27 May
2008
27 May
'08
1:01 a.m.
Filipe Brandenburger wrote:
Is there a way to force the OS to see a SCSI disk or partition as a "ro" blockdev like this? Nobody who doesn't have physical access cannot write to the root filesystem. And yet you might be able to reboot the machine (in "rw" mode, maybe another entry in grub menu?), do your updates, and reboot the machine again turning it read-only. It would be very useful indeed from the security point of view.
Quite a few HBA's which have out-of-band management interfaces will let you do something like this, even let you take a single disk collection, carve it up into volumes, and set read/write acl's per volume.
--
Karanbir Singh : http://www.karan.org/ : 2522219@icq