1 |
On 2013-04-24 8:48 AM, Florian Philipp <lists@×××××××××××.net> wrote: |
2 |
>> One thing I'm trying to do is make the system as secure as |
3 |
>> possible at the filesystem level, and I've read that making /tmp |
4 |
>> and /var/tmp separate partitions so you can mount them |
5 |
>> /nodev/noexec/nosuid is one way to make things a bit more |
6 |
>> secure... |
7 |
|
8 |
> noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. |
9 |
|
10 |
Ok, but - does it make sense to add the noexec option to /var/tmp? Is it |
11 |
possible that there are other apps that need exec capability in there? |
12 |
|
13 |
>> On that note, I realized I can't make two /tmp's in lvm, so, I guess I |
14 |
>> can make a vtmp, and just bind that to /var/tmp in fstab like: |
15 |
>> |
16 |
>> /dev/vg/vtmp /var/tmp ext4 nodev,noexec,nosuid 0 0 |
17 |
>> |
18 |
>> Will that work? |
19 |
|
20 |
> Sure why not but you should set the pass column to 2 instead of 0. |
21 |
|
22 |
What is the 'pass' column? Th 5th column is the 'dump' column, and the |
23 |
6th is the 'fsck' column, afaik? |
24 |
|
25 |
Thanks for the comments! |