FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 10-31-2010, 06:07 PM
Matt McCutchen
 
Default Polyinstantiated /tmp

On Wed, 2010-10-20 at 08:13 -0400, Daniel J Walsh wrote:
> I have been trying to get system processes to stop using /tmp for years.
>
> http://danwalsh.livejournal.com/11467.html
>
> As some one who lives with polyinstatiated namespace /tmp, The only
> problem I know of now is handing of kerberos tickets. Whenever a system
> process (root) needs to communicate with a user via /tmp. namespace
> /tmp breaks it. sssd can not create kerberos tickets in my /tmp and
> gssd can not find my kerberos tickets in /tmp. I believe the solution
> to both is to move the tickets to be managed by sssd and leave /tmp to
> users.
>
> BTW, X has solved this problem a couple of years ago by using virtual
> namespace for its sockets.

In the abstract namespace, don't you have the same problem where if the
real X server dies for any reason, other users can create a socket at
the same path and mess with your applications?

--
Matt

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-01-2010, 11:37 AM
Daniel J Walsh
 
Default Polyinstantiated /tmp

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

On 10/31/2010 03:07 PM, Matt McCutchen wrote:
> On Wed, 2010-10-20 at 08:13 -0400, Daniel J Walsh wrote:
>> I have been trying to get system processes to stop using /tmp for years.
>>
>> http://danwalsh.livejournal.com/11467.html
>>
>> As some one who lives with polyinstatiated namespace /tmp, The only
>> problem I know of now is handing of kerberos tickets. Whenever a system
>> process (root) needs to communicate with a user via /tmp. namespace
>> /tmp breaks it. sssd can not create kerberos tickets in my /tmp and
>> gssd can not find my kerberos tickets in /tmp. I believe the solution
>> to both is to move the tickets to be managed by sssd and leave /tmp to
>> users.
>>
>> BTW, X has solved this problem a couple of years ago by using virtual
>> namespace for its sockets.
>
> In the abstract namespace, don't you have the same problem where if the
> real X server dies for any reason, other users can create a socket at
> the same path and mess with your applications?
>
Yes although there, you can only create sockets.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.11 (GNU/Linux)
Comment: Using GnuPG with Fedora - http://enigmail.mozdev.org/

iEYEARECAAYFAkzOtIAACgkQrlYvE4MpobPXgQCdH+Z26zudSV lF/SqhuXLdFJcE
NHsAoNGkABKeaSxJ67kXjnuYM5tG1Nkr
=qB2z
-----END PGP SIGNATURE-----
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 11-01-2010, 01:07 PM
James Antill
 
Default Polyinstantiated /tmp

On Sun, 2010-10-31 at 15:07 -0400, Matt McCutchen wrote:
> On Wed, 2010-10-20 at 08:13 -0400, Daniel J Walsh wrote:
> > I have been trying to get system processes to stop using /tmp for years.
> >
> > http://danwalsh.livejournal.com/11467.html
> >
> > As some one who lives with polyinstatiated namespace /tmp, The only
> > problem I know of now is handing of kerberos tickets. Whenever a system
> > process (root) needs to communicate with a user via /tmp. namespace
> > /tmp breaks it. sssd can not create kerberos tickets in my /tmp and
> > gssd can not find my kerberos tickets in /tmp. I believe the solution
> > to both is to move the tickets to be managed by sssd and leave /tmp to
> > users.
> >
> > BTW, X has solved this problem a couple of years ago by using virtual
> > namespace for its sockets.
>
> In the abstract namespace, don't you have the same problem where if the
> real X server dies for any reason, other users can create a socket at
> the same path and mess with your applications?

There are multiple "problems" ... the one that using the abstract
socket namespace solves is that you can have a per. user /tmp and still
communicate between users.
Much like if you have a per. user /tmp but /tmp/global was shared among
all users, and kerberos/X/whatever all used that (IMNSHO much better
than using the abstract namespace ... but meh).

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 06:47 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org