FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor

Go Back   Linux Archive > Redhat > Fedora Development

 
 
LinkBack Thread Tools
 
Old 12-13-2010, 02:49 AM
John Reiser
 
Default noexec on /dev/shm

How did /dev/shm get noexec in Fedora 15 rawhide?
$ grep /dev/shm /proc/mounts
tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
$ grep -srl noexec /etc
/etc/alternatives/ld
/etc/fstab ## derived from /proc/mounts
/etc/mtab ## derived from /proc/mounts

This is a change from Fedora 14, and I cannot find documentation.
The only 'noexec' that I can find in the source to systemd-15
is two mentions in units/var-{lock,run}.mount.

As a site administrator, how can I change the default to omit 'noexec'?
As a project leader, how can I get my project's programs working again
if I do not have the privileges of a site administrator?

The project is a database system that creates and dlopen()s
plugins on-the-fly, for better performance on ["long-running"] queries.
We like the speed of creat+write+close+open+read+mmap on /dev/shm.
If /dev/shm and /tmp both become off limits, then what is
the recommended replacement location?

--
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-13-2010, 12:37 PM
Karel Zak
 
Default noexec on /dev/shm

On Sun, Dec 12, 2010 at 07:49:27PM -0800, John Reiser wrote:
> How did /dev/shm get noexec in Fedora 15 rawhide?
> $ grep /dev/shm /proc/mounts
> tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
> $ grep -srl noexec /etc
> /etc/alternatives/ld
> /etc/fstab ## derived from /proc/mounts
> /etc/mtab ## derived from /proc/mounts
>
> This is a change from Fedora 14, and I cannot find documentation.
> The only 'noexec' that I can find in the source to systemd-15
> is two mentions in units/var-{lock,run}.mount.

the MS_NOEXEC flags is in private systemd fstab, see
systemd/src/mount-setup.c:

static const MountPoint mount_table[] = {
{ "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true },
{ "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "devpts", "/dev/pts", "devpts", NULL, MS_NOSUID|MS_NOEXEC, false },
{ "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
{ "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
};

> As a site administrator, how can I change the default to omit 'noexec'?

mount -o remount,exec ?

Karel

--
Karel Zak <kzak@redhat.com>
http://karelzak.blogspot.com
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-13-2010, 02:47 PM
Garrett Holmstrom
 
Default noexec on /dev/shm

On 12/13/2010 7:37, Karel Zak wrote:
> On Sun, Dec 12, 2010 at 07:49:27PM -0800, John Reiser wrote:
>> How did /dev/shm get noexec in Fedora 15 rawhide?
>> $ grep /dev/shm /proc/mounts
>> tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
>> $ grep -srl noexec /etc
>> /etc/alternatives/ld
>> /etc/fstab ## derived from /proc/mounts
>> /etc/mtab ## derived from /proc/mounts
>>
>> This is a change from Fedora 14, and I cannot find documentation.
>> The only 'noexec' that I can find in the source to systemd-15
>> is two mentions in units/var-{lock,run}.mount.
>
> the MS_NOEXEC flags is in private systemd fstab, see
> systemd/src/mount-setup.c:
>
> static const MountPoint mount_table[] = {
> { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID, true },
> { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "devpts", "/dev/pts", "devpts", NULL, MS_NOSUID|MS_NOEXEC, false },
> { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, true },
> };
>
>> As a site administrator, how can I change the default to omit 'noexec'?
>
> mount -o remount,exec ?

If systemd is going to ignore fstab entries, could we please have the
fstab file on newly-installed systems replace the entries that would be
ignored with commentary that explains which filesystems will be ignored?

That said, this should really be configurable without recompiling the
init system.
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-13-2010, 02:53 PM
David Howells
 
Default noexec on /dev/shm

Karel Zak <kzak@redhat.com> wrote:

> > As a site administrator, how can I change the default to omit 'noexec'?
>
> mount -o remount,exec ?

That's not really changing the default.

David
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-13-2010, 09:57 PM
Dominik 'Rathann' Mierzejewski
 
Default noexec on /dev/shm

Hi,

On Monday, 13 December 2010 at 14:37, Karel Zak wrote:
> On Sun, Dec 12, 2010 at 07:49:27PM -0800, John Reiser wrote:
> > How did /dev/shm get noexec in Fedora 15 rawhide?
> > $ grep /dev/shm /proc/mounts
> > tmpfs /dev/shm tmpfs rw,seclabel,nosuid,nodev,noexec,relatime 0 0
> > $ grep -srl noexec /etc
> > /etc/alternatives/ld
> > /etc/fstab ## derived from /proc/mounts
> > /etc/mtab ## derived from /proc/mounts
> >
> > This is a change from Fedora 14, and I cannot find documentation.
> > The only 'noexec' that I can find in the source to systemd-15
> > is two mentions in units/var-{lock,run}.mount.
>
> the MS_NOEXEC flags is in private systemd fstab, see
> systemd/src/mount-setup.c:

You're not kidding. Could the author of this code (I'm guessing...
Lennart?) please explain this extremely bright idea of hard-coding
what should be admin-configurable?

Regards,
Dominik

--
Fedora http://fedoraproject.org/wiki/User:Rathann
RPMFusion http://rpmfusion.org | MPlayer http://mplayerhq.hu
"Faith manages."
-- Delenn to Lennier in Babylon 5:"Confessions and Lamentations"
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-14-2010, 11:39 AM
Matthew Miller
 
Default noexec on /dev/shm

On Mon, Dec 13, 2010 at 11:57:51PM +0100, Dominik 'Rathann' Mierzejewski wrote:
> > the MS_NOEXEC flags is in private systemd fstab, see
> > systemd/src/mount-setup.c:
> You're not kidding. Could the author of this code (I'm guessing...
> Lennart?) please explain this extremely bright idea of hard-coding
> what should be admin-configurable?

That's not a very constructive wording. Filing a bug showing your use-case
would be helpful.

--
Matthew Miller <mattdm@mattdm.org>
Senior Systems Architect -- Instructional & Research Computing Services
Harvard School of Engineering & Applied Sciences
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-14-2010, 11:53 AM
"Richard W.M. Jones"
 
Default noexec on /dev/shm

On Mon, Dec 13, 2010 at 09:47:49AM -0600, Garrett Holmstrom wrote:
> If systemd is going to ignore fstab entries, could we please have the
> fstab file on newly-installed systems replace the entries that would be
> ignored with commentary that explains which filesystems will be ignored?
>
> That said, this should really be configurable without recompiling the
> init system.

Amen to that.

It's crazy to have these things hard-coded into a C program.

Rich.

--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
virt-df lists disk usage of guests without needing to install any
software inside the virtual machine. Supports Linux and Windows.
http://et.redhat.com/~rjones/virt-df/
--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-14-2010, 11:53 AM
Miloslav Trmač
 
Default noexec on /dev/shm

Matthew Miller p*še v Út 14. 12. 2010 v 07:39 -0500:
> On Mon, Dec 13, 2010 at 11:57:51PM +0100, Dominik 'Rathann' Mierzejewski wrote:
> > > the MS_NOEXEC flags is in private systemd fstab, see
> > > systemd/src/mount-setup.c:
> > You're not kidding. Could the author of this code (I'm guessing...
> > Lennart?) please explain this extremely bright idea of hard-coding
> > what should be admin-configurable?
>
> That's not a very constructive wording. Filing a bug showing your use-case
> would be helpful.
Changing the semantics of /etc/fstab without any consultation with
fedora-devel or even notification of Fedora that something so
long-standing is changing is hardly constructive either.

I can happily live with "systemd is a new, better init system" without
knowing the details. I consider "systemd replaces 15% of /etc and
changes semantics of another 5%" without discussing the details in
advance unacceptable for the distribution as a whole, although this
decision is of course FESCo's.
Mirek

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-14-2010, 11:54 AM
 
Default noexec on /dev/shm

I will be away from 14 December 2010 to 7 January 2011. For Translate.org.za and ANLoc queries, please contact the office: +2712 460 1095 or info AT translate.org.za.


--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 
Old 12-14-2010, 12:24 PM
Tomasz Torcz
 
Default noexec on /dev/shm

On Tue, Dec 14, 2010 at 01:53:37PM +0100, Miloslav Trmač wrote:
> Matthew Miller p*še v Út 14. 12. 2010 v 07:39 -0500:
> > On Mon, Dec 13, 2010 at 11:57:51PM +0100, Dominik 'Rathann' Mierzejewski wrote:
> > > > the MS_NOEXEC flags is in private systemd fstab, see
> > > > systemd/src/mount-setup.c:
> > > You're not kidding. Could the author of this code (I'm guessing...
> > > Lennart?) please explain this extremely bright idea of hard-coding
> > > what should be admin-configurable?
> >
> > That's not a very constructive wording. Filing a bug showing your use-case
> > would be helpful.
> Changing the semantics of /etc/fstab without any consultation with
> fedora-devel or even notification of Fedora that something so
> long-standing is changing is hardly constructive either.
>
> I can happily live with "systemd is a new, better init system" without
> knowing the details. I consider "systemd replaces 15% of /etc and
> changes semantics of another 5%" without discussing the details in
> advance unacceptable for the distribution as a whole, although this
> decision is of course FESCo's.
> Mirek

Let's keep discussion calm and technical.
“Systemd contains native implementations of various tasks that need to
be executed as part of the boot process. For example, it sets the host name
or configures the loopback network device. It also sets up and
mounts various API file systems, such as /sys or /proc.”

We saw it includes /dev, /dev/shm etc. Is there any *reasonable* need
to mount sysfs somewhere else than /sys. Or /dev with mode other than 755?
Those all directories are mounted _identically_ on every Linux distribution
down here. Why pollute fstab with repeated lines on million machines?

I can see that it may look like taking power from admin, but has
anyone ever changed how devpts is mounted? Really? Being able
to change for the sake of ability is not always sane. There are
things which we can change, and some things which shouldn't be touched
by admin. And I'm not proposing dumbing down admin. Back when
I run Slackware I rewrote part of the initscripts to suit me.
But really, admin should worry about important things, better
leave boring (and identical across distros) parts to someone else.

Original problem could be solved by configuring some scratch
tmpfs in /mnt/scratch or somewhere else.

--
Tomasz Torcz "God, root, what's the difference?"
xmpp: zdzichubg@chrome.pl "God is more forgiving."

--
devel mailing list
devel@lists.fedoraproject.org
https://admin.fedoraproject.org/mailman/listinfo/devel
 

Thread Tools




All times are GMT. The time now is 06:00 AM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright 2007 - 2008, www.linux-archive.org