation script returned error exit status 1 ... Processing triggers for ca-certificates (20140325) ... mktemp: failed to create file via template '/tmp/user/0/ca-certificates.crt.tmp.XXXXXX': No such file or directory dpkg: error processing package ca-certificates (--configure): subprocess installed post-installation script returned error exit status 1 It looks like the issues are caused by the following scripts running mktemp: [1] http://sources.debian.net/src/ca-certificates/20140325/sbin/update-ca-certificates [2] http://sources.debian.net/src/ssl-cert/1.0.34/make-ssl-cert I found a similar bug that was reported for pbuilder: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=725434 which suggests it is related to having libpam-tmpdir installed. I guess I'm not really clear on which package this bug would belong to. Should libpam-tmpdir have created the missing folder? Or is that something we need to do in freedom-maker? _______________________________________________ Freedombox-discuss mailing list [email protected] http://lists.alioth.debian.org/cgi-bin/mailman/listinfo/freedombox-discuss
