Am 22.07.2013 18:10, schrieb Nicolas Mailhot: > Le Lun 22 juillet 2013 00:02, Reindl Harald a écrit : >> has anybody considered to put the following as default in systemd-units of >> network services? cross-posting to users-list intented because i think it >> is a good idea to bring it to a broader userbase! >> >> ReadOnlyDirectories=/etc >> ReadOnlyDirectories=/usr > > It would be very nice if write-protection of FHS-defined RO directories > was applied by default, except for the software updater or during explicit > maintenance operations the idea behind my proposl is to reach nearly the same as a system-wide write-protection or mount read-only without impact maintenance - i see it as compromise i do not want to have a webserver exploited and damage my system while i do not want /usr globally read-only which would kill cronjobs and own software running on top of Fedora in /usr/local
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
