Re: Setting apt to mount partitions read|read-only
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
"Jeff Bonner" <jeff@integralogic.com> writes:
> The Securing Debian HOWTO makes mention of the possibility that you can
> set a partition as read-only, to further protect the various things in
> /usr/bin for example. Then when you apt-get upgrade, you can configure
> apt to automagically turn off the read-only while needed, then turn it
> back on (facilitating the install of new items).
>
> However, I don't immediately see anything in 'man apt.conf' that tells
> how to do it, assuming that's where you control this behavior from.
> Does anyone have instructions on how to accomplish this?
I'm doing exactly this for a read-only mounted /usr partition with the
following in /etc/apt/apt.conf:
DPkg
{
Pre-Invoke { "mount /usr -o remount,rw" };
Post-Invoke { "mount /usr -o remount,ro" };
};
Note that the Post-Invoke may fail with a "/usr busy" error message.
This happens mainly when you are using files during the update that
got updated. Annoying but not really a big deal. Just make sure
these are no longer used and run the Post-Invoke manually.
Hope this helps,
- --
Olaf Meeuwissen Epson Kowa Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
LPIC-2 -- I hack, therefore I am -- BOFH
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 <http://mailcrypt.sourceforge.net/>
iD8DBQE8av6+FsfyfWvjfZARAs/ZAJ0ZZ/hym5EN6M4CGXQtuTff/SWSKgCdFHd+
VF3mZMhU96oA+jE1e9OjWSA=
=6tGy
-----END PGP SIGNATURE-----
Reply to: