On Wed, Jan 05, 2011 at 03:29:08AM +0100, Michael Biebl wrote: > > Nice write-up, you raise many good points I agree with. > > Just a small remark: > > On 05.01.2011 01:25, Roger Leigh wrote: > > > 2) /usr is mounted read-only for security and safety > > > > Mounting /usr read-only is common practice; I even do this myself > > with apt-get configured to remount read-write when changes are made > > and then remount read-only afterwards. > > This can easily be achieved using a bind mount, without requiring /usr being a > separate partition. > > mount --bind /usr /usr > mount -oremount,ro /usr
It requires a recent kernel, though. IIRC, Lenny kernels don't support readonly bind mounts. Mike -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110105074601.ga3...@glandium.org