On Tue, Jul 16, 2013 at 06:38:18PM +0100, Dmitrijs Ledkovs wrote: > Imho the overhead between having just "/etc" vs "/" encrypted is > small, if "/var", "/usr", "/home", "/opt" are separate mountpoints. > Thus to me, treating "/etc" separately is a misfeature, considering a > mounted "/" assumes /etc must be present. > At least, it would go against my expectation.
Having /etc on a separate filesystem can have a different advantage. If just /var and /home are on separate filesystems and RAMTMP is set to yes, then / can possibly be mounted read-only. Having a read-only /etc is still a difficult thing to do, because a number of packages assume it to be writeable. Examples include cups, denyhosts, fake-hwclock, lvm2, openvpn, passwd, samba, and util-linux. This list is not exhaustive. I think that read-only / is an interesting feature to investigate. Fixing all the packages above has been proven to be a hard thing to do. Having a writeable /etc is different way to achieve the same thing, so I think investigating that option should not be prematurely dismissed. It is not like that the availability of this feature will suddenly make everyone use it. Chances are you wouldn't notice when it is introduced. So why complain? Helmut -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20130716191538.ga14...@alf.mars
