On Fri, Oct 28, 2005 at 10:44:08AM -0400, Thor Lancelot Simon wrote:
> And what are we then supposed to do on another class of "modern systems",
> embedded systems which are required to have certain elements of their
> configurations static for security reasons (or in order to obtain certain
> security certifications)?  I commonly mount all read-write filesystems
> nodev, and mount all filesystems containing devices read-only, so that I
> can be *guaranteed* that no new device nodes will be available to user
> processes no matter what else changes.

	So then mount the devfs read-only!  What's wrong with that?  Depending
on how it gets configured, whether at mount time or through a separate
step after it is mounted, you might have to mount it rw, then update it to
ro, but the "configuration" ** for the devfs stays static.  Bump the security
level so you can't change the mounted filesystems and you're all set.

eric

** "configuration" being whatever method is used to store the devfs settings
on disk.  e.g. currently that is a directory format file (aka /dev),
but a text file can contain the same logical information.