Date: Sun, 1 Jun 2003 08:09:57 +1000 From: Peter Jeremy <peterjeremy@optushome.com.au> To: "David O'Brien" <dev-null@nuxi.com>, Gordon Tetlow <gordont@gnf.org>, arch@FreeBSD.org Subject: Re: Moving some items out of src/sbin to src/usr.sbin Message-ID: <20030531220957.GA54163@cirb503493.alcatel.com.au> In-Reply-To: <20030531202221.GA22056@dragon.nuxi.com> References: <20030531193849.GR87863@roark.gnf.org> <20030531202221.GA22056@dragon.nuxi.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Sat, May 31, 2003 at 01:22:21PM -0700, David O'Brien wrote: >On Sat, May 31, 2003 at 12:38:49PM -0700, Gordon Tetlow wrote: >> To cut down on the size of a dynamically-linked root, I'd like to >> repo-copy the following utilities from src/sbin to src/usr.sbin: >> >> mount_portalfs >> mount_nwfs >> mount_smbfs >> natd >> ipnat >> >> Does anyone have any objections? > >yes to natd. David, would you like to go into a bit more detail please. The traditional justification for an object to be in the root partition is that it is required to either allow the system to boot to the point where /usr is mounted, or to restore the remaining filesystems (including /usr) from a backup. IMHO, it's reasonable to assume/require that /usr be a 'native' filesystem - so MS-DOS, NTFS, Netware and SMB are not needed - though a case could be made for requiring Netware and/or SMB to allow for a situation where backups are made to a Netware or SMB server. I can't foresee any requirement for portals before /usr is mounted. NAT is normally used at boundaries between different privilege zones (though this isn't its only use) and it would seem unusual to mount /usr from a different privilege zone to the local system. Normally, natd is started before ipfw rules are loaded, but I don't believe there is a requirement for a process to be bound to a divert socket before diversion rules are added. If Gordon is looking for programs to move from /sbin to /usr/sbin, mount_msdos, mount_ntfs, mountd, nfsd and maybe ipfstat all seem candidates. The first two are covered above. IMHO, there's no point a machine becomming a NFS server before it has /usr mounted - which covers the next two. Finally, ipfstat is not needed to configure IPFilter - just monitor it. Peter
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030531220957.GA54163>