On Tue, 31 Jan 2012 13:50:27 +0100 Tom Gundersen <teg@xxxxxxx> wrote: > Hi Kevin, > > On Tue, Jan 31, 2012 at 2:02 PM, Kevin Chadwick <ma1l1ists@xxxxxxxxxxx> > wrote: > > Should /bin and /sbin contain all the statically built execs to > > increase the reliability of single user mode. > > Nah, we don't really build static binaries, and /usr must be available > even in single user mode. IMHO /bin and /sbin are no longer useful. > > > I see udev creating directories in /media as a problem for the goal of > > read only systems, unless it is on it's own partition. Personally I use > > udev rules to mount to /mnt/usb0, /mnt/usb1 etc. making it consistent > > and logical to human users and sudoers, not to mention the problem of > > stupidly long named directories on occasion making escaping required > > or copying on the commandline. > > Two comments: > > This can be solved by making /media a tmpfs and require its subdirs to > be recreated on demand (as systemd does). Or a bind-mount from /var/media or such... I wonder though shouldn't it be implemented in initscripts similar to /tmp? Because currently enabling read-only / will require adding a /media stanza to fstab. > > udev should never, ever mount stuff itself. This is dangerous and > explicitly not supported. Consider using systemd, udisks or another > daemon for this purpose. For more info about this, see the recent > discussion on the linux-hotplug mailinglist. > > > Anyway here's some food for thought you might find interesting about FHS > > compared to the OpenBSD way of doing things. The thread has some other > > useful thoughts too. > > > > "http://marc.info/?l=openbsd-tech&m=130503366832069&w=2"; > > Thanks, that's an interesting read. Notice how a majority of his > concerns would go away if /bin, /sbin, /usr/sbin all pointed to > /usr/bin. That whole thread very clearly illustrates the challenges > the FHS faces. > > -t -- Leonid Isaev GnuPG key ID: 164B5A6D Key fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
Attachment:
signature.asc
Description: PGP signature
