From: Michael Biebl Date: Thu, 4 Sep 2014 23:15:16 +0000 (+0200) Subject: Make /run/lock tmpfs an API fs X-Git-Tag: archive/raspbian/252.33-1_deb12u1+rpi1^2~17 X-Git-Url: https://dgit.raspbian.org/?a=commitdiff_plain;h=35650596df2d3874b8171b5b2568e44419ce393c;p=systemd.git Make /run/lock tmpfs an API fs The /run/lock directory is world-writable in Debian due to historic reasons. To avoid user processes filling up /run, we mount a separate tmpfs for /run/lock. As this directory needs to be available during early boot, we make it an API fs. Drop it from tmpfiles.d/legacy.conf to not clobber the permissions. Closes: #751392 Gbp-Pq: Topic debian Gbp-Pq: Name Make-run-lock-tmpfs-an-API-fs.patch --- diff --git a/src/shared/mount-setup.c b/src/shared/mount-setup.c index 6882b62c..c54e6325 100644 --- a/src/shared/mount-setup.c +++ b/src/shared/mount-setup.c @@ -86,6 +86,8 @@ static const MountPoint mount_table[] = { #endif { "tmpfs", "/run", "tmpfs", "mode=755" TMPFS_LIMITS_RUN, MS_NOSUID|MS_NODEV|MS_STRICTATIME, NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "tmpfs", "/run/lock", "tmpfs", "mode=1777,size=5242880", MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate,memory_recursiveprot", MS_NOSUID|MS_NOEXEC|MS_NODEV, cg_is_unified_wanted, MNT_IN_CONTAINER|MNT_CHECK_WRITABLE }, { "cgroup2", "/sys/fs/cgroup", "cgroup2", "nsdelegate", MS_NOSUID|MS_NOEXEC|MS_NODEV, diff --git a/tmpfiles.d/legacy.conf.in b/tmpfiles.d/legacy.conf.in index 4f2c0d7c..fb1d6bf6 100644 --- a/tmpfiles.d/legacy.conf.in +++ b/tmpfiles.d/legacy.conf.in @@ -10,7 +10,6 @@ # These files are considered legacy and are unnecessary on legacy-free # systems. -d /run/lock 0755 root root - L /var/lock - - - - ../run/lock {% if CREATE_LOG_DIRS %} L /var/log/README - - - - ../..{{DOC_DIR}}/README.logs