fsprotect - Directory in /
Dear DDs,
I've written a native debian package named fsprotect[1] that makes existing
filesystems immutable by combining them with tmpfs using aufs. For fsprotect
to properly work it absolutely needs a directory to pre-exist in the root
filesystem. I've used /fsprotect but Matt suggested that it should be placed
under /lib. Looking again in FHS I see that using /lib would be a kind of
abuse (am I missing something?).
fsprotect will mount initially three filesystems for each protected filesystem
under that directory (/fsprotect) and will latter umount (move) one of them,
leaving two filesystems (per filesystem) in there while the system is
running. It also needs this directory while running its script in initramfs
and while running the init script (where other filesystems are umounted).
So, the 1.000.000 $/€/£/whatever question is: Is it OK to use /fsprotect or
should I use another directory? My suggestion is to use /fsprotect, in a way
SELinux uses /selinux (as someone mentioned in IRC). It will only be there
for computers that are "locked" using fsprotect.
Alternatives are: /lib/init/fsprotect and /lib/fsprotect (any other
suggestion?) Example mounted filesystems per case:
/:
/fsprotect/fs/var/orig
/fsprotect/fs/var/tmp
/lib:
/lib/fsprotect/fs/var/orig
/lib/fsprotect/fs/var/tmp
/lib/init:
/lib/init/fsprotect/fs/var/orig
/lib/init/fsprotect/fs/var/tmp
p.s. Please CC me. I'm not subscribed to debian-devel. I've also set the
M-Fup-To.
[1]http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=fsprotect
Reply to: