RFC on Cloud Images: Make /tmp a tmpfs

Martin Pitt martin.pitt at ubuntu.com
Wed Jan 13 22:00:16 UTC 2016


Ben Howard [2016-01-13 14:26 +0200]:
> On the Ubuntu Cloud Images, we have a request to make /tmp a tmpfs. The
> rationale, from the bug:
>  * Performance - much faster read/write access to data in /tmp
>  * Security - sensitive data would be cleared from memory on boot,
>    rather than written (leaked) to disk -- important for encryption
>    scenarios
> 
> Since the Ubuntu Cloud Images are used by a wide number of users, I
> wanted to gather feedback and gather consensus on whether or not we
> should make this change.

I really wish we would do this in general for new installs, at least
as the first thing after releasing 16.04 LTS. I also do this on my
boxes, not only for the reasons above [1], but also because it is much
more power efficient -- as I literally work in /tmp a lot of my time
the disk doesn't need to spin up often.

The main reason AFAIK why we didn't yet do that was the concern that
there is some broken software out there which potentially dumps really
large files into /tmp (yes firefox, I'm looking at YOU!). These would
need to be fixed to go to /var/tmp. This is a chicken-and-egg problem,
though: We won't find out what's broken until we actually enable it on
real-life installations. This problem applies to cloud image use cases
just as much as desktop or "classic" servers.

My gut feeling is that we should do it if there is ≥ 4 GB RAM, so that
/tmp as at least 2 GB of space (That should be a rather simple
installer/cloud-init decision?). We don't want to do this on small
embedded devices with 512 MB of RAM or so, but there is absolutely no
reason to not do it on beefy servers or laptops.

In a perfect world we'd have some clever tmpfs file system which would
use RAM as available and start overflowing onto a disk partition
(which could be LUKS with a random key) when necessary.. But even
without that, I've hardly ever run into ENOSPC on my /tmp in many
years.

Thanks,

Martin

[1] all my schroot, qemu, and container overlays go into /tmp on a
tmpfs, which makes builds, tests, or test installs reeeeally fast

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20160113/c34fa7a3/attachment.pgp>


More information about the ubuntu-devel mailing list