RSBAC Grsec Selinux ProPolice and Pax

Cedric at
Mon Jan 19 08:49:00 PST 2004

At 12:16 AM 1/20/04 +1100, you wrote:

> > sorry to piggyback, but I missed to original post.
> >
> > Last time I looked, bind mounting didnt allow you to mount one part
> > of the filesystem rw somewhere, and the same part ro elsewhere.
> > Something to do with sharing superblocks.
> >
> > I may be wrong or it might have changed.
>Separate parts of the filesystem, usually completely separate
>1: Create partition(s) for rw access.
>2: mount partition containing binaries/configuration (/opt) ro.
>3: bind mount data directories under rw partition onto ro partition.
>Test it out on a cdrom if you want :-)
>Idea is to also keep binaries/configuration data on physically
>separate partitions to user data.
>Keeps backups nice and simple too.
>Ideally you'd have a separate data partition for each daemon but sometimes
>however you just run out of spare partitions ;-).

I have been searching for this for some time. Thanks for fitting the pieces 
of the puzzle together!


Linux believer since KNOPPIX 3.2 / LFS 4.0 / LINUX 2.4.21 / Gcc 3.2
-------------- next part --------------

Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system (
Version: 6.0.558 / Virus Database: 350 - Release Date: 1/2/04

More information about the hlfs-dev mailing list