I agree access control might do it, but it would be cumbersome.  Are you sure
you're getting the ro option set?  I know people who specifically keep root,
/usr, etc mounted ro, I don't think root should be able to write to them.

--- Mike Schwartz <mike.l.schwartz@gmail.com> wrote:

> On 9/8/06, Eric Shubes <plug@shubes.net> wrote:
> >
> > I've created a sandbox for building rpms. It was suggested to me that for
> > some directories, such as /bin, /lib, /sbin, I could mount them with
> > ro,bind
> > options instead of coping or hard linking them. What I've discovered,
> > though, is that the ro mount option does not prohibit root from modifying
> > a
> > mounted directory. Is there any way to mount a directory such that root
> > cannot write to it?
> > --
> > -Eric 'shubes'
> > ---------------------------------------------------
> > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> > To subscribe, unsubscribe, or to change  you mail settings:
> > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
> >
> 
> I could be way off base here,
> but have you looked in to access control lists?
> I think I read somewhere that FC4 or so,
> has an implementation of them
> that is comparable to the "ACL" functionality
> in some other OS's.
> -- 
> Mike Schwartz
> Glendale  AZ
> schwartz@acm.org
> Mike.L.Schwartz@gmail.com
> > ---------------------------------------------------
> PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
> To subscribe, unsubscribe, or to change  you mail settings:
> http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss


__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
---------------------------------------------------
PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
To subscribe, unsubscribe, or to change  you mail settings:
http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss