Re: [gentoo-user] Partitions - last questions...

public inbox for gentoo-user@lists.gentoo.org
 help / color / mirror / Atom feed

From: Tanstaafl <tanstaafl@libertytrek.org>
To: gentoo-user@lists.gentoo.org
Subject: Re: [gentoo-user] Partitions - last questions...
Date: Wed, 24 Apr 2013 11:12:34 -0400	[thread overview]
Message-ID: <5177F662.8070606@libertytrek.org> (raw)
In-Reply-To: <5177D498.5080609@binarywings.net>

On 2013-04-24 8:48 AM, Florian Philipp <lists@binarywings.net> wrote:
>> One thing I'm trying to do is make the system as secure as
>> possible at the filesystem level, and I've read that making /tmp
>> and /var/tmp separate partitions so you can mount them
>> /nodev/noexec/nosuid is one way to make things a bit more
>> secure...

 > noexec won't work for portage so put PORTAGE_TMPDIR somewhere else.

Ok, but - does it make sense to add the noexec option to /var/tmp? Is it 
possible that there are other apps that need exec capability in there?

>> On that note, I realized I can't make two /tmp's in lvm, so, I guess I
>> can make a vtmp, and just bind that to /var/tmp in fstab like:
>>
>> /dev/vg/vtmp    /var/tmp     ext4     nodev,noexec,nosuid     0 0
>>
>> Will that work?

> Sure why not but you should set the pass column to 2 instead of 0.

What is the 'pass' column? Th 5th column is the 'dump' column, and the 
6th is the 'fsck' column, afaik?

Thanks for the comments!

next prev parent reply	other threads:[~2013-04-24 15:13 UTC|newest]

Thread overview: 11+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2013-04-23 14:44 [gentoo-user] Partitions - last questions Tanstaafl
2013-04-23 16:34 ` Florian Philipp
2013-04-23 17:59   ` Neil Bothwick
2013-04-24 10:48     ` Tanstaafl
2013-04-24 12:48       ` Florian Philipp
2013-04-24 15:12         ` Tanstaafl [this message]
2013-04-24 15:31           ` Florian Philipp
2013-04-24 16:12             ` Tanstaafl
2013-04-28  8:44               ` Florian Philipp
2013-04-24 15:39   ` Tanstaafl
2013-04-24 16:23     ` Michael Mol

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5177F662.8070606@libertytrek.org \
    --to=tanstaafl@libertytrek.org \
    --cc=gentoo-user@lists.gentoo.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox