Bug 781440 - Propose that you turn on PrivateTmp=true in service file for httpd.
Summary: Propose that you turn on PrivateTmp=true in service file for httpd.
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: Fedora
Classification: Fedora
Component: httpd
Version: 19
Hardware: Unspecified
OS: Unspecified
unspecified
unspecified
Target Milestone: ---
Assignee: Jan Kaluža
QA Contact: Fedora Extras Quality Assurance
URL:
Whiteboard:
Depends On:
Blocks: PrivateTmp
TreeView+ depends on / blocked
 
Reported: 2012-01-13 12:33 UTC by Daniel Walsh
Modified: 2014-08-29 15:17 UTC (History)
6 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Environment:
Last Closed: 2014-08-29 15:17:29 UTC
Type: ---
Embargoed:

Attachments (Terms of Use)

Description Daniel Walsh 2012-01-13 12:33:17 UTC 
http://fedoraproject.org/wiki/Features/ServicesPrivateTmp
Comment 1 Joe Orton 2012-01-17 13:38:13 UTC 
That's a URL, not a bug report!  The feature page talks about a choice between changing the systemd default or changing all the service files, but it does not mention what decision has been made.   Nor does it document specifically what I should to the .service files, which would have saved a few minutes of my time.

I am presuming "PrivateTmp=true" in the [service] section is correct, and that the systemd default is not to be changed.

-> in httpd-2.2.21-6.fc17
Comment 2 Daniel Walsh 2012-01-17 14:55:23 UTC 
Sorry, Joe. I don't think we are ready to turn it on by default, since it just started working well.  I think if we get a few of the more dangerous apps to run ok with this change, then we can maybe think about changing the default in F18.
Comment 3 Anssi Hannula 2012-03-16 22:53:14 UTC 
For the record, this seems to break rutorrent (PHP UI for rtorrent, http://code.google.com/p/rutorrent/ ), as it tries to communicate with another process using /tmp (it requests rtorrent to run some shell commands via xmlrpc that write to /tmp and then it tries to read them back in PHP code).

That is trivially workaroundable (if the user figures out what is wrong, that is) by modifying the code to use some other directory instead, though.

Anyway, I can't say whether the benefit of PrivateTmp outweighs some web applications breaking, this is just to note that there is at least one such webapp which is affected.
Comment 4 Daniel Walsh 2012-03-17 10:46:47 UTC 
Is it communicating with a user process?  What other process is it attempting to communicate with.  Can we open a bug with rutorrent to use /var/run for its communications by default.
Comment 5 Anssi Hannula 2012-03-18 19:18:32 UTC 
Yes, with a quick look it seems to use the rTorrent XMLRPC command 'execute' to e.g. run some shell commands that write to '/tmp' that the PHP code then reads. And the rTorrent process is generally running as a normal user.

A quick grep for /tmp in the rutorrent-3.4.tar.gz and plugins-3.4.tar.gz shows it is in some way used in 18 files, and without looking closely it seems many of those are similar cases (i.e. XMLRPC-calling rTorrent to write to some tmp file and then read it back in PHP, possibly in the other direction as well).

I guess a bug could be opened (they have a bugtracker at http://code.google.com/p/rutorrent/issues/list ).

Looks to me like the cases could be fixed to just use the rTorrent XMLRPC interface to return the data instead of using the '/tmp' hack, rTorrent seems to have e.g. 'execute.capture' command for this purpose...
Comment 6 Logan Klenner 2012-03-23 06:17:18 UTC 
^^ This.  It took me 2 days to try and understand why Apache wouldn't read files in /tmp.
Comment 7 Joe Orton 2012-07-24 13:19:55 UTC 
Dan, I noticed that with PrivateTmp enabled, a running httpd process does not pick up new mounts - it's a separate fs namespace or something?  This is surprising behaviour, is it a bug or a feature?
Comment 8 Daniel Walsh 2012-07-24 15:20:49 UTC 
I would say this is a bug.  We should setup the PrivateTmp to see parent changes except for /tmp directories.
Comment 9 Daniel Walsh 2012-07-24 15:24:06 UTC 
I think this is why we used to have the sandbox init script, that does

  mount --make-rshared / 

Try executing this command before starting apache and see if changes to / get reflected within the apache namespace.
Comment 10 Joe Orton 2012-07-24 15:27:28 UTC 
# mount --make-rshared / 

yup, that works.  Are you going to file a bug against the appropriate component, or should I?  (systemd?)
Comment 11 Daniel Walsh 2012-07-24 15:31:05 UTC 
I think we have to bring this up with systemd.  We had a long talks about this a couple of years ago, and we wanted to get these calls into the fstab.  But the mount/kernel guys disagreed. I guess we should talk to Lennart if it is best that he calls it before he starts the first PrivTmp.

I got a lot of complaints when I just had the service.

Maybe we have a service that is triggered sharedroot.service that executes this command once.
Comment 12 Daniel Walsh 2012-07-24 15:32:57 UTC 
https://bugzilla.redhat.com/show_bug.cgi?id=712089
Comment 13 Fedora End Of Life 2013-04-03 20:26:19 UTC 
This bug appears to have been reported against 'rawhide' during the Fedora 19 development cycle.
Changing version to '19'.

(As we did not run this process for some time, it could affect also pre-Fedora 19 development
cycle bugs. We are very sorry. It will help us with cleanup during Fedora 19 End Of Life. Thank you.)

More information and reason for this action is here:
https://fedoraproject.org/wiki/BugZappers/HouseKeeping/Fedora19
Comment 14 Fedora Admin XMLRPC Client 2014-06-30 09:53:35 UTC 
This package has changed ownership in the Fedora Package Database.  Reassigning to the new owner of this component.
Note You need to log in before you can comment on or make changes to this bug.