In article <20090117002104.ga...@wolfden.dnsalias.net> you wrote: > /tmp as tmpfs, but then we have /var/tmp (which can't > be tmpfs, because it's purpose is to retain the files even across reboots).
It is just supposed to hold larger data. No persistence in /var/tmp over reboots required. > I haven't tried it yet, but could a bind-mount be done (e. g. /var/real-tmp > -> /var/tmp) with additional options nosuid,nodev,... (while /var or / is > mounted suid,dev,...)? I am mounting /var as noexec, this works most of the time (dpkg has some problems on install. But since I also run with ro-root, i have a "pre-install" script which changes both mount options before I use apt). Gruss Bernd -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org