On Sun, 2010-10-31 at 15:07 -0400, Matt McCutchen wrote:
> On Wed, 2010-10-20 at 08:13 -0400, Daniel J Walsh wrote:
> > I have been trying to get system processes to stop using /tmp for years.
> > http://danwalsh.livejournal.com/11467.html
> > As some one who lives with polyinstatiated namespace /tmp, The only
> > problem I know of now is handing of kerberos tickets. Whenever a system
> > process (root) needs to communicate with a user via /tmp. namespace
> > /tmp breaks it. sssd can not create kerberos tickets in my /tmp and
> > gssd can not find my kerberos tickets in /tmp. I believe the solution
> > to both is to move the tickets to be managed by sssd and leave /tmp to
> > users.
> > BTW, X has solved this problem a couple of years ago by using virtual
> > namespace for its sockets.
> In the abstract namespace, don't you have the same problem where if the
> real X server dies for any reason, other users can create a socket at
> the same path and mess with your applications?
There are multiple "problems" ... the one that using the abstract
socket namespace solves is that you can have a per. user /tmp and still
communicate between users.
Much like if you have a per. user /tmp but /tmp/global was shared among
all users, and kerberos/X/whatever all used that (IMNSHO much better
than using the abstract namespace ... but meh).
devel mailing list