Bug#570486: Configuration /var with noexec option breaks base system installation
2010/4/15 Joey Hess
<joeyh@debian.org>
Allowing users to install a system with a noexec /var strikes me as a
bad idea, because such a system will require a knowledgeable admin to
intervene to allow it to upgrade, or install new packages.
I think that partman should prevent the user from foot-shooting of this
magnitude. It should ensure that at least / /usr /tmp /var are not
noexec. (/tmp due to #223683)
I totally agree with that, but as a similary thing, one can configure /usr read-only (for security reasons)
The installation process does not break with /usr configured read only, and once you have rebooted, you HAVE to do some extra configuration (/etc/apt/apt.conf.d/... ok this works with apt, aptitude, synaptic but not with dpkg itself) to install / upgrade packages
My 2 cents ...
Reply to: