On 06/26/18 13:50, Raul Miller wrote:
Personally, I can't totally figure out what this policy would be. My current best approximation is: there's a period of time when pkg_add and syspatch are running and that is a time when writes are allowed, other than that, not. I could maybe rig up something more complicated using inherited cryptographic tokens but the potential special cases wind up with approximately the same effect.
You could mount everything ro and have a wrapper script around pkg_add that remounts it rw and when its done remount it ro. Of course other processes would then be able to write as well. Seems like you would need a new system call or some such mechanism to truly accomplish what you want.
