| 1 |
On 2013-04-23 1:59 PM, Neil Bothwick <neil@××××××××××.uk> wrote: |
| 2 |
> On Tue, 23 Apr 2013 18:34:38 +0200, Florian Philipp wrote: |
| 3 |
> |
| 4 |
>>> So - first, is 5G way too big for the two /tmp dirs? I have lots of |
| 5 |
>>> space, but hate waste |
| 6 |
|
| 7 |
>> If you worry about waste consider bind-mounting both from the same |
| 8 |
>> partition and install quotas to avoid one filling up the other. |
| 9 |
> |
| 10 |
> Or set PORTAGE_TMPDIR to use /tmp. Then /var/tmp will be so small you |
| 11 |
> can leave it as a sub-directory of /var. |
| 12 |
> |
| 13 |
> If this is a server, 5G is fine for this, but for a desktop it may need |
| 14 |
> to be bigger, to accommodate LibreOffice builds. |
| 15 |
|
| 16 |
One thing I'm trying to do is make the system as secure as possible at |
| 17 |
the filesystem level, and I've read that making /tmp and /var/tmp |
| 18 |
separate partitions so you can mount them /nodev/noexec/nosuid is one |
| 19 |
way to make things a bit more secure... |
| 20 |
|
| 21 |
On that note, I realized I can't make two /tmp's in lvm, so, I guess I |
| 22 |
can make a vtmp, and just bind that to /var/tmp in fstab like: |
| 23 |
|
| 24 |
/dev/vg/vtmp /var/tmp ext4 nodev,noexec,nosuid 0 0 |
| 25 |
|
| 26 |
Will that work? |
| 27 |
|
| 28 |
Last issue - |
| 29 |
|
| 30 |
I was planning on using XFS for my /var so I've been researching |
| 31 |
filesystems on VMs, and ran into this FAQ on the XFS site: |
| 32 |
|
| 33 |
> http://xfs.org/index.php/XFS_FAQ#Q:_Which_settings_are_best_with_virtualization_like_VMware.2C_XEN.2C_qemu.3F |
| 34 |
|
| 35 |
"Q: Which settings are best with virtualization like VMware, XEN, qemu? |
| 36 |
|
| 37 |
The biggest problem is that those products seem to also virtualize disk |
| 38 |
writes in a way that even barriers don't work any more, which means even |
| 39 |
a fsync is not reliable. Tests confirm that unplugging the power from |
| 40 |
such a system even with RAID controller with battery backed cache and |
| 41 |
hard disk cache turned off (which is safe on a normal host) you can |
| 42 |
destroy a database within the virtual machine (client, domU whatever you |
| 43 |
call it). |
| 44 |
|
| 45 |
In qemu you can specify cache=off on the line specifying the virtual |
| 46 |
disk. For others information is missing." |
| 47 |
|
| 48 |
Which says there IS NO BEST SETTING, and that XFS (and by implication, |
| 49 |
ANY FS) will always be very vulnerable to sudden power loss by the Host... |
| 50 |
|
| 51 |
Comments welcome... |
Archives