devicemapper and stateless? (was Re: who needs unionfs!, was Re: [Fedora-livecd-list] experimental unionfs and initramfs code)
Bill Nottingham
notting at redhat.com
Tue Apr 25 21:43:23 UTC 2006
Jane Dogalt (jdogalt at yahoo.com) said:
> > However, one of the downsides of this approach is it (essentially) makes
> > the whole root filesystem read-write, which loses some of the benefits
> > of readonly-root (and makes it a whole lot easier to DoS yourself.)
>
> This is basically just an alternate implementation of unionfs.
It's not 100% the same, though - with dm, you're operating at the
block device level, so you have to add the copy-on-write device for the whole
block device (i.e., the entire filesystem.)
Since unionfs is a filesystem, it can theoretically be spliced in
at any level of the tree you want, thereby keeping most of the
filesystem truly read-only.
Bill
More information about the livecd
mailing list