Life in an insecure world

Martin Langhoff martin.langhoff at
Mon Feb 9 18:07:52 EST 2009

On Tue, Feb 10, 2009 at 11:31 AM, C. Scott Ananian <cscott at> wrote:
>> Do you mean having it on a separate partition? How do you decide space
>> dedicated to the partition?
> No, you can bind-mount subtrees read-only.

But then, it still has to reside somewhere in the / filesystem. And
that somewhere will get nuked...

Am I missing some cunning step? My stupid test seems to indicate that
a simple mount won't protect us...

$ sudo mkdir -p  /secret/path/to/versions
$ sudo touch /secret/path/to/versions/afile
$ sudo mkdir /versions
$ sudo mount -o ro,bind /secret/path/to/versions /versions
$ ls /versions
$ sudo rm -fr /secret
$ ls /versions
$ uname -a
Linux martin-onyx 2.6.27-11-generic #1 SMP Thu Jan 15 11:03:58 UTC 2009 i686 GNU

 martin.langhoff at
 martin at -- School Server Architect
 - ask interesting questions
 - don't get distracted with shiny stuff  - working code first

More information about the Devel mailing list