Running with a readonly root partition
Wojciech Puchar
wojtek at wojtek.tensor.gdynia.pl
Fri Jun 13 18:29:37 UTC 2008
>
> As devfs is running by default, it seems to me that
> it would be relatively easy to run with a readonly
> root partition, assuming that the directories under
> which writing is necessary (ie; /tmp, /var, /home)
> are located in separate, writable partitions.
yes.
> The main advantages are that none of the configuration
> files or binaries in /etc and /usr (which may still
/etc is rather writable - for example when user changes password.
> be on a separate readonly partition) are vulnerable
> and the boot process update to /etc/motd). Once these
> have been rectified by relocating the files and setting
> up symlinks, there have been no problems.
>
> My questions are:
> - does anyone else do this?
no that - but i do this on my liveDVD
> - if not, why not?
if you will set securelevel to prevent umounts - it may add much to the
security.
but - the same time - you'll have to reboot system to change anything!
More information about the freebsd-questions
mailing list