tmpfs for session-only data

Taco Witte tcwitte at cs.uu.nl
Thu Jun 16 04:18:42 CDT 2005 

Op wo, 15-06-2005 te 10:45 -0700, schreef Matt Zimmerman:
> On Wed, Jun 15, 2005 at 03:54:43PM +0200, Taco Witte wrote:
> 
> > In a random rush to secure my computer some time ago, I've experimented
> > with using tmpfs for directories that contain data that doesn't have to
> > be persistent over boots (more specifically: /var/run and /tmp). I think
> > the case for /var/run is especially interesting.
> > 
> > The Filesystem Hierarchy Standard specifies that /var/run is meant for
> > session-specific information such as PIDs of daemons and DHCP leases. On
> > boot, all files in the directory should be deleted, because information
> > from previous sessions could only conflict with the current session.
> > (Directories in /var/run are _not_ deleted.) If a tmpfs would be used,
> > this deletion wouldn't be necessary and it would be guaranteed that
> > information from previous sessions wouldn't conflict with the current
> > session -- things like file ownership problems wouldn't be possible for
> > example.
> 
> DHCP leases are meant to be persistent across boots; there's a bug open
> about this in the Debian BTS (ifupdown).

You're right about that (maybe I didn't think about it because I get
myself a new MAC address every time I reboot ;-) ) -- but it's not a
difference between that status quo and a situation with tmpfs.

> Also, the fact that directories are not removed is significant; several
> packages rely on their /var/run directories being persistent (and I
> believe FHS supports this).

That's the big difference; I think it's worth it and it makes sense to
force session-specific data to be session-only. But I think it's rather
easy to adapt packages to the new situation (it's easy to see that a
package breaks and fixing is a matter of one added check in an
initscript). A lot of initscripts already have this check (see ssh for
example). I don't see problems in practice.

> /tmp is much more interesting; I use tmpfs for /tmp practically everywhere.

I personally do that as well and it works well.

Kind regards,
Taco

More information about the ubuntu-devel mailing list