Filipe Brandenburger wrote: > Is there a way to force the OS to see a SCSI disk or partition as a > "ro" blockdev like this? Nobody who doesn't have physical access > cannot write to the root filesystem. And yet you might be able to > reboot the machine (in "rw" mode, maybe another entry in grub menu?), > do your updates, and reboot the machine again turning it read-only. It > would be very useful indeed from the security point of view. Quite a few HBA's which have out-of-band management interfaces will let you do something like this, even let you take a single disk collection, carve it up into volumes, and set read/write acl's per volume. -- Karanbir Singh : http://www.karan.org/ : 2522219 at icq