Re: Useful NFS hint

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



On Mon, 17 May 2010, Stephen Harris wrote:

> On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote:
>> Stephen Harris wrote on 05/17/2010 12:15 PM:
>>> Don't do NFS localhost mounts from fstab
>>
>> Why would you want to do localhost: NFS mounts anyway?
>
> 'cos the current kernel doesn't allow read-only bind mounts and I 
> need to present information in a locked down read-only area.

+1. On one server, we provide a read-write CVS tree accessible to 
developers -- but we nfs-mount a read-only view of the same filesystem 
into the cvsd chroot environment for anonymous users. If cvsd is found 
to have a vulnerability, the chroot and nfs layers are likely to limit 
the damage.

-- 
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux