[arch-general] [PATCHES] About /var/run/ and /var/lock/ checks in daemons
Gerardo Exequiel Pozzi
vmlinuz386 at yahoo.com.ar
Thu Feb 12 19:15:09 EST 2009
RedShift wrote:
> Gerardo Exequiel Pozzi wrote:
>> Hi people!
>>
>> I interested to make Arch Linux suitable for use with a /var/run and
>> /var/lock that are mounted as tmpfs. But this also helps, in the case
>> that not mounted as tmpfs, to make more simple "purge function" for
>> these directories at rc.sysinit step.
>>
>> In my case this is "just for fun!", but other users can be benefited by
>> this, for example "netbook users".
>>
>> OK, i initially created rc-script patches for the packages in the extra
>> repo that use /var/run/program-name-directory and fails if not exists.
>> (these list was obtained with """ for x in $(find
>> /usr/share/pkgtools/lists -type f); do egrep -l "var/run/.+" $x;done """
>>
>> @@NOTE@@: I will send the patches to the FL individualy per package now,
>> reference to this email in FL, and then copy the links to response in
>> this email. ;)
>>
>> Please review it, thanks in advance. :)
>>
>
> What exactly are the advantages of running /var/run and /var/lock on
> tmpfs?
>
> Glenn
>
Well, frankly, from my point of view, since the system directories
/var/run, /var/lock and /tmp should be empty (in that order of
priority). Have it as tmpfs, simplifies the way these are purged on
startup (rc.sysinit), in a way that removes the need to run "find, rm"
on them.
Particularly in /tmp, where the removal of these files, can be
dangerous. But today, the command "rm" progress, not left behind quite a
number of vulnerabilities.
For example: rm -rf /tmp/.* (that is used in rc.sysinit) in the old days
it was dangerous, as it descended recursively deleting the parent
directory. Today rm refused to use the forms "rm- r ." and "rm -r ..'
and similars and ignore these special directories.
This also are applied to the /var/lock that have 1777 perms like /tmp.
At least, this is the use that I give. Other people may give it another
utility.
My two cents ;)
(sorry my bad english)
--
Gerardo Exequiel Pozzi ( djgera )
http://www.djgera.com.ar
KeyID: 0x1B8C330D
Key fingerprint = 0CAA D5D4 CD85 4434 A219 76ED 39AB 221B 1B8C 330D
More information about the arch-general
mailing list