On Tue, Apr 01, 2014 at 10:58:33PM +0100, stumba...@yahoo.de wrote:
> we use LTSP as the base for our Diskless Server environment. We only install
> ltsp-client-core and manage the machines with scripts being called using /etc/
> lts.conf.
> We do like the new way with aufs - it makes modifying configuration files so
> much easier - but it also introduces problems since an attacker now can as
> well
> easily replace the sshd and we might not notice...
> Is there a way to exclude directories or to just only include some directories
> to be writeable in aufs?
Not currently. Maintaining the whitelist with the old approach (bind mounts)
became rather burdensome as various applications write to all sorts of crazy
places, but implementing a blacklist would be an interesting idea.
You might be able to unmark the writeability on some dirs by manually editing
the tmpfs layer to not allow writes to certain directories...
That said, the permissions should be such that only root can write to the files
anyways, and if they have root access, they could mount their own writeable
overlay on top of it anyways...
live well,
vagrant
------------------------------------------------------------------------------
_____________________________________________________________________
Ltsp-discuss mailing list. To un-subscribe, or change prefs, goto:
https://lists.sourceforge.net/lists/listinfo/ltsp-discuss
For additional LTSP help, try #ltsp channel on irc.freenode.net
