Dear DDs, I've written a native debian package named fsprotect[1] that makes existing filesystems immutable by combining them with tmpfs using aufs. For fsprotect to properly work it absolutely needs a directory to pre-exist in the root filesystem. I've used /fsprotect but Matt suggested that it should be placed under /lib. Looking again in FHS I see that using /lib would be a kind of abuse (am I missing something?).
fsprotect will mount initially three filesystems for each protected filesystem under that directory (/fsprotect) and will latter umount (move) one of them, leaving two filesystems (per filesystem) in there while the system is running. It also needs this directory while running its script in initramfs and while running the init script (where other filesystems are umounted). So, the 1.000.000 $/€/£/whatever question is: Is it OK to use /fsprotect or should I use another directory? My suggestion is to use /fsprotect, in a way SELinux uses /selinux (as someone mentioned in IRC). It will only be there for computers that are "locked" using fsprotect. Alternatives are: /lib/init/fsprotect and /lib/fsprotect (any other suggestion?) Example mounted filesystems per case: /: /fsprotect/fs/var/orig /fsprotect/fs/var/tmp /lib: /lib/fsprotect/fs/var/orig /lib/fsprotect/fs/var/tmp /lib/init: /lib/init/fsprotect/fs/var/orig /lib/init/fsprotect/fs/var/tmp p.s. Please CC me. I'm not subscribed to debian-devel. I've also set the M-Fup-To. [1]http://mentors.debian.net/cgi-bin/sponsor-pkglist?action=details;package=fsprotect -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
