readonly workdir prevent binder to start

Description

During its start, when a binder implements the HTTP server, it checks that the upload directory is accessible and writable and refuse to start if it is not the case.

When trying to use systemd's DynamicUser for platform services, it has the effect to forbid service to run.

Environment

None

Activity

Walt Miner

June 25, 2019 at 3:54 PM

Close for HH RC1

Stephane Desneux

May 28, 2019 at 2:44 PM

works for me

jose bollo

May 28, 2019 at 2:10 PM

I propose to accept that patch that fallback to /tmp for the following reason:

it is protected by smack and DAC (umask = 0077)
/tmp can be mounted by application by systemd using PrivateTmp=true
this is a fallback
this is traditionnal (see function tmpfile of glibc)

Stephane Desneux

May 24, 2019 at 4:55 PM

Question: do we have to create a subfolder per app in /tmp or not ?

This boils down to : do a file created by App1 in /tmp is readable/writable/visible by App2 ? This depends obviously on the set of smack rules which are set per application.

And the same would apply for multiple users running the same app BTW.

A stupid solution would be to create a tempdir per user and per app: something like /run/user/<uid>/tmp/<appname>/ but what about cleanup?

Resize work item view side panel

Fixed

Details

Assignee

jose bollo

Reporter

jose bollo

Priority

Major

Created May 23, 2019 at 8:27 AM

Updated September 19, 2019 at 12:06 PM

Resolved June 20, 2019 at 8:47 AM

readonly workdir prevent binder to start

Description

Environment

Activity

Details

Assignee

Reporter

Fix versions

Labels

Contract ID

Components

Priority