On Sun, Sep 27, 2015 at 10:38 AM, lee <l...@yagibdah.de> wrote: > Hi, > > when updating a guest in an LXC, emerging python pointed out a problem > with a broken /dev/shm. So I found out how to mount /dev/shm in the > container and updated. > > However, I'm wondering how secure that is, and I wonder if I should > leave it mounted or disable the mount. It might be a very bad idea to > leave it mounted, and there's probably good reasons not to have it > mounted by default, yet I don't know if anything in the container might > use or need this mount after updating.
There are a few glibc functions that require it: - Shared memory - Semaphores As a developer, I consider your system to be mis-configured if it is not mounted properly, and I would immediately close any related bug reports. I don't see how it could possibly be a security problem.
