B1;3802;0cOn Sun, 15.02.15 16:31, Павел Самсонов (pvsamsono...@gmail.com) wrote:
> Good day, I see a new Debian jessie, and I mean, that /var/run/<pid> > filesystems must be mounted with noexec options, so thay have user write > access. On some installations this very important. Were I may configure > this, or may be You change your default mount options? > Sorry my English, best regards, Pavel, Russia. I cannot parse this. Do you mean /run/user/<uid>? /var/run/<pid> is not a separate mount, /run is, and that is not user writable. The /run/user/<uid> directory is mounted to implement XDG_RUNTIME_DIR. We guarantee certain functionality on it, including the ability to have executable files there, and that's specified in the XDG_RUNTIME_DIR spec. Hence, the only way to change it is by patching logind, and we will not add a configuration option for this, since it would mean XDG_RUNTIME_DIR would not provide what it's supposed to provide anymore. Note though that /run/user/<uid> is mounted as per-user tmpfs instance, with nosuid and nodev, and a size limit applied. It should hence be a pretty safe thing. Also note that "noexec" doesn't really do what people think it does. Lennart -- Lennart Poettering, Red Hat _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org http://lists.freedesktop.org/mailman/listinfo/systemd-devel
