Wednesday, 13 January 2016

Re: [ubuntu-cloud] RFC on Cloud Images: Make /tmp a tmpfs

On 14 January 2016 at 12:05, Clint Byrum <[email protected]> wrote:
> Excerpts from Ben Howard's message of 2016-01-13 04:26:13 -0800:
>> All,
>>
>> On the Ubuntu Cloud Images, we have a request to make /tmp a tmpfs. The
>> rationale, from the bug:
>> * Performance - much faster read/write access to data in /tmp
>> * Security - sensitive data would be cleared from memory on boot,
>> rather than written (leaked) to disk -- important for encryption
>> scenarios
>>
>> Since the Ubuntu Cloud Images are used by a wide number of users, I
>> wanted to gather feedback and gather consensus on whether or not we
>> should make this change.
>
> The two arguments in the bug are:
>
> a) It is more secure
> b) It is faster
>
> (a) is only half-correct. _IF_ the system has 0 swap configured, then
> tmpfs will never be on disk. But if there is swap, then it will very
> likely end up on disk. The answer to this is LUKS, not tmpfs.

To add more confusion, this is for VMs and container workloads. The
host machines may suspend VM's or swap container contents out at any
time without regard to the configuration of the container/VM contents
itself.
..
> So, the current paradigm is actually the more conservative, more
> generally acceptable approach. Making /tmp a tmpfs is an optimization
> _for some use cases_, which I think should be fine, but doesn't seem
> worth taking a risk with all cloud image use cases.

There is a view that apps that need stuff in memory should just, well,
use memory. So yeah - lets make this configurable, but not default i.

-Rob

--
Robert Collins <[email protected]>
Distinguished Technologist
HP Converged Cloud

--
ubuntu-devel mailing list
[email protected]
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel