On Oct 28, 2005, at 7:44 AM, Thor Lancelot Simon wrote:

> And what are we then supposed to do on another class of "modern  
> systems",
> embedded systems which are required to have certain elements of their
> configurations static for security reasons (or in order to obtain  
> certain
> security certifications)?  I commonly mount all read-write filesystems
> nodev, and mount all filesystems containing devices read-only, so  
> that I
> can be *guaranteed* that no new device nodes will be available to user
> processes no matter what else changes.

And you will still be able to do that.  Who says the devfs can't be  
mounted read-only?  Who says "nodev" won't continue to work on  
regular file systems?  No one has made any such claim.

-- thorpej