Hi,
I'm setting up a firewall with 6.4. At the moment, I'm trying to secure the machine.
I wanted to set the /-FS to readonly, only /home,/var,/tmp are writable. All works fine, but after closing a tty, mingetty is respawning too fast and I'm unable to use this tty any more.
I tracked the problem down to an write-attempt to the cua-device, but the system reports that / is mounted readonly.
Is there a possibility to supress this write-access in the respawning-process?
Hi Stefan, A write attempt to some device file on a read-only mounted filesystem is legitimate and should be successful as long as no filesystem changes are involved. If you consider a device file a "hole" in the filesystem, this behaviour might be more transparent to you. The problem is that mingetty tries to chown(2) and chmod(2) the device file. You'd have to ensure that these non-ro operations are successful. This can be done by mounting a ramdisk over /dev soon after the kernel boot, and before /dev/pts is mounted. The next step would be to unpack a tarfile into that new ramdisk so that the device files are fully available when other processes open them later. It is imperative that this happens while no other process is running that could feel like opening a device file which isn't there yet. With some tweaking it is very well possible to have a read-only root-fs. But if you use this feature for security reasons, you also have to make sure that write access to the raw device is not possible either - a disk seems useless under these circumstances. Once it's finished, burn the ext2 filesystem on a CD and boot from it. Roman. -- _ _ | Roman Drahtmüller "The best way to pay for a | CC University of Freiburg lovely moment is to enjoy it." | email: draht@uni-freiburg.de - Richard Bach | - -