17 May
2010
17 May
'10
12:40 p.m.
On Mon, 17 May 2010, Stephen Harris wrote:
On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote:
Stephen Harris wrote on 05/17/2010 12:15 PM:
Don't do NFS localhost mounts from fstab
Why would you want to do localhost: NFS mounts anyway?
'cos the current kernel doesn't allow read-only bind mounts and I need to present information in a locked down read-only area.
+1. On one server, we provide a read-write CVS tree accessible to developers -- but we nfs-mount a read-only view of the same filesystem into the cvsd chroot environment for anonymous users. If cvsd is found to have a vulnerability, the chroot and nfs layers are likely to limit the damage.
--
Paul Heinlein <> heinlein@madboa.com <> http://www.madboa.com/