[CentOS] Useful NFS hint

Mon May 17 20:40:08 UTC 2010
Paul Heinlein <heinlein at madboa.com>

On Mon, 17 May 2010, Stephen Harris wrote:

> On Mon, May 17, 2010 at 04:04:45PM -0400, Phil Schaffner wrote:
>> Stephen Harris wrote on 05/17/2010 12:15 PM:
>>> Don't do NFS localhost mounts from fstab
>> Why would you want to do localhost: NFS mounts anyway?
> 'cos the current kernel doesn't allow read-only bind mounts and I 
> need to present information in a locked down read-only area.

+1. On one server, we provide a read-write CVS tree accessible to 
developers -- but we nfs-mount a read-only view of the same filesystem 
into the cvsd chroot environment for anonymous users. If cvsd is found 
to have a vulnerability, the chroot and nfs layers are likely to limit 
the damage.

Paul Heinlein <> heinlein at madboa.com <> http://www.madboa.com/