Am 01.07.2012 19:32, schrieb Joe Zeff: > On 07/01/2012 10:23 AM, John Wendel wrote: >> Extra security is certainly a plus. My main reason for wanting to run a >> read-only root it to avoid wearing out the consumer grade compact flash >> card that I'm using as my root device (yes, I'm cheap). > > I'd suggest, then, using a distro that doesn't update as frequently as Fedora. /sbin is on the root device and > you'd need to set it to rw every time one of its programs gets updated. Also, if you're using Fedora, have a > separate /boot that's not on that card to make kernel updates easier. i do it the other direction /var/cache, /var/lib, /boot, /var/tmp, /var/log and /tmp on own partitions or in case of virtual machines even on drives because i can have rootfs as small as possible without fearing it gets full this would have the same effect without the problem of have to remeber remount rw before updates with "yum-plugin-security" and "yum update --security" you can even on Fedora minimize updates most of the time if you really want while you can update packages selective from the normal repos if a update fixes a bug which affects you
Attachment:
signature.asc
Description: OpenPGP digital signature
-- users mailing list users@xxxxxxxxxxxxxxxxxxxxxxx To unsubscribe or change subscription options: https://admin.fedoraproject.org/mailman/listinfo/users Guidelines: http://fedoraproject.org/wiki/Mailing_list_guidelines Have a question? Ask away: http://ask.fedoraproject.org
