From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from lists.gentoo.org (pigeon.gentoo.org [208.92.234.80]) by finch.gentoo.org (Postfix) with ESMTP id 05E8E1381F3 for ; Wed, 24 Apr 2013 15:13:05 +0000 (UTC) Received: from pigeon.gentoo.org (localhost [127.0.0.1]) by pigeon.gentoo.org (Postfix) with SMTP id 91CD3E0ADA; Wed, 24 Apr 2013 15:12:58 +0000 (UTC) Received: from homiemail-a83.g.dreamhost.com (caibbdcaaaaf.dreamhost.com [208.113.200.5]) by pigeon.gentoo.org (Postfix) with ESMTP id 4CDF9E08FB for ; Wed, 24 Apr 2013 15:12:57 +0000 (UTC) Received: from homiemail-a83.g.dreamhost.com (localhost [127.0.0.1]) by homiemail-a83.g.dreamhost.com (Postfix) with ESMTP id BC0875E07F for ; Wed, 24 Apr 2013 08:12:55 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=libertytrek.org; h= message-id:date:from:mime-version:to:subject:references :in-reply-to:content-type:content-transfer-encoding; s= libertytrek.org; bh=iPTdm2kLx1UCX3N5Pr2x0P9+y1M=; b=c90yQoMRFXgk gYDJ36MA2zOhCuWWrNGohkwMeDtf6rKKsNfFkdMLFX7nvD39usc4ceQlVf58c1HS mknc1b688huyRCWYhiyxETcw2zwoXlNoURmehlfSSkk+QIklisyZzPj3tf6bo7EF efZ6MRpbLBCRKWaHCFKOg5kAanUgaGE= Received: from [127.0.0.1] (unknown [159.63.145.2]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) (Authenticated sender: tanstaafl@libertytrek.org) by homiemail-a83.g.dreamhost.com (Postfix) with ESMTPSA id 433FC5E06A for ; Wed, 24 Apr 2013 08:12:55 -0700 (PDT) Message-ID: <5177F662.8070606@libertytrek.org> Date: Wed, 24 Apr 2013 11:12:34 -0400 From: Tanstaafl User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:17.0) Gecko/20130328 Thunderbird/17.0.5 Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-user@lists.gentoo.org Reply-to: gentoo-user@lists.gentoo.org MIME-Version: 1.0 To: gentoo-user@lists.gentoo.org Subject: Re: [gentoo-user] Partitions - last questions... References: <51769E54.2050609@libertytrek.org> <5176B81E.8000805@binarywings.net> <20130423185932.1779e970@digimed.co.uk> <5177B88D.8010908@libertytrek.org> <5177D498.5080609@binarywings.net> In-Reply-To: <5177D498.5080609@binarywings.net> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit X-Archives-Salt: d26eab71-aba4-4d7b-9607-1574b84ab893 X-Archives-Hash: 0fb8ed404798a88238fa4b894a8fc4d9 On 2013-04-24 8:48 AM, Florian Philipp wrote: >> One thing I'm trying to do is make the system as secure as >> possible at the filesystem level, and I've read that making /tmp >> and /var/tmp separate partitions so you can mount them >> /nodev/noexec/nosuid is one way to make things a bit more >> secure... > noexec won't work for portage so put PORTAGE_TMPDIR somewhere else. Ok, but - does it make sense to add the noexec option to /var/tmp? Is it possible that there are other apps that need exec capability in there? >> On that note, I realized I can't make two /tmp's in lvm, so, I guess I >> can make a vtmp, and just bind that to /var/tmp in fstab like: >> >> /dev/vg/vtmp /var/tmp ext4 nodev,noexec,nosuid 0 0 >> >> Will that work? > Sure why not but you should set the pass column to 2 instead of 0. What is the 'pass' column? Th 5th column is the 'dump' column, and the 6th is the 'fsck' column, afaik? Thanks for the comments!