UsrMove feature (was Re: FESCo meeting minutes for 2011-10-24)
Richard W.M. Jones
rjones at redhat.com
Tue Oct 25 10:41:01 UTC 2011
On Tue, Oct 25, 2011 at 09:56:19AM +0200, Harald Hoyer wrote:
> On 10/25/2011 09:33 AM, Michal Hlavinka wrote:
> > On 10/25/2011 09:30 AM, Harald Hoyer wrote:
> >> On 10/25/2011 09:15 AM, Harald Hoyer wrote:
> >>> It's not only an aesthetic issue. This enables possibilities, which were
> >>> not doable before.
> > ...
> >> - mount rootfs encrypted
> >> - mount /usr not encrypted (no secrets here)
> >
> > this is already possible, I use this setup for a long time.
>
> right, but still a lot of files in /lib* /sbin and /bin, which do not
> need encryption here.
>
> Having all in /usr make the thing so much cleaner...
>
> Just to give you some food for thought: Next steps could include to only
> allow "/usr" prefixed files in Fedora rpms. "/var" and "/etc" could be
> setup with tempfiles and config templates. So our OS (set up by rpms)
> only lives in /usr.
I really think this is something that should be discussed across all
(or at least more than 1) distro. This change will have all sorts of
repercussions with thousands of upstreams.
Luckily there are forums and standards bodies for cross-distro
discussions of this sort. Some of these are imperfect, a few like FSB
are mostly dead, but that's a good reason to fix those organizations,
not to go it alone.
Rich.
--
Richard Jones, Virtualization Group, Red Hat http://people.redhat.com/~rjones
New in Fedora 11: Fedora Windows cross-compiler. Compile Windows
programs, test, and build Windows installers. Over 70 libraries supprt'd
http://fedoraproject.org/wiki/MinGW http://www.annexia.org/fedora_mingw
More information about the devel
mailing list