Re: Read-only root (/) except /et

[NN_il_Confusionario <pinkof.pallus@tiscalinet.it>]

On Mon, Apr 14, 2008 at 11:59:16AM +1000, Rich Healey wrote:
> It seems you want to install *BSD and just flag most of your
> configuration nochg.

in linux, e2fsprogs have chattr and lsattr (I have not checked for other
filesystems, but I expect that some of the other filesystems, but not
all, have corresponding flags). 

These flags become more useful in combination with Linux capabilitues
and *BSD securelevels.

In linux >= 2.2.x , cababilities (see the package lcap) can be used
where BSD securelevels are used (and are much more fine grained that the
traditional securelevels of *BSD, but they are not so fine-grained as
one might reasonably want. Modern Linux and modern *BSD have also other,
more adavanced, security measures). 

Linux capabilities are also used by linux vservers, which rougly
correspond to *BSD jails and Solaris zones. (Linux has also other
similar things, but the vservers are the only one for which debian
provides pre-compiled kernels)

Linux kernels try to accept contibutions from much more people, try to
support much more things than *BSD kernels (but also less things in some
specialized areas), and correspondingly much more (security and
non-security) bugs are found.

And so on.

Net search engines find many comparations between Linux and *BSD kernels
and between GNU and *BSD userland. Most of them are old, incomplete, not
so competent and so on. This might be an occasion to add another
flamefest to the list. Or to work to the ongoing port of debian glibc
based userland to the FreeBSD kernel.

-- 
Chi usa software non libero avvelena anche te. Digli di smettere.
Informatica=arsenico: minime dosi in rari casi patologici, altrimenti letale.
Informatica=bomba: intelligente solo per gli stupidi che ci credono.