tmpfs for session-only data

[Taco Witte]

Hi all,

In a random rush to secure my computer some time ago, I've experimented
with using tmpfs for directories that contain data that doesn't have to
be persistent over boots (more specifically: /var/run and /tmp). I think
the case for /var/run is especially interesting.

The Filesystem Hierarchy Standard specifies that /var/run is meant for
session-specific information such as PIDs of daemons and DHCP leases. On
boot, all files in the directory should be deleted, because information
from previous sessions could only conflict with the current session.
(Directories in /var/run are _not_ deleted.) If a tmpfs would be used,
this deletion wouldn't be necessary and it would be guaranteed that
information from previous sessions wouldn't conflict with the current
session -- things like file ownership problems wouldn't be possible for
example.

Based on this, I think it's interesting to consider using tmpfs
for /var/run by default. What would be necessary in other to make this
happen? Initscripts would need to check whether 'their' directory
in /var/run exists (if they have one) and make it if it doesn't; and the
cleanup code in /etc/init.d/bootclean.sh could be simplified. (BTW most
initscripts wouldn't need a single change because they already check
their directory in /var/run)

How do you think about this idea?

Kind regards,
Taco