-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Jeff Bonner [EMAIL PROTECTED] writes:
The Securing Debian HOWTO makes mention of the possibility that you can
set a partition as read-only, to further protect the various things in
/usr/bin for example. Then when you apt-get upgrade, you can configure
apt to automagically turn off the read-only while needed, then turn it
back on (facilitating the install of new items).
However, I don't immediately see anything in 'man apt.conf' that tells
how to do it, assuming that's where you control this behavior from.
Does anyone have instructions on how to accomplish this?
I'm doing exactly this for a read-only mounted /usr partition with the
following in /etc/apt/apt.conf:
DPkg
{
Pre-Invoke { mount /usr -o remount,rw };
Post-Invoke { mount /usr -o remount,ro };
};
Note that the Post-Invoke may fail with a /usr busy error message.
This happens mainly when you are using files during the update that
got updated. Annoying but not really a big deal. Just make sure
these are no longer used and run the Post-Invoke manually.
Hope this helps,
- --
Olaf MeeuwissenEpson Kowa Corporation, CID
GnuPG key: 6BE37D90/AB6B 0D1F 99E7 1BF5 EB97 976A 16C7 F27D 6BE3 7D90
LPIC-2 -- I hack, therefore I am -- BOFH
-BEGIN PGP SIGNATURE-
Version: GnuPG v1.0.6 (GNU/Linux)
Comment: Processed by Mailcrypt 3.5.6 http://mailcrypt.sourceforge.net/
iD8DBQE8av6+FsfyfWvjfZARAs/ZAJ0ZZ/hym5EN6M4CGXQtuTff/SWSKgCdFHd+
VF3mZMhU96oA+jE1e9OjWSA=
=6tGy
-END PGP SIGNATURE-