Future: fhs 2.3 compliance for fc3

[Havoc Pennington]

Hi,

To be clear, a read-only root would not be the only possible config,
it's a specific deployment methodology.

On Thu, 2004-04-01 at 05:54, Dave Jones wrote:
> On Wed, 2004-03-31 at 23:38, Havoc Pennington wrote:
> 
> > A possibly related discussion; we've been wondering if we can make the
> > OS image read-only (mounting it that way, or via selinux).
> 
> If we do this, apt/yum/up2date/rpm will also need smarts to remount rw 
> when upgrading. Having to do this by hand each time would annoy the hell
> out of me enough to just make it permanently rw again.

The whole point is to never run apt/yum/up2date/rpm on individual
machines, only on a central image ;-)

Avoid per-system state that can be configured incorrectly, haX0rd,
gotten out of sync.

> > Then have /tmp and probably /var in RAM (or wiped on boot)
> 
> Errr, if /var/log disappeared, I'd be very annoyed.

Log to a server for example.

> Ditto /var/spool.

IMAP and remote smtp server, or something along those lines. Print
servers.

You could have "writable /var" as a possible configuration, too.

> > This allows you to maintain the OS image in a central location and the
> > homedirs and server/app data in central locations, and have a single
> > network-wide master copy of all important state.
> 
> This sounds problematic for laptops. Things like AFS sound like a solution,
> but from what I've heard about it, I'm not sure I'm ready to trust my
> /home to it.

If we can't handle laptops this is still useful for server and
thin-client-desktop type setups

The way to do laptops though is that the RW master image of homedir is
on the laptop, and the laptop keeps a local RO cache of the OS image.

On connection to network, you sync the homedir from laptop to network,
and sync the OS image from network to laptop.

Or something, this isn't a mature idea, just a discussion that's come
up.

Havoc