rawhide report: 20101019 changes

[Cleaver, Japheth]

> -----Original Message-----
> From: devel-bounces at lists.fedoraproject.org [mailto:devel-bounces at lists.fedoraproject.org] On Behalf
> Of Lennart Poettering
> Sent: Tuesday, October 19, 2010 7:38 AM
> To: Development discussions related to Fedora
> Subject: Re: rawhide report: 20101019 changes
> 
> 
> I think the whole approach of seperate /usr (which iiuc is done to make
> /usr r/o during normal runtime) is wrong anyway. It aims too low. If
> people want to make something r/o it should be the entirety of /
> read-only, and we probably should make that the default even
> eventually. That'd be a worthy goal. However, right now there's still a
> handful of programs that write around in /etc during runtime, such as
> NM, and stuff related to /etc/nologin, /forcefsck, /etc/mtab,
> /etc/securetty and similar files. (a couple of which will hopefully go
> away soonishly. i.e. /etc/nologin is being migrated to /var/run/nologin
> now, and /forcefsck has a kernel cmdline option "forcefsck" which is a
> lot more useful. util-linux-ng is working on getting rid of /etc/mtab
> and already works mostly when you link it to /proc/mounts. For the
> securetty hacks I sent a patch last week to PAM.)
> 
> Debian in fact has been making great progress to make their OS work with
> read-only root by default: http://wiki.debian.org/ReadonlyRoot
> 
> Also note that a number of commercial unixes symlink / and /usr these
> days, going one step further even.
> 
> Lennart


A ton of this work was already done in initscripts through the use of the /etc/sysconfig/readonly-root hooks. Isn't that already working well enough now for that purpose, future systemd changes aside?

-jc