Re: Immutable flag and packages
>
> If the securelevel is greater than zero, the immutable and append_only
> flags can't be altered.
Ah, some of the earlier comments now make a lot more sense. That also
explains why "man -k securelevel" was remarkably uninformative.
Again, I'm forced to ask if forcing the system into a somewhat idle
mode before changing critical files is a Bad Thing. As a rough
approximation, perhaps a "secure" installation should default to
immutable for the executables in /sbin, /usr/sbin and /bin, but not
/usr/bin. A "paranoid" installation would set all package executables
to immutable.
Bear Giles
bear@coyotesong.com
--
To UNSUBSCRIBE, email to debian-devel-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
Reply to: