| 1 |
On Sun, Sep 27, 2015 at 10:38 AM, lee <lee@××××××××.de> wrote: |
| 2 |
> Hi, |
| 3 |
> |
| 4 |
> when updating a guest in an LXC, emerging python pointed out a problem |
| 5 |
> with a broken /dev/shm. So I found out how to mount /dev/shm in the |
| 6 |
> container and updated. |
| 7 |
> |
| 8 |
> However, I'm wondering how secure that is, and I wonder if I should |
| 9 |
> leave it mounted or disable the mount. It might be a very bad idea to |
| 10 |
> leave it mounted, and there's probably good reasons not to have it |
| 11 |
> mounted by default, yet I don't know if anything in the container might |
| 12 |
> use or need this mount after updating. |
| 13 |
|
| 14 |
There are a few glibc functions that require it: |
| 15 |
|
| 16 |
- Shared memory |
| 17 |
- Semaphores |
| 18 |
|
| 19 |
As a developer, I consider your system to be mis-configured if it is |
| 20 |
not mounted properly, and I would immediately close any related bug |
| 21 |
reports. I don't see how it could possibly be a security problem. |
Archives