Subject: Re: FreeBSD 5/6/7 kernel emulator for NetBSD 2.x
To: None <firstname.lastname@example.org>
From: Jason Thorpe <email@example.com>
Date: 10/28/2005 12:25:06
On Oct 28, 2005, at 7:44 AM, Thor Lancelot Simon wrote:
> And what are we then supposed to do on another class of "modern
> embedded systems which are required to have certain elements of their
> configurations static for security reasons (or in order to obtain
> security certifications)? I commonly mount all read-write filesystems
> nodev, and mount all filesystems containing devices read-only, so
> that I
> can be *guaranteed* that no new device nodes will be available to user
> processes no matter what else changes.
And you will still be able to do that. Who says the devfs can't be
mounted read-only? Who says "nodev" won't continue to work on
regular file systems? No one has made any such claim.