As devfs is running by default, it seems to me that it would be relatively easy to run with a readonly root partition, assuming that the directories under which writing is necessary (ie; /tmp, /var, /home) are located in separate, writable partitions.
yes.
The main advantages are that none of the configuration files or binaries in /etc and /usr (which may still
/etc is rather writable - for example when user changes password.
be on a separate readonly partition) are vulnerable and the boot process update to /etc/motd). Once these have been rectified by relocating the files and setting up symlinks, there have been no problems. My questions are: - does anyone else do this?
no that - but i do this on my liveDVD
- if not, why not?
if you will set securelevel to prevent umounts - it may add much to the security.
but - the same time - you'll have to reboot system to change anything! _______________________________________________ freebsd-questions@freebsd.org mailing list http://lists.freebsd.org/mailman/listinfo/freebsd-questions To unsubscribe, send any mail to "[EMAIL PROTECTED]"
