Date: Tue, 10 Apr 2001 10:46:45 -0400 (EDT) From: Robert Watson <rwatson@freebsd.org> To: Alex Zepeda <jazepeda@pacbell.net> Cc: Attila Nagy <bra@fsn.hu>, hackers@freebsd.org Subject: Re: Mounting partitions with RO flag Message-ID: <Pine.NEB.3.96L.1010410104453.70711C-100000@fledge.watson.org> In-Reply-To: <20010408151108.A1159@zippy.mybox.zip>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sun, 8 Apr 2001, Alex Zepeda wrote: > On Sun, Apr 08, 2001 at 09:13:15PM +0200, Attila Nagy wrote: > > > So I am wondering, why the unices block mounting an already mounted > > partition read only again. > > Have you considered using ACLs perhaps? Sure it's not in -STABLE, but > it's a thought.. ACLs are a form of discretionary access control, and as such can't impose mandatory read-only behavior for processes in a jail. For that, you want mandatory access control, a feature still under development as part of TrustedBSD. However, mandatory file labeling substantially complicates file system management, and jail provides a simple substitute by using chroot, a choice that seems wise to me :-). Robert N M Watson FreeBSD Core Team, TrustedBSD Project robert@fledge.watson.org NAI Labs, Safeport Network Services To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-hackers" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.NEB.3.96L.1010410104453.70711C-100000>