Getting rid of /usr for F12?
seg at haxxed.com
Mon Apr 20 00:42:33 UTC 2009
On Sat, 2009-04-18 at 01:28 +0200, Lennart Poettering wrote:
> On Fri, 17.04.09 15:16, Jeff Spaleta (jspaleta at gmail.com) wrote:
> > On Fri, Apr 17, 2009 at 3:11 PM, Lennart Poettering
> > <mzerqung at 0pointer.de> wrote:
> > > Oh, it makes a lot of sense. I mean, most config files are only
> > > touched during installation and during package upgrades. Otherwise
> > > they are practically read-only. During package upgrades or if the
> > > admin really wants to change something he can temporarily remount / to
> > > rw without a problem. This is eprfectly well supported by Debian.
> > Hmm I guess we need to redesign how denyhosts works as a service as
> > its default operation is to edit /etc/hosts.deny..quite frequently.
> > Should I file a bug report now?
> I am not aware that it was an official Fedora goal to make it boot
> from a ro /. Would be good if it was, though.
Think about LiveCDs. No writes are going to be permanent, so why bother
writing at all?
Think about the proliferation of solid state storage. We can no longer
take for granted that writes are free, with flash storage writes come
with a cost. Read only root would guarantee preservation of operating
Read only also makes filesystem corruption much less likely.
Read only also allows the possibility of mastering a "perfect"
filesystem. No fragmentation, and you can compress it to hell and back.
Read only, if it's ensured in hardware, ensures security. Cleanup only
takes a reboot.
Is it weird of me to pine for the the days of floppy disks? Things were
so much easier then. Just put in the disk you want and go. I've got a
whole long blog post about this I should write some day. I'd like to see
a clear, hard line separation between the operating system, and user
data. The operating system should be self-contained, and uniform. The OS
should be able to be easily replaced, upgraded or downgraded, free of
state to muck things up. Hence, write only root. Once mastered, it stays
Remember write protect tabs?
> However, no daemon should ever touch files in /etc automatically. That
> NM does that is pretty bad style. Instead resolv.conf should be
> replaced by a symlink to /var and manipulated there.
In my wireless firmware:
resolve.conf is hardwired to localhost and dnsmasq is used for all DNS
# ls -l /etc/
lrwxrwxrwx 1 0 0 11 shadow -> /tmp/shadow
-rw-r--r-- 1 0 0 21 resolv.conf
-rw-r--r-- 1 0 0 458 radvd.split.conf
-rw-r--r-- 1 0 0 228 radvd.conf
-rw-r--r-- 1 0 0 23 profile
-rw-r--r-- 1 0 0 84 passwd
drwxrwxr-x 1 0 0 76 init.d
lrwxrwxrwx 1 0 0 10 hosts -> /tmp/hosts
-rw------- 1 0 0 0 gshadow
-rw-r--r-- 1 0 0 30 group
lrwxrwxrwx 1 0 0 11 ethers -> /tmp/ethers
lrwxrwxrwx 1 0 0 13 dropbear -> /tmp/dropbear
# cat /etc/resolv.conf
Though various other things have to be redirected to /tmp, a ramfs
populated on boot by the init scripts from nvram settings. 2mb flash
just doesn't provide enough space for JFFS2.
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 197 bytes
Desc: This is a digitally signed message part
More information about the fedora-devel-list