RSBAC Grsec Selinux ProPolice and Pax

Cedric cedric.de.wijs at softhome.net
Mon Jan 19 08:49:00 PST 2004


At 12:16 AM 1/20/04 +1100, you wrote:






> > sorry to piggyback, but I missed to original post.
> >
> > Last time I looked, bind mounting didnt allow you to mount one part
> > of the filesystem rw somewhere, and the same part ro elsewhere.
> > Something to do with sharing superblocks.
> >
> > I may be wrong or it might have changed.
>
>Separate parts of the filesystem, usually completely separate
>partitions.
>
>1: Create partition(s) for rw access.
>2: mount partition containing binaries/configuration (/opt) ro.
>3: bind mount data directories under rw partition onto ro partition.
>
>Test it out on a cdrom if you want :-)
>
>Idea is to also keep binaries/configuration data on physically
>separate partitions to user data.
>Keeps backups nice and simple too.
>
>Ideally you'd have a separate data partition for each daemon but sometimes
>however you just run out of spare partitions ;-).

I have been searching for this for some time. Thanks for fitting the pieces 
of the puzzle together!

Cedric,

Linux believer since KNOPPIX 3.2 / LFS 4.0 / LINUX 2.4.21 / Gcc 3.2
-------------- next part --------------

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (http://www.grisoft.com).
Version: 6.0.558 / Virus Database: 350 - Release Date: 1/2/04


More information about the hlfs-dev mailing list