[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /usr (was: Re: Survey answers part 3: systemd is not portable and what this) means for our ports

On Tue, Jul 16, 2013 at 06:38:18PM +0100, Dmitrijs Ledkovs wrote:
> Imho the overhead between having just "/etc" vs "/" encrypted is
> small, if "/var", "/usr", "/home", "/opt" are separate mountpoints.
> Thus to me, treating "/etc" separately is a misfeature, considering a
> mounted "/" assumes /etc must be present.
> At least, it would go against my expectation.

Having /etc on a separate filesystem can have a different advantage. If
just /var and /home are on separate filesystems and RAMTMP is set to
yes, then / can possibly be mounted read-only. Having a read-only /etc
is still a difficult thing to do, because a number of packages assume it
to be writeable. Examples include cups, denyhosts, fake-hwclock, lvm2,
openvpn, passwd, samba, and util-linux. This list is not exhaustive.

I think that read-only / is an interesting feature to investigate.
Fixing all the packages above has been proven to be a hard thing to do.
Having a writeable /etc is different way to achieve the same thing, so I
think investigating that option should not be prematurely dismissed.

It is not like that the availability of this feature will suddenly make
everyone use it. Chances are you wouldn't notice when it is introduced.
So why complain?


Reply to: