Re: more on fsck with securelevel
From: Brooks Davis (brooks_at_one-eyed-alien.net)
Date: 06/05/04
- Previous message: J.D. Bronson: "more on fsck with securelevel"
- In reply to: J.D. Bronson: "more on fsck with securelevel"
- Next in thread: Bill Moran: "Re: more on fsck with securelevel"
- Reply: Bill Moran: "Re: more on fsck with securelevel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Date: Fri, 4 Jun 2004 15:22:32 -0700 To: "J.D. Bronson" <jbronson@wixb.com>
On Fri, Jun 04, 2004 at 05:05:34PM -0500, J.D. Bronson wrote:
> I did set this in /etc/rc.conf:
> fsck_y_enable="YES"
>
> But I was wondering if this might be a good idea too:
> (looking at the defaults)
>
> fsck_y_enable="NO" # Set to YES to do fsck -y if the initial preen
> fails.
> background_fsck="YES" # Attempt to run fsck in the background where
> possible.
> background_fsck_delay="60" # Time to wait (seconds) before starting the
> fsck.
>
> ..might it not be prudent to set 'background_fsck="NO"' when running in
> secure mode?
>
> Eventhough I shut down carefully, sometimes it still feels the need to run
> fsck (even with soft updates)...but when running securelevel, is it
> actually going to accomplish anything?
I think just setting background_fsck_delay=0 may allow bgfsck to work.
Once fsck has opened the FS, I think it should keep it open and writes
should work. I'm not 100% sure of that though.
-- Brooks
-- Any statement of the form "X is the one, true Y" is FALSE. PGP fingerprint 655D 519C 26A7 82E7 2529 9BF0 5D8E 8BE9 F238 1AD4
- application/pgp-signature attachment: stored
- Previous message: J.D. Bronson: "more on fsck with securelevel"
- In reply to: J.D. Bronson: "more on fsck with securelevel"
- Next in thread: Bill Moran: "Re: more on fsck with securelevel"
- Reply: Bill Moran: "Re: more on fsck with securelevel"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
Relevant Pages
|
|
