On 2013-04-24 8:48 AM, Florian Philipp <li...@binarywings.net> wrote:
One thing I'm trying to do is make the system as secure as
possible at the filesystem level, and I've read that making /tmp
and /var/tmp separate partitions so you can mount them
/nodev/noexec/nosuid is one way to make things a bit more
secure...
> noexec won't work for portage so put PORTAGE_TMPDIR somewhere else.
Ok, but - does it make sense to add the noexec option to /var/tmp? Is it
possible that there are other apps that need exec capability in there?
On that note, I realized I can't make two /tmp's in lvm, so, I guess I
can make a vtmp, and just bind that to /var/tmp in fstab like:
/dev/vg/vtmp /var/tmp ext4 nodev,noexec,nosuid 0 0
Will that work?
Sure why not but you should set the pass column to 2 instead of 0.
What is the 'pass' column? Th 5th column is the 'dump' column, and the
6th is the 'fsck' column, afaik?
Thanks for the comments!
