Bug 782539

Summary: Propose that you turn on PrivateTmp=true in service file for varnishd
Product: [Fedora] Fedora Reporter: Daniel Walsh <dwalsh>
Component: varnishAssignee: Ingvar Hagelund <ingvar>
Status: CLOSED ERRATA QA Contact: Fedora Extras Quality Assurance <extras-qa>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: rawhideCC: ingvar
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: varnish-3.0.2-2.fc17 Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2012-03-18 00:48:19 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Bug Depends On:    
Bug Blocks: 782466    

Description Daniel Walsh 2012-01-17 16:03:26 UTC 
I would like to propose using PrivateTmp for varnishd systemd unit file
This should make the use of /tmp directory more secure
and avoid users from being able to potentially effect it.

http://fedoraproject.org/wiki/Features/ServicesPrivateTmp
Comment 1 Daniel Walsh 2012-02-06 20:45:59 UTC 
Any change on this bug.  We are coming up to Feature Freeze, and would like some comment on this bug.

If you do not believe this application uses /tmp than please comment on this and close the bug.  

If you believe this application needs to use /tmp to communicate with other applications or users then you can close this bug with that comment.

If your app does not use systemd, then close this bug with that comment.

If you have no idea, then please add a comment, and change the bug to assigned.

I need to update the status on this feature.


Thanks for your help.
Comment 2 Ingvar Hagelund 2012-03-12 09:51:45 UTC 
In its fedora package, varnish should not use /tmp, but it may be configured to do so. It does not need to share any data with its surroundings, so a private /tmp should be safe. I'll look into this.

Ingvar
Comment 3 Ingvar Hagelund 2012-03-12 11:48:57 UTC 
Just adding PrivateTmp=true works with no changes to the config. If I change the config to use /tmp instead of /var/lib/varnish, a new private tmp catalog is created in /tmp/systemd-namespace-[some_uniq_tmpdir] every time varnish is restarted. This seems by design, but I need some way to clear up. varnish may reserve several GB to its file backing store, so after a few restarts, a lot of space on /tmp may be filled up.
Comment 4 Ingvar Hagelund 2012-03-12 12:18:26 UTC 
With a bit afterthought: If the user changes this kind of config, he probably knows very well what he is doing and why, so keeping the default to /var/lib/varnish, and adding PrivateTmp=true should be safe.

The only other file stored in /tmp is an anonymous file handle used some time during startup. It is automatically cleared away and works without problems with PrivateTmp=true.
Comment 5 Fedora Update System 2012-03-13 07:18:30 UTC 
varnish-3.0.2-2.fc17 has been submitted as an update for Fedora 17.
https://admin.fedoraproject.org/updates/varnish-3.0.2-2.fc17
Comment 6 Fedora Update System 2012-03-13 17:10:06 UTC 
Package varnish-3.0.2-2.fc17:
* should fix your issue,
* was pushed to the Fedora 17 testing repository,
* should be available at your local mirror within two days.
Update it with:
# su -c 'yum update --enablerepo=updates-testing varnish-3.0.2-2.fc17'
as soon as you are able to.
Please go to the following url:
https://admin.fedoraproject.org/updates/FEDORA-2012-3672/varnish-3.0.2-2.fc17
then log in and leave karma (feedback).
Comment 7 Fedora Update System 2012-03-18 00:48:19 UTC 
varnish-3.0.2-2.fc17 has been pushed to the Fedora 17 stable repository.  If problems still persist, please make note of it in this bug report.