[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /run/, resolvconf and read-only root

On Mon, 2003-04-28 at 00:01, Sam Hartman wrote:
> 1) Why are people mounting root read-only?

"Frank" (Not his real name) has a machine with a local
read-only boot medium and a network connection but no local
hard disk.

"Jane" finds it nice that her /etc/ hierarchy changes only
when she administers her machine, not during normal use,
and that /run/ contains information only relevant to the
current boot session.  This makes it easier for her to make
and keep track of her backups.

"George" mounts /etc/ read-only because it seems like this
ought to increase the security of his system.

> 2) When root is read-only, what information is variable
> and what information  should be immutable?

The distinction between variable and non-variable is drawn
by the FHS.  It was the basis for splitting /var out of /usr.

> Why is this a reasonable categorization?

It is reasonable to distinguish between variable and non-variable
files because the distinction makes it possible to segregate the
different sorts of files into different filesystems which may be
then be handled differently -- e.g., stored on different sorts of

> 3)  What information needs to go in /var vs /run?

Because /var can be an NFS mount, some programs (e.g.,
networking daemons) necessarily run before /var is available.
Those that need to store state in a "run" directory will use
/run/.  All others must use /var/run/.

> I will follow any related changes to policy to the best
> of my ability.

OK, but we should not wait for policy to change before
implementing this.

Thomas Hood <jdthood0@yahoo.co.uk>

Reply to: