From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 24 Jan 2025 11:52:27 +0000 (+0100)
Subject: Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)
X-Git-Tag: v258-rc1~1499
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=d6b008b01ee07180dab067597736622616b8e97f;p=thirdparty%2Fsystemd.git

Enforce per-user quota on /tmp/ and /dev/shm/ as user logs in (#36010)

There's finally quota on tmpfs, hence let's use it to make it harder for
users to DoS the system by consuming all disk space in /tmp/ and
/dev/shm/.

This enforces a default limit of 80% quota of the backing fs for these
two dirs for users, but this can be overriden in the user record, if
desired.

This also adds two other interesting features:

1. mount units gain GracefulOptions= which takes optional mount options
that are added only if supported by the kernel. (this is used to enable
usrquota on /tmp/, if available.)
2. The PAM logic in service management now supports reading passwords
from service credentials and via the askpw logic. This used for make
testing easy (so that we can run0 into a homed user which strictly
requires a password).
---

d6b008b01ee07180dab067597736622616b8e97f