From mboxrd@z Thu Jan 1 00:00:00 1970
Return-Path: <gentoo-dev+bounces-75150-garchives=archives.gentoo.org@lists.gentoo.org>
Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80])
by finch.gentoo.org (Postfix) with ESMTP id 9929D59CAF
for <garchives@archives.gentoo.org>; Fri, 8 Apr 2016 10:36:56 +0000 (UTC)
Received: from pigeon.gentoo.org (localhost [127.0.0.1])
by pigeon.gentoo.org (Postfix) with SMTP id 3F06E21C041;
Fri, 8 Apr 2016 10:36:50 +0000 (UTC)
Received: from mail-ig0-f170.google.com (mail-ig0-f170.google.com [209.85.213.170])
(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
(No client certificate requested)
by pigeon.gentoo.org (Postfix) with ESMTPS id 3D18321C00A
for <gentoo-dev@lists.gentoo.org>; Fri, 8 Apr 2016 10:36:49 +0000 (UTC)
Received: by mail-ig0-f170.google.com with SMTP id gy3so33130153igb.1
for <gentoo-dev@lists.gentoo.org>; Fri, 08 Apr 2016 03:36:49 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=gmail.com; s=20120113;
h=mime-version:sender:in-reply-to:references:date:message-id:subject
:from:to;
bh=f3LwqAa5oxow9K/tHsaQMEPorSicI9RrkutLz68NkqI=;
b=R9dyxRprKUyYLoL9FJFmzsVKNsP2BsQB80hU1P4DK6KX8gZGQnmGm+AVn1CB+EATsS
zc/ID7/Ju9hZKVE45gOW2VJbJrq6ePJpKzgavSqS7ds8ri3ZMABbnxXMzls2uC6oWlfw
g15qgNKrbS/Nn9cN/Hj5OVKQb2a44x767i1VH/GHcl310yS+sWeObmr+od7C0m5okN+U
hggrDNXm0EVpwGgBu1MSBLvfGJKBAqngNqZlO14hfXQPxjJZRnSz00Ga8W9gTzTagcI9
Tb1L37rl9LPJ01B89OFPvlEr/w1fVcBRnvZmCs4qEIjjYlwxy8sS21KvLJE20RSjuWrx
v7dQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
d=1e100.net; s=20130820;
h=x-gm-message-state:mime-version:sender:in-reply-to:references:date
:message-id:subject:from:to;
bh=f3LwqAa5oxow9K/tHsaQMEPorSicI9RrkutLz68NkqI=;
b=Flaxy4FhA8FtEPQ/7UE9lHmHtDUNIacRBV3oQxM6HfnQgF2Z9TljDIIe2r+7D8sBrF
UGMerQhYhw96r4MdOCQ4m6ippvmyjBAwXtB5sSg5840zS3cYNZAx5OU9Glb0eaQo815S
Wj+ebKhZV9F1Z/Dr1jF3mN9xg2TeEky679PNsAJmQ9jtqlkiAQtqil1YUwekOJpZ+z9H
R3m+hWjrwRtI1fOmjjxBLz+IyBDzjDVUcqsvknQhKYSHd6LOKu4MzQajt8koUBHLEFb9
qBwGkzrZjILlOnkeWBOBGlHNiD+utcFmI+X64HId+yRmmWlv4b21cbBnsbtOfLamDbLi
+UPA==
X-Gm-Message-State: AD7BkJIzXV39E1DKEp2Pa0m/BZaihDct17EGaP8jU8RbKTLX0foWh45Sm8RmEUnOz/WZt3lgSPLksBdEV2u3+A==
Precedence: bulk
List-Post: <mailto:gentoo-dev@lists.gentoo.org>
List-Help: <mailto:gentoo-dev+help@lists.gentoo.org>
List-Unsubscribe: <mailto:gentoo-dev+unsubscribe@lists.gentoo.org>
List-Subscribe: <mailto:gentoo-dev+subscribe@lists.gentoo.org>
List-Id: Gentoo Linux mail <gentoo-dev.gentoo.org>
X-BeenThere: gentoo-dev@lists.gentoo.org
Reply-to: gentoo-dev@lists.gentoo.org
MIME-Version: 1.0
X-Received: by 10.50.132.102 with SMTP id ot6mr2450641igb.97.1460111808303;
Fri, 08 Apr 2016 03:36:48 -0700 (PDT)
Sender: freemanrich@gmail.com
Received: by 10.64.52.72 with HTTP; Fri, 8 Apr 2016 03:36:48 -0700 (PDT)
In-Reply-To: <57071AF6.7060206@iee.org>
References: <5707191B.7060909@gmail.com>
<57071AF6.7060206@iee.org>
Date: Fri, 8 Apr 2016 06:36:48 -0400
X-Google-Sender-Auth: zzEc1S9YuH9afuIDkVdMU1RY_iw
Message-ID: <CAGfcS_kMQ5y2hKnHayH2Qj+aRWV2Rtjh3XoNgkBsfnEq_jLtpA@mail.gmail.com>
Subject: Re: [gentoo-dev] usr merge
From: Rich Freeman <rich0@gentoo.org>
To: gentoo-dev <gentoo-dev@lists.gentoo.org>
Content-Type: text/plain; charset=UTF-8
X-Archives-Salt: b4aee7c5-9023-4006-9ed4-1e5d2589d94d
X-Archives-Hash: 3eeabae61ef9112145016e0ce0608fc6
On Thu, Apr 7, 2016 at 10:44 PM, M. J. Everitt <m.j.everitt@iee.org> wrote:
> 2) "Today, a separate /usr partition already must be mounted by the
> initramfs during early boot, thus making the justification for a
> split-off moot." - no, not all gentoo users have an initramfs and
> need/want one .. so this is a false assumption.
You only need an initramfs (or some other mechanism to mount /usr
during early boot) if /usr is on a different filesystem than /.
If /usr is a separate filesystem, then Gentoo does require that it be
mounted during early boot, at least as a supported configuration.
While it is true today that with some configurations you can probably
get away with not mounting it during early boot, there is no
requirement that package maintainers support this. That includes
system packages.
So, #2 applies to Gentoo as much as to any other distro. That was a
topic of some debate a few years ago now.
> 3) I still believe there is merit in distinguishing between binaries
> that can/should be run as root, and those that can/should not. Those
> that run as root 100% of the time, or use VMs, don't really 'use' linux
> in the original sense of the OS ..
Duncan already explained much of this, but if you're relying on a
user's PATH setting to prevent security issues you're doing it wrong.
There are a number of binaries in /sbin which are completely
appropriate for a non-privileged user to execute. Besides
non-privileged operations of binaries like btrfs or rpcinfo, there are
a bunch of misc binaries in there like usleep or zdump.
Really though the main point of merging these paths into /usr is to
get all the static content of a distro into a single path, which can
then be maintained as a read-only filesystem, mounted across multiple
systems, protected using tripwire or signature checking, and so on.
As has been pointed out the rolling release nature of Gentoo reduces
some of these benefits somewhat. To truly get these benefits we would
also need to rethink how post-install configuration gets managed as
was already pointed out.
However, the principle is still a potentially useful one even if we
never follow-up with some of the things Fedora/etc are doing. After a
merge the package manager has free rein over /usr, full config
management is the policy in /etc, and /var is a place for persistent
state that generally belongs to the applications themselves (but
management of this is a bit of a mix still with stuff like /var/www
and /var/bind alongside mail spools and mysql database files).
--
Rich