On Fri, 12 Jun 2009 21:52:20 -0400 Joshua Murphy <poiso...@gmail.com> wrote:
> On Fri, Jun 12, 2009 at 5:52 PM, Maxim Wexler<maxim.wex...@gmail.com> wrote:
> > On 6/12/09, Mike Kazantsev <mk.frag...@gmail.com> wrote:
> >> On Fri, 12 Jun 2009 13:45:04 -0600
> >> Maxim Wexler <maxim.wex...@gmail.com> wrote:
> >>
> >>> #shm /dev/shm tmpfs nodev,nosuid,noexec 0 0
> >>
> >> I wonder, what's the rationale behind commenting out shm?
> >
> > Good question. I was given to understand the new line was intended to
> > replaced the default, which I commented out. Perhaps that's a mistake.
> > That's how I configured the previous iteration of genteee before it
> > went south; maybe the new line had something to do with it. Should I
> > use both?
>
> Hmm.
> 1) a tmpfs space is, by default, mounted on /dev/shm to meet some
> standard somewhere (can't recall, FHS I think). The important thing to
> note is that the name 'shm' is basically an unused placeholder (tmpfs
> doesn't operate on an actual block device like /dev/hda1), and that
> /dev/shm is the mount *point*. It should be there, and uncommented.
>
...
>
> 3) Vaguely related to your mention of it 'taking its place' about the
> /dev/shm and /tmp tmpfs mounts, the only time I've seen that mentioned
> was in a conversation somewhere about 'why not just use a --bind mount
> of /dev/shm onto /tmp to put it in tmpfs' ... which was answered with
> the simple fact that, by default everywhere I've seen it, /dev/shm is
> mounted noexec, while it's not altogether uncommon for things to be
> decompressed into /tmp before execution (which would fail if /tmp were
> mounted noexec).
Indeed it should be there, it's as a shared memory for inter-process
communication (IPC). Many stuff uses shared memory, notably gcc and
multi-process daemons like apache, so you should give it to them.
And, as noted, tmpfs is not real device or even some single virtual
device. By "mount -t tmpfs none /tmp" you mount some piece of virtual
memory to a place but it's never the same piece, so you can have two,
ten or hundred tmpfs mounts completely independent of each other.
mkdir /mnt/{tmp1,tmp2}
mount -t tmpfs none /mnt/tmp1
mount -t tmpfs none /mnt/tmp2
touch /mnt/tmp1/some_file
ls -la /mnt/tmp1 (shows "some_file"
ls -la /mnt/tmp2 (empty)
So you don't have to bind everything into one tmpfs, just create as
many as you want, but, once again, especially if you chose not to have
swap, limit their size so they won't eat all your RAM!
Imagine scenario like this (or do "sync" and run it, but it should hang
your machine!):
mount -t tmpfs none /mnt/tmp1
dd if=/dev/zero of=/mnt/tmp1/some_file bs=1024 count=1000000000
Your VM should go away and kernel 'll go on a killing spree, wiping
out all the runnuing processes, but, since tmpfs itself is not a
process, it'll just kill everything until panic or nothing's left at
all.
"-o size=512M" will just give you "No free space on disk" instead of
nasty crash. /tmp is world-writable, anything can choose to ditch a gig
or two into it for whatever reasons...
--
Mike Kazantsev // fraggod.net
signature.asc
Description: PGP signature
