[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

(Security) upgrades with shared /usr?


I am planning to install a dozen or so (virtual) machines, whose /usr is
going to be shared. I planned simply using ext3 mounted as read-only for
that filesystem, but I noticed one problem with such setup:

Any security update which requires upgrading some packages would force
me to shutdown all but one of the machines, remount /usr RW there,
perform the upgrade, remount it back to RO, and then bring the rest of
machines back up. (Propagating the changes to files outside /usr is
another story).

This is extremely inconvenient, as it disables all services for the time
of the upgrade (this is not a big problem for staless services, but a
major one for stateful ones, such as users' NX sessions).

The only way around this problem I can see is to use a cluster
filesystem, which lets me mount the filesystem RW everywhere.

But maybe someone has invented something more clever? Maybe even
something that takes care of propagating the changes to files outside
the shared FS, to keep them in sync with the rest of the system?

Marcin Owsiany <porridge@debian.org>             http://marcin.owsiany.pl/
GnuPG: 1024D/60F41216  FE67 DA2D 0ACA FC5E 3F75  D6F6 3A0D 8AA0 60F4 1216

Reply to: