On Wed, 23.02.11 21:29, Chris Ball (cjb@xxxxxxxxxx) wrote: > > Hi Lennart, > > > My hope is that one day we can ship a read-only root dir by > > default, or more specifically a btrfs file system with three > > subvolumes in it: one read-only one mounted to /, and two > > writable ones mounted to /home and /var, with /tmp mounted from > > tmpfs. > > I can see the motivation for having root be read-only if you *aren't* > using btrfs, but if we have a btrfs subvolume for the rootfs which is > snapshotted every time we perform a package/admin operation (and > perhaps also just on regular intervals for good measure), what would > we then gain by adding a read-only rootfs to the mix? Security, robustness: you can be sure that nothing tempers with your basic OS tree and it is always in a defined state, unless put in a specific "admin mode", where the image may be changed/administered, i.e. / is remounted rw. Lennart -- Lennart Poettering - Red Hat, Inc. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
