Allowing users to install a system with a noexec /var strikes me as a bad idea, because such a system will require a knowledgeable admin to intervene to allow it to upgrade, or install new packages. I think that partman should prevent the user from foot-shooting of this magnitude. It should ensure that at least / /usr /tmp /var are not noexec. (/tmp due to #223683) (FWIW, I have always considered /var/lib/dpkg to be a FHS violation, being that the data in it is no more "variable" than is /bin/sh. And here we have a nice example of why that should have been moved a decade plus ago. Unfortunatly, I never had much luck convincing anyone to care about that. But even if that were fixed, /var can potentially contiain FHS compliant executables. For example, ucf's cache files are executable if the conffile is executable.) -- see shy jo
Attachment:
signature.asc
Description: Digital signature