Re: (Security) upgrades with shared /usr?
On Mon, Feb 20, 2006 at 09:40:21PM +0100, Marcin Owsiany wrote:
> On Mon, Feb 20, 2006 at 01:56:23PM -0500, Mark Bucciarelli wrote:
> > On Mon, Feb 20, 2006 at 04:02:52PM +0100, Marcin Owsiany wrote:
> > > But maybe someone has invented something more clever? Maybe even
> > > something that takes care of propagating the changes to files outside
> > > the shared FS, to keep them in sync with the rest of the system?
> > can you leave /usr rw in vserver host and apply the security patches
> > there?
> A system which mounts an FS R/O makes certain assumptions about its
> behavior. If you change it behind its back (by mountin it R/W), you are
> likely to crash the system(s) which have it mounted R/O.
Erm - interesting, at work we have a set of netbooting machines, /usr is
most certainly RO on all the workstations, and served to us via NFS, the
fileserver that it's served from has the filesystem mounted RW, we do
upgrades on that fileserver, they propogate via NFS nicely, haven't had
a workstation hang because of an upgrade on the fileserver so far, so
I'd be interested to know why you think this might be the case?