[CentOS] read only root file system

Mon May 26 23:01:38 UTC 2008
Karanbir Singh <mail-lists at karan.org>

Filipe Brandenburger wrote:
> Is there a way to force the OS to see a SCSI disk or partition as a
> "ro" blockdev like this? Nobody who doesn't have physical access
> cannot write to the root filesystem. And yet you might be able to
> reboot the machine (in "rw" mode, maybe another entry in grub menu?),
> do your updates, and reboot the machine again turning it read-only. It
> would be very useful indeed from the security point of view.

Quite a few HBA's which have out-of-band management interfaces will let
you do something like this, even let you take a single disk collection,
carve it up into volumes, and set read/write acl's per volume.

Karanbir Singh : http://www.karan.org/ : 2522219 at icq