-
-
Notifications
You must be signed in to change notification settings - Fork 708
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Grain backup fails if /var contains irregular files (sockets, pipes) #100
Comments
This is caused by the dovecot process leaving socket files under /var, and the I'd rather fix this on Sandstorm's end, but I will also try and see if I can change dovecot to put these under /tmp. |
@jparyani putting them in /tmp leaves huge vectors for security exploitation of Dovecot and/or leaked information from what feeds into Dovecot's socket. |
@CameronNemo - How so? Under Sandstorm, every app sees a unique |
From attacks from within the app container. Unless there is only one process, or if they are all running under the same user. I am guessing it falls under the latter definition, so there is no actual risk? |
Each container contains a single app instance owned by a single user. Our security model is based on every user having their own private instance of each app. So, I don't think there's a security issue here. |
FWIW, /run seems to be the new consensus place for things like this. |
Backup failed: Error: Zip process failed. [500]
The text was updated successfully, but these errors were encountered: