Am 23.07.2013 19:54, schrieb Reindl Harald: >> 3) ReadOnlyDirectories also needs to be applied across submounts, which >> introduces complication to the system units depending on the filesystem >> layout on the administrator-configured machine - having security mechanisms >> be affected by this is not ideal. > > "needs" is not really correct > needs to be *fully* enabled > > a potential submount would not be read-only > so what - without this the rest would not be too and to be more clear * i want to protect /usr and what is instaleld via package-manager * submounts like bind-mounts in /usr/local are not read-only the latter should not because it is not installed by the package-manager and below /usr/local i have as example bind-mount structures for sftp-chroot it's perfect that they are not read-only
Attachment:
signature.asc
Description: OpenPGP digital signature
-- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel
