Hi: Pretty much every week, security bugs pop up about race conditions in handling temporary files in software, this places a burden on maintenance which currently has a solution when using systemd, the PrivateTmp setting, that when set to true the daemon will be started with a private /tmp namespace, which is inaccessible to other processes outside the namespace. Pretty much every single package with the exception of X and a few others can benefit from this. Advantages: - Every single daemon has its own tmp space, safely handled by the kernel, other processes can no longer sniff there - If the process in question crashes or goes away in any form, the namespace is cleaned up automatically. -Disadvantages: - There may still be some bugs. - The quirks mentioned here http://www.linux-archive.org/development-discussions-related-fedora-devel-li... https://fedoraproject.org/wiki/Features/ServicesPrivateTmp proposal is to ask the security team to evaluate this feature and switch the default in systemd. -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org