1 |
On Sun, Sep 27, 2015 at 10:38 AM, lee <lee@××××××××.de> wrote: |
2 |
> Hi, |
3 |
> |
4 |
> when updating a guest in an LXC, emerging python pointed out a problem |
5 |
> with a broken /dev/shm. So I found out how to mount /dev/shm in the |
6 |
> container and updated. |
7 |
> |
8 |
> However, I'm wondering how secure that is, and I wonder if I should |
9 |
> leave it mounted or disable the mount. It might be a very bad idea to |
10 |
> leave it mounted, and there's probably good reasons not to have it |
11 |
> mounted by default, yet I don't know if anything in the container might |
12 |
> use or need this mount after updating. |
13 |
|
14 |
There are a few glibc functions that require it: |
15 |
|
16 |
- Shared memory |
17 |
- Semaphores |
18 |
|
19 |
As a developer, I consider your system to be mis-configured if it is |
20 |
not mounted properly, and I would immediately close any related bug |
21 |
reports. I don't see how it could possibly be a security problem. |