On 01/09/11 04:38, Monika Kistler wrote:
Out of security reasons I need to have the root file system mounted read-only.
What security does that provide according to your appreciation ? I only see it as a false sense of security.
/var is mounted read/write on a separate partition, thus the log files do not cause any problem.
When booting my system I get the following errors, due to read-only rootfs.
mv: inter-device move failed: `/tmp/apache2.PLbqAdT67tqh' to `/etc/apache2/sysconfig.d/loadmodule.conf'; unable to remove target: Read-only file system /usr/share/apache2/get_module_list: line 113: /etc/apache2/sysconfig.d/global.conf: Read-only file system /usr/share/apache2/get_module_list: line 114: 3: Bad file descriptor /usr/share/apache2/get_module_list: line 136: 3: Bad file descriptor /usr/share/apache2/get_module_list: line 140: 3: Bad file descriptor /usr/share/apache2/get_module_list: line 141: 3: Bad file descriptor /usr/share/apache2/get_module_list: line 144: 3: Bad file descriptor /usr/share/apache2/get_module_list: line 151: 3: Bad file descriptor /usr/share/apache2/get_includes: line 15: /etc/apache2/sysconfig.d/include.conf: Read-only file system /usr/share/apache2/get_includes: line 16: 3: Bad file descriptor /usr/share/apache2/get_includes: line 43: 3: Bad file descriptor
Well, yes, apache generates a lot of configuration automatically at startup so you can use /etc/sysconfig/apache2, you need /etc writeble by root anyway... IMHO you are attempting to secure the wrong thing, without my appropiate dosis of caffeine I can instantly recall a lot of attack vectors for a webserver that dont require rootfs writable.. -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org For additional commands, e-mail: opensuse+help@opensuse.org