On Sat, 22 March 2008 23:55:53 +0800, Peter Teoh wrote: > > > Or do you want individual files/directories to be immutable - chattr? > > chattr is not good enough, as root can still modify it. So if > current feature is not there, then some small development may be > needed. > > > And in either case, what problem do you want to solve with a read-only filesystem? > > Simple: i want to record down everything that a user does, or a > database does, or any applications running - just record down its > state permanently securely into the filesystem, knowing that for sure, > there is not way to modify the data, short of recreating the > filesystem again. Sound logical? Or is there any loophole in this > concept? The loophole is called root. In a normal setup, root can do anything, including writing directly to the device your filesystem resides in, writing to kernel memory, etc. It may be rather inconvenient to change a filesystem by writing to the block device, but far from impossible. If you want to make such changes impossible, you are facing an uphill battle that I personally don't care about. And if inconvenience is good enough, wouldn't chattr be sufficiently inconvenient? Jörn -- Victory in war is not repetitious. -- Sun Tzu -- To unsubscribe from this list: send the line "unsubscribe linux-fsdevel" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html
