If it's possible, I want to install boot scripts to /tools/etc, tell Grub to use /tools/bin/init, so when we reboot / is basically empty and we start off on the right foot. This avoids overwriting files on /, and lets us set up directory and file ownerships so root owns as little as possible. We can't really set ownerships on the temporary host because uids probably won't be the same.
LFS and CLFS uses some hard coded paths, like /sbin/udevd. There's probably a reason for this, but since /tools/bin/udevd is the only udevd we have it shouldn't be a problem to use the udevd in $PATH. Or have PATH=/tools/bin just for the boot scripts, and PATH=/bin:/usr/bin:/tools/bin for the login user. So I think we need a special set of boot scripts for /tools. Minimal, like CLFS's install-minimal, but with network as an option. We should also start talking about users and groups. User "admin": owner of most of the filesystem. Group "bin": has group write permission on most of the filesystem. User "installer": is in the bin group, used to install packages, but can't overwrite files owned by the admin user. Installed packages have their ownership changed to user admin. Also, if it's possible, straight off the reboot, I want agetty to run as non-root. Maybe not today, but it's something to keep in mind. The rebooted temporary system should be 100% hardened. This can be done in the boot scripts with execcap and/or Debian's runas program. robert
pgpGUaVWbq3M9.pgp
Description: PGP signature
-- http://linuxfromscratch.org/mailman/listinfo/hlfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
