Requirements for implementation of $XDG_RUNTIME_DIR on the desktop

Etherpad notes from UDS:

http://lists.linuxfoundation.org/pipermail/fhs-discuss/2011-May/000248.html

/run/lock should be root-dialout, not world-writable; users don't need to be in the dialout group by default, even admin users; so remove the /run quota problem from the existing usage

- Solution also works for braille devices as runs as system service.

Still need to solve the /run/user problem. Do we want a single filesystem? How much memory? Each user directory perms 0700.

Best compromise seems to be single /run/user/ tmpfs mount with ~ 100 MB (possibly scaling up according to available memory size): avoids the overhead of a lot of extra tmpfs mounts, but provides enough quota-like limitations to avoid DoSing the system

dconf needs XDG_RUNTIME_DIR because you can't mmap() over NFS/ecryptfs (reliably)

$XDG_RUNTIME_DIR needs to be created in PAM, not in ConsoleKit: not all services use CK, e. g. cron jobs

Start with nodev, nosuid, noexec, and possibly drop noexec if the requirement pops up; starting with noexec is a better/safe default because it avoids circumenting a possible "noexec" policy on $HOME in business environments

ACTIONS:
* Implement this as a PAM session module with Upstart smarts, that creates the directory on login, reference counts, and deletes it on removal of all sessions; and exports the env var to the session

[2012-09-28] pam module pam_xdg_support has been implemented, handling the XDG_RUNTIME_DIR requirements. It does not yet integrate with upstart; that will be done next cycle as part of the user job support blueprint. So considering this blueprint completed.

Work items:
[vorlon] implement a PAM session module with upstart smarts, that creates the XDG_RUNTIME_DIR on login, reference counts, and deletes it on removal of all sessions; and exports the env var to the session: DONE