As devfs is running by default, it seems to me that
it would be relatively easy to run with a readonly
root partition, assuming that the directories under
which writing is necessary (ie; /tmp, /var, /home)
are located in separate, writable partitions.

The main advantages are that none of the configuration
files or binaries in /etc and /usr (which may still

/etc is rather writable - for example when user changes password.

be on a separate readonly partition) are vulnerable
and the boot process update to /etc/motd).  Once these
have been rectified by relocating the files and setting
up symlinks, there have been no problems.

My questions are:
- does anyone else do this?

no that - but i do this on my liveDVD

- if not, why not?

if you will set securelevel to prevent umounts - it may add much to the security.

but - the same time - you'll have to reboot system to change anything!
_______________________________________________ mailing list
To unsubscribe, send any mail to "[EMAIL PROTECTED]"

Reply via email to