[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Bits from the Release Team - Kicking off Wheezy

On Thu, 31 Mar 2011, Roger Leigh wrote:
> > > > /etc/adjtime
> > 
> > This needs to survive reboots, and it is also needed early in the boot.
> > It is used to correct the RTC syndrome.
> > 
> > I am at a loss about how it could be made compatible with RO /.
> > 
> > > > /etc/hosts.deny (written by denyhosts, hence that one is a bit hard to fix)
> This one really belongs under /var given that it's writable.  Do we
> really need it that urgently before /var is mounted?  Can't we reload
> whatever is using it after /var becomes available?  Isn't this also

Only if we would also change tcp wrappers to deny all if it cannot read
both /etc/hosts.allow and /etc/hosts.deny, so that you can play symlink

Now, I just checked, and Debian tcpwrappers CAN read a list of files to
be acted upon (allowed, denied, etc) from a regular file.  So we can
probably just tell denyhosts to switch to that usage pattern, and
/etc/hosts.* can be made RO.

  "One disk to rule them all, One disk to find them. One disk to bring
  them all and in the darkness grind them. In the Land of Redmond
  where the shadows lie." -- The Silicon Valley Tarot
  Henrique Holschuh

Reply to: