[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: RFS: fsprotect (try #2)



On Tuesday 21 April 2009, Paul Wise wrote:
> 2009/4/21 Stefanos Harhalakis <v13@v13.gr>:
> > fsprotect needs a directory under the root filesystem to preexist. Most
> > probably it won't be used by normal users, so this won't be common. In
> > IRC it was mentioned that it could should use /lib/fsprotect, but this
> > directory is already used to store a helper script:
> >
> > -rwxr-xr-x 1 root root 1786 2009-03-22 17:32
> > /lib/fsprotect/fsprotect-protect
> >
> > and perhaps (in the future) hold other helper scripts too.
>
> What about using /lib/fsprotect/mount/ (or similar) instead?

Everything works as-long-as it is in the root filesystem.

If /lib/fsprotect/mount/ is acceptable and

/lib/fsprotect/mount/system
/lib/fsprotect/mount/tmp
/lib/fsprotect/fs/var/orig
/lib/fsprotect/fs/var/tmp
... etc ...

are acceptable mountpoints, then OK. My personal opinion is that it will be 
ugly, but I'll change it to that if you agree.


> > The /fsprotect/system and /fsprotect/tmp directories are required to
> > pre-exist at the time initramfs mounts the root filesystem.
>
> Could they be created from a script in the initramfs?

/ is mounted read-only. An initial /fsprotect dir is created inside the 
initramfs / (which is tmpfs at that point). Latter, the root fs is merged with 
a tmpfs using aufs. At that point it is possible to create the directories 
under the new root (which is aufs) and those will be actually created in tmpfs 
and will be lost latter.

The questions are:
a) Isn't this somehow hackish?
b) Is it better and/or different at all? Still /fsprotect will exist, even if 
it is created by an initramfs hook and even if it resides in tmpfs.



Reply to: