[arch-general] [PATCHES] About /var/run/ and /var/lock/ checks in daemons

Gerardo Exequiel Pozzi vmlinuz386 at yahoo.com.ar
Thu Feb 12 19:15:09 EST 2009

RedShift wrote:
> Gerardo Exequiel Pozzi wrote:
>> Hi people!
>> I interested to make Arch Linux suitable for use with a /var/run and
>> /var/lock that are mounted as tmpfs. But this also helps, in the case
>> that not mounted as tmpfs, to make more simple "purge function" for
>> these directories at rc.sysinit step.
>> In my case this is "just for fun!", but other users can be benefited by
>> this, for example "netbook users".
>> OK, i initially created rc-script patches for the packages in the extra
>> repo that use /var/run/program-name-directory and fails if not exists.
>> (these list was obtained with """ for x in $(find
>> /usr/share/pkgtools/lists -type f); do egrep -l "var/run/.+" $x;done """
>> @@NOTE@@: I will send the patches to the FL individualy per package now,
>> reference to this email in FL, and then copy the links to response in
>> this email. ;)
>> Please review it, thanks in advance. :)
> What exactly are the advantages of running /var/run and /var/lock on
> tmpfs?
> Glenn
Well, frankly, from my point of view, since the system directories
/var/run, /var/lock and /tmp should be empty (in that order of
priority). Have it as tmpfs, simplifies the way these are purged on
startup (rc.sysinit), in a way that removes the need to run "find, rm"
on them.

Particularly in /tmp, where the removal of these files, can be
dangerous. But today, the command "rm" progress, not left behind quite a
number of vulnerabilities.
For example: rm -rf /tmp/.* (that is used in rc.sysinit) in the old days
it was dangerous, as it descended recursively deleting the parent
directory. Today rm refused to use the forms "rm- r ." and "rm -r ..'
and similars and ignore these special directories.
This also are applied to the /var/lock that have 1777 perms like /tmp.

At least, this is the use that I give. Other people may give it another

My two cents ;)

(sorry my bad english)

Gerardo Exequiel Pozzi ( djgera )
KeyID: 0x1B8C330D
Key fingerprint = 0CAA D5D4 CD85 4434 A219  76ED 39AB 221B 1B8C 330D

More information about the arch-general mailing list