On Thu, 7 Dec 2006, Jacob Yocom-Piatt wrote: > it's not clear to me where the best place to mount a disk image is using > vnconfig for the whole /var partition. this should obviously happen after > mounting /usr. > > advice appreciated. > > cheers, > jake
For a start, I'd *guess* it could be mounted immediately after the file-system containing its "regular file" (and of course /usr) is mounted. If this file-system is not nfs, then that is at the first occurences of "mount" in /etc/rc. (Around line 203 in 4.0). You would add your vnconfig and mount command there. You now have a "non-standard" /etc/rc. You want it mounted before logging and any other process or daemon that uses /var is run, including daemons that chroot to /var, notably named. You probably want them running on the svnd, not "underneath" it on whatever /var was before mounting the svnd. Note that if you plan on encryption, the vnconfig command will hang waiting for the key. It uses a call to getpass(3) for the key, which will read from /dev/tty. Usually /etc/rc executes with a /dev/tty so I think that if you use vnconfg -k or -K in /etc/rc, a human will have to intervene at boot time to enter the key. (I don't know a cute, simple way (i.e. a shell trick) to execute vnconfig without a controlling terminal, so it could read from its stdin (presumably a disk file or maybe from some dongle-like Sekrit Krypto Device) or if that would be a good idea anyway.) You could hack vnconfig to read the key from a file, but that's kinda insecure. I don't know your threat model. See man getpass(3). Hoping for further comments, Dave -- [In] all human groups at all times there are the few who rule and the many who are ruled. -- A. Livingston