[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

fsprotect - Directory in /

Dear DDs,

I've written a native debian package named fsprotect[1] that makes existing 
filesystems immutable by combining them with tmpfs using aufs. For fsprotect 
to properly work it absolutely needs a directory to pre-exist in the root 
filesystem. I've used /fsprotect but Matt suggested that it should be placed 
under /lib. Looking again in FHS I see that using /lib would be a kind of 
abuse (am I missing something?).

fsprotect will mount initially three filesystems for each protected filesystem 
under that directory (/fsprotect) and will latter umount (move) one of them, 
leaving two filesystems (per filesystem) in there while the system is 
running. It also needs this directory while running its script in initramfs 
and while running the init script (where other filesystems are umounted).

So, the 1.000.000 $/€/£/whatever question is: Is it OK to use /fsprotect or 
should I use another directory? My suggestion is to use /fsprotect, in a way 
SELinux uses /selinux (as someone mentioned in IRC). It will only be there 
for computers that are "locked" using fsprotect.

Alternatives are: /lib/init/fsprotect and /lib/fsprotect (any other 
suggestion?) Example mounted filesystems per case:




p.s. Please CC me. I'm not subscribed to debian-devel. I've also set the 


Reply to: