Hi,
To be clear, a read-only root would not be the only possible config, it's a specific deployment methodology.
On Thu, 2004-04-01 at 05:54, Dave Jones wrote:
On Wed, 2004-03-31 at 23:38, Havoc Pennington wrote:
A possibly related discussion; we've been wondering if we can make the OS image read-only (mounting it that way, or via selinux).
If we do this, apt/yum/up2date/rpm will also need smarts to remount rw when upgrading. Having to do this by hand each time would annoy the hell out of me enough to just make it permanently rw again.
The whole point is to never run apt/yum/up2date/rpm on individual machines, only on a central image ;-)
Avoid per-system state that can be configured incorrectly, haX0rd, gotten out of sync.
Then have /tmp and probably /var in RAM (or wiped on boot)
Errr, if /var/log disappeared, I'd be very annoyed.
Log to a server for example.
Ditto /var/spool.
IMAP and remote smtp server, or something along those lines. Print servers.
You could have "writable /var" as a possible configuration, too.
This allows you to maintain the OS image in a central location and the homedirs and server/app data in central locations, and have a single network-wide master copy of all important state.
This sounds problematic for laptops. Things like AFS sound like a solution, but from what I've heard about it, I'm not sure I'm ready to trust my /home to it.
If we can't handle laptops this is still useful for server and thin-client-desktop type setups
The way to do laptops though is that the RW master image of homedir is on the laptop, and the laptop keeps a local RO cache of the OS image.
On connection to network, you sync the homedir from laptop to network, and sync the OS image from network to laptop.
Or something, this isn't a mature idea, just a discussion that's come up.
Havoc