Ticket #314 (closed enhancement: fixed)
bind mount more stuff
Reported by: | geofft | Owned by: | |
---|---|---|---|
Priority: | normal | Milestone: | Karmic Deploy (Canceled) |
Component: | login chroot | Keywords: | |
Cc: | Fixed in version: | ||
Upstream bug: |
Description
It seems desirable to bind-mount /var/log rather than to discard the snapshot.
Right this moment I also want /boot bind-mounted.
Change History
comment:2 in reply to: ↑ 1 Changed 15 years ago by geofft
Replying to geofft:
Zephyr discussion reminds me that I just want read access to /boot, and write access is a problem for the same reason it's a problem for /. I'd be okay with a snapshot, but LVM won't let us do that.
I'm a little confused why I wrote that... I guess within the confines of LVM itself, /boot being a non-LVM partition would cause problems, but you can definitely use the underlying device-mapper to create a snapshot of /boot.
/var/log is a little more reasonable to mount writable ... Perhaps we also want something to copy in new logs from /var/log, but not let you rm -r /var/log to cover your traces (for instance, the wtmp record of your login is noted outside the chroot).
Another option is to chattr +a /var/log and bind-mount it through, but that's pretty trivial to defeat. Maybe we simply want to bind-mount it and make sure we have sufficient remote syslogging of all the things we care about.
comment:5 Changed 15 years ago by geofft
Note that there's also a need to bind mount less stuff, namely, /home shouldn't be persistent. It possibly shouldn't exist or should be read-only or something.
(I guess this would involve moving /home/kiosk@mit somewhere else, but that's probably reasonable anyway.)
Zephyr discussion reminds me that I just want read access to /boot, and write access is a problem for the same reason it's a problem for /. I'd be okay with a snapshot, but LVM won't let us do that.
/var/log is a little more reasonable to mount writable ... Perhaps we also want something to copy in new logs from /var/log, but not let you rm -r /var/log to cover your traces (for instance, the wtmp record of your login is noted outside the chroot).