[debian-mysql] Bug#1023778: TMPDIR behaviour in maintainer scripts [was: Re: Bug#1023778: mysql-server-8.0: fails to restart on upgrade with libpam-tmpdir]

[Tollef Fog Heen]

]] Sunil Mohan Adapa 

> During today's FreedomBox meet, we have discussed that systemd'd
> PrivateTmp= is a better solution than libpam-tmpdir for FreedomBox at 
> least as systemd makes a cleaner mount isolation between processes
> instead of managing directories and permissions.
> 
> For this reason, we believe that we can stop using libpam-tmpdir if
> most of the daemons on the system use PrivateTmp=yes. For a while now, 
> FreedomBox has been forcefully adding systemd security features to
> daemons that don't enable them. Without upstream blessing, we can only 
> do this for smaller applications than something like MariaDB/MySQL due
> the testing effort needed.

They solve completely different problems, though.  One handles PAM
sessions, the other handles services.

-- 
Tollef Fog Heen
UNIX is user friendly, it's just picky about who its friends are