On Mon, 17 May 2010, Stephen Harris wrote:
> On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote:
>> Stephen Harris wrote on 05/17/2010 12:15 PM:
>>> Don't do NFS localhost mounts from fstab
>>
>> Why would you want to do localhost: NFS mounts anyway?
>
> 'cos the current kernel doesn't allow read-only bind mounts and I
> need to present information in a locked down read-only area.
+1. On one server, we provide a read-write CVS tree accessible to
developers -- but we nfs-mount a read-only view of the same filesystem
into the cvsd chroot environment for anonymous users. If cvsd is found
to have a vulnerability, the chroot and nfs layers are likely to limit
the damage.
--
Paul Heinlein <> heinlein@xxxxxxxxxx <> http://www.madboa.com/
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
