FAQ Search Today's Posts Mark Forums Read
» Video Reviews

» Linux Archive

Linux-archive is a website aiming to archive linux email lists and to make them easily accessible for linux users/developers.


» Sponsor

» Partners

» Sponsor


 
 
LinkBack Thread Tools
 
Old 07-09-2012, 03:20 PM
Leonid Isaev
 
Default Stateless Arch

On Mon, 9 Jul 2012 10:51:11 +0200
Tom Gundersen <teg@jklm.no> wrote:

>[...]
>
> What should work (but might not!): /etc and /usr (and /lib, /sbin,
> /bin) should be able to be mounted read-only. I expect you'll have to
> figure out how to deal with /etc/resolv.conf, I wonder if
> NetworkManager has learnt how to deal with this gracefully since I
> last checked...

This has been working for quite some time on all my machines.

The only real problem is cups which wants to write to /etc/cups and upstream
refuses to fix this. Debian has some patches which offer only a partial
solution. I solved it by recompilation with --sysconfig=/var/lib/cups.

Assuming DHCP, the resolv.conf file can be protected in two ways: (i) For
dhcpcd, use "nohook resolv.conf" in dhcpcd.conf and use a predefined DNS
server (like 192.168.1.1 or any public dns provider); also works with netcfg.
(ii) For other DHCP clients (dhclient perhaps) one can
replace /etc/resolv.conf with a symlink to /run/resolv.conf. This was a
discussion on gnome dev ML sometime ago, and I don't know whether this fix was
accepted "officially" anywhere or remained a folk story.

AFAIK, but this can be wrong, the real problem with NM is not having read-only
resolv.conf, but protecting /etc/hosts... However, having NM on a serevr
sounds like a bad idea to start with.

>
> What will not work: as Rodrigo said, you'll still need /var to be
> mounted read-write, the point of /var is for applications to be able
> to write to it. Moreover, /var must be unique to each installation,
> and cannot be shared (you can put it on an NFS share though, just make
> sure you have one for each machine). Moreover, even if /etc/ is
> mounted read-only, you probably want one per machine. You might get
> away with sharing it, but then all your hostnames will be the same for
> instance. Importantly: you don't want /etc/machine-id to be shared by
> different machines (as it needs to be unique). If you do decide to
> share /etc, you can replace /etc/machine-id by an empty file and
> systemd will create a random one at every boot (in /run) and use that
> instead, so you should be fine in this respect.
>
> HTH,
>
> Tom



--
Leonid Isaev
GnuPG key: 0x164B5A6D
Fingerprint: C0DF 20D0 C075 C3F1 E1BE 775A A7AE F6CB 164B 5A6D
 
Old 07-09-2012, 03:35 PM
Mantas MikulÄ—nas
 
Default Stateless Arch

On Mon, Jul 9, 2012 at 6:20 PM, Leonid Isaev <lisaev@umail.iu.edu> wrote:
> AFAIK, but this can be wrong, the real problem with NM is not having read-only
> resolv.conf, but protecting /etc/hosts...

I don't see a problem with read-only /etc/hosts. It shouldn't contain
anything other than "::1 localhost" anyway. Use nss-myhostname.

--
Mantas MikulÄ—nas
 

Thread Tools




All times are GMT. The time now is 07:46 PM.

VBulletin, Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO ©2007, Crawlability, Inc.
Copyright ©2007 - 2008, www.linux-archive.org