Bug#779902: /tmp can be mounted as tmpfs against user's will

Michael Biebl biebl at debian.org
Fri Mar 6 15:04:52 GMT 2015 

Am 06.03.2015 um 10:10 schrieb Martin Pitt:
> Control: found -1 215-12
> Control: tag -1 confirmed
> 
> Ça va Didier,
> 
> Didier Roche [2015-03-06  9:36 +0100]:
>> In debian, tmp.mount is disabled through a distro-patch by default. It means
>> we don't want user's system to get /tmp on tmpfs without explicit enablement
>> (either by enabling tmp.mount unit or via fstab).
>>
>> We noticed that starting an unit using "PrivateTmp=yes" will pull tmp.mount
>> (which mounts /tmp on tmpfs) in its requirements chain (even if this unit is
>> condition fail).
> 
> Confirmed. "systemctl start colord" or "systemd-timesyncd" will start
> tmp.mount and thus overmount the existing /tmp in the running system.
> I reproduced that in a clean sid VM (with LXDE, but I suppose that
> doesn't matter much).

The odd thing though is, that PrivateTmp=yes does not trigger the start
of tmp.mount during boot at least on all the test systems I have.

Do we know, why that is? A Required=tmp.mount should always start the
referenced unit, but it seemingly doesn't.

>> We need to find a way to ensure that tmp.mount is never accidentally
>> trigger, while still enabling the user using fstab to enable /tmp as tmpfs.
>> Enabling the unit to get the same effect would be a nice addition.
> 
> I dislike masking it, as that will most probalby lead to problems with
> units which have a Requires=tmp.mount (directly or indirectly), these
> would block on a masked unit.
> 
> I think the best way forward is to either not ship the unit at all and
> document in README.Debian to add /tmp as tmpfs in fstab [1], or ship
> it in /usr/share/doc/systemd/ as an example, and document how to
> enable it from there.
> 
> Michael, WDYT?

This would also mean, to revert the existing work to migrate the
RAMTMP=yes setting and clean up existing symlinks.
Not really a fan of that, tbh.

I think, PrivateTmp=yes pulling in tmp.mount is a bug and I would simply
revert b46a529c [1] or replace unit_require_mounts_for with  a After
dependency [2] only.

Michael


[1] http://cgit.freedesktop.org/systemd/systemd/commit/?id=b46a529c
[2] http://cgit.freedesktop.org/systemd/systemd/tree/src/core/mount.c#n265



-- 
Why is it that all of the instruments seeking intelligent life in the
universe are pointed away from Earth?

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.alioth.debian.org/pipermail/pkg-systemd-maintainers/attachments/20150306/d84a0f5b/attachment.sig>

More information about the Pkg-systemd-maintainers mailing list