Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports

To: debian-devel@lists.debian.org
Subject: Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
From: Helmut Grohne <helmut@subdivi.de>
Date: Tue, 16 Jul 2013 21:15:39 +0200
Message-id: <[🔎] 20130716191538.GA14653@alf.mars>
Mail-followup-to: debian-devel@lists.debian.org
In-reply-to: <[🔎] CANBHLUhRPUcnhK11MstzuVTWY_=ttvt4oNWrHBzrUL90ZwKfCg@mail.gmail.com>
References: <[🔎] x6ip0eqgkb.fsf@midna.lan> <[🔎] 368458.87672.bm@smtp107.mail.ir2.yahoo.com> <[🔎] 20130714203850.GS31486@codelibre.net> <[🔎] CAKTje6FQ4_AW4+vCEoowZntFo6DGxTM1aVuqbro+h=AYt4msng@mail.gmail.com> <[🔎] 20130716160739.GD4910@codelibre.net> <[🔎] CANBHLUhRPUcnhK11MstzuVTWY_=ttvt4oNWrHBzrUL90ZwKfCg@mail.gmail.com>

On Tue, Jul 16, 2013 at 06:38:18PM +0100, Dmitrijs Ledkovs wrote:
> Imho the overhead between having just "/etc" vs "/" encrypted is
> small, if "/var", "/usr", "/home", "/opt" are separate mountpoints.
> Thus to me, treating "/etc" separately is a misfeature, considering a
> mounted "/" assumes /etc must be present.
> At least, it would go against my expectation.

Having /etc on a separate filesystem can have a different advantage. If
just /var and /home are on separate filesystems and RAMTMP is set to
yes, then / can possibly be mounted read-only. Having a read-only /etc
is still a difficult thing to do, because a number of packages assume it
to be writeable. Examples include cups, denyhosts, fake-hwclock, lvm2,
openvpn, passwd, samba, and util-linux. This list is not exhaustive.

I think that read-only / is an interesting feature to investigate.
Fixing all the packages above has been proven to be a hard thing to do.
Having a writeable /etc is different way to achieve the same thing, so I
think investigating that option should not be prematurely dismissed.

It is not like that the availability of this feature will suddenly make
everyone use it. Chances are you wouldn't notice when it is introduced.
So why complain?

Helmut

Reply to:

References:
- Survey answers part 3: systemd is not portable and what this means for our ports
  - From: Michael Stapelberg <stapelberg@debian.org>
- Re: Survey answers part 3: systemd is not portable and what this means for our ports
  - From: Kevin Chadwick <ma1l1ists@yahoo.co.uk>
- /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
  - From: Paul Wise <pabs@debian.org>
- Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
  - From: Roger Leigh <rleigh@codelibre.net>
- Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
  - From: Dmitrijs Ledkovs <xnox@debian.org>

Prev by Date: Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
Next by Date: Re: Survey answers part 3: systemd is not portable and what this means for our ports
Previous by thread: Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
Next by thread: Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports
Index(es):
- Date
- Thread