[Bug 1789] On linux use abstract socket for X11 connections if possible
bugzilla-daemon at bugzilla.mindrot.org
bugzilla-daemon at bugzilla.mindrot.org
Fri Jul 2 17:29:52 EST 2010
https://bugzilla.mindrot.org/show_bug.cgi?id=1789
--- Comment #8 from jchadima at redhat.com ---
(In reply to comment #7)
> Isn't the solution for SELinux rules breaking /tmp to fix the SELinux
> rules?
The namespaces create separate /tmp directories for each logged user.
(and one for system also). There is no possibily to make system sockets
under /tmp
Abstract sockets look like a complete trainwreck waiting to
> happen: a brand new, completely unstructured but shared namespace, with
> zero intrinsic security protections (not even filesystem permissions)
> where every consumer application must implement security controls
> correctly, rather than letting the kernel do it.
>
> At the very least, I think we will wait a while before rushing to add
> support for this to OpenSSH.
Have you any other idea how safely solve this need?
--
Configure bugmail: https://bugzilla.mindrot.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are watching the assignee of the bug.
You are watching someone on the CC list of the bug.
More information about the openssh-bugs
mailing list