[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [suse-security] Filesystem choice in secure server installation



I am a long time reiser user. And, I never had any problems with it until I replaced a Suse 7.0 server I have been using with reiserfs without any problems for years with a 9.0 Suse with reiserfs. It's a fresh install on a different but very similar machine.

Everything works fine except one legacy Unixware application I have been using with the help of iBCS compatibility modules. The application periodically polls a directory, grabs any new files there, processes them and then deletes them. When the filesystem that contains the directory is reiserfs, it never sees some files. Moving, touching doesn't help, they are just invisible to the program. And, it only happens randomly and with a very small percentage of files created in the directory.

Placing the directory in a loopback ext2 filesystem solves the problem, and the program never misses any files.

The stranger thing is that the same program never had any problems with the reiserfs on 7.0.

Selcuk

suse@xxxxxx wrote:
Quoting Togan Muftuoglu <toganm@xxxxxxxxxxxxxxxxxxxxx>:

I was reading the SLES8_EAL2_SecurityGuide.pdf
http://www.suse.de/de/security/eal2/SLES8_EAL2_SecurityGuide.pdf

On page 8 it stated to have the "/" partion as ext3. If I remember
correctly SuSE had ReiserFS since 6.4 and and it has been the default
choice of filesystem for quite a time.

So want I want to understand is what makes "ext3" as a better choice for
the meeting of criteria and what are the reasons reiserfs fails.

I do not want to start a flame war but I want to understand the facts in
making such a decision.



I have no direct knowledge, but I'm guessing it has something to do with cutting
down the work required to get EAL certification.  EXT3 has the advantage of
being somewhat simpler than reiser, it's essentially just a journaling system
tagged onto the venerable ext2.  ext2 had probably been vetted before, so
getting ext3 in was easier than getting reiser in.

I would be surprised if there was any technical reason; I believe it was just a
way to streamline the certification.

(and I'm someone who only uses ext3, not reiser, out of sheer bloody-minded
stubborness and an irrational fear that reiser is not entirely stable)




--
Check the headers for your unsubscription address
For additional commands, e-mail: suse-security-help@xxxxxxxx
Security-related bug reports go to security@xxxxxxx, not here