> -----Original Message----- > From: devel-bounces@xxxxxxxxxxxxxxxxxxxxxxx [mailto:devel-bounces@xxxxxxxxxxxxxxxxxxxxxxx] On Behalf > Of Lennart Poettering > Sent: Tuesday, October 19, 2010 7:38 AM > To: Development discussions related to Fedora > Subject: Re: rawhide report: 20101019 changes > > > I think the whole approach of seperate /usr (which iiuc is done to make > /usr r/o during normal runtime) is wrong anyway. It aims too low. If > people want to make something r/o it should be the entirety of / > read-only, and we probably should make that the default even > eventually. That'd be a worthy goal. However, right now there's still a > handful of programs that write around in /etc during runtime, such as > NM, and stuff related to /etc/nologin, /forcefsck, /etc/mtab, > /etc/securetty and similar files. (a couple of which will hopefully go > away soonishly. i.e. /etc/nologin is being migrated to /var/run/nologin > now, and /forcefsck has a kernel cmdline option "forcefsck" which is a > lot more useful. util-linux-ng is working on getting rid of /etc/mtab > and already works mostly when you link it to /proc/mounts. For the > securetty hacks I sent a patch last week to PAM.) > > Debian in fact has been making great progress to make their OS work with > read-only root by default: http://wiki.debian.org/ReadonlyRoot > > Also note that a number of commercial unixes symlink / and /usr these > days, going one step further even. > > Lennart A ton of this work was already done in initscripts through the use of the /etc/sysconfig/readonly-root hooks. Isn't that already working well enough now for that purpose, future systemd changes aside? -jc -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
