[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: ReiserFS on a Firewall [was: Building Debian firewall]

If you prize stability then don't use new software, kernel 2.4 has had many
serious bugs and problems, which are slowly sorted.  The kernel versions
with Reiser FS just added have had problems, if you tested 2.4.1 - 2.4.3
then you are bound to have hit problems, due to these known issues.  It's
not that easy merging in large pieces of software and patches, and 2.4 is
quite different from 2.2, where most Reiser FS deployment, was.

Reiser FS had in fact had one security bug, to trigger it someone had to
create 127 files with special names in the same directory, and then they
could get at a file that shouldn't have been readable to them.  It was not
critical, as ordinary users for instance cannot write in directories like
/etc to get at /etc/shadow for instance, and should not even log in on a

> So i would run reiserfs only on Systems with Daily Backup's and on systems
> with _Huge_ Disks and a high disk load (so they profit from the b-tree's
> reiserfs uses)

The 2.4.4 version seems to have been stable it was not altered according to
Linus's release notes.  Most errors reported turn out to be hardware
problems, there's been many issues with DMA and via chipsets for instance.
As for any new software, 2.4.5 will have it's share of problems, and perhaps
something has hit Reiser FS in this version, time will tell.

> For a router which not much more than log activity on the disk i would
> prefer using ext2 oder ext3 (ext3 for 2.4 is released beta now, and you
> switch from ext2 to ext3 and back at any time, furthermore you can use the

ext3 is a 2.2 thing, it's not finished in 2.4 though it is being worked on.

> If you do need a proxy as well, i would accept the cache on reiserfs,
> but i would put the rest onto ext2.
> Perhaps it's just that i don't trust reiserfs after having lost so much
> trying to repair the partition with reiserfsck; which did succeed after

The reiserfsck was not functional for a long time, it was broken and under
development, you shouldn't have needed it though in the first place.

Finally another suggestion to reduce fsck times, that is to mount /usr read
only.  This won't allow an automated apt-get, without remounting


Reply to: