1 |
When grub or new kernel was installed in boot partition, their permission |
2 |
can be determined by umask. |
3 |
|
4 |
Why set boot partition as noauto or ro in fstab ? What's the advantage ? |
5 |
On May 5, 2016 1:46 AM, "James" <wireless@×××××××××××.com> wrote: |
6 |
|
7 |
> Neil Bothwick <neil <at> digimed.co.uk> writes: |
8 |
> |
9 |
> |
10 |
> > > Therefore, I check the configuration of grub2 and fstab. Then I found |
11 |
> > > that I forgot to modify mount options in fstab. |
12 |
> > > The option of my boot partition was set as noauto. So that I don't use |
13 |
> > > the kernel compiled by myself at all. |
14 |
> |
15 |
> > We've all done that. Now I mount /boot as ro in fstab. That way, if I |
16 |
> > forget to remount it before installing a kernel I get an error message |
17 |
> > instead of the kernel just disappearing. |
18 |
> |
19 |
> |
20 |
> |
21 |
> Perhaps a documentation bug should be filed against the handbook or other |
22 |
> gentoo doc explaining some of the security and other approaches |
23 |
> and *why* various approaches are used with mounting strategies for /boot/ |
24 |
> is |
25 |
> warranted? |
26 |
> |
27 |
> That way, if folks miss it, we can just refer them to the docs and |
28 |
> elaborate |
29 |
> a bit. Me, I like to keep lots of kernels around for a variety |
30 |
> of reasons. Maybe in the GSoC effort (Kernelconfig) is a better place to |
31 |
> implement some explanation on the choices of what to do with /boot/ ? [1] |
32 |
> |
33 |
> |
34 |
> Anyway, I'm glad to hear that all is fine now. |
35 |
> |
36 |
> James |
37 |
> |
38 |
> |
39 |
> [1] |
40 |
> https://wiki.gentoo.org/wiki/Google_Summer_of_Code/2016/Ideas/kernelconfig |
41 |
> |
42 |
> |
43 |
> |
44 |
> |