This file is indexed.

/usr/share/doc/fsprotect/README.Debian is in fsprotect 1.0.6.

This file is owned by root:root, with mode 0o644.

The actual contents of the file can be viewed below.

 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
fsprotect for Debian
--------------------

fsprotect will only act when the "fsprotect" parameter is passed to the kernel.
Also, it will be disabled if a "nofsprotect" parameter is passed to the kernel.
This means that when having a "fsprotect" and a "nofsprotect" parameter at the
same time, the nofsprotect will be used.

when fsprotect is in effect, a /fastboot file is created preventing filesystem
checks from init scripts. Without this, the boot process will fail on fsck.
Using the "nofsprotect" argument will prevent the creation of /fastboot.

fsprotect is very useful for computers with public access like libraries, labs,
etc. It is essential to also prevent kernel parameters from being altered.
To do this you should add a password to grub as well (if you use grub).

aufs
----

In order for fsprotect to work, the system must support aufs. For debian
systems:

  * For older kernels (<=2.6.30) install aufs-source and module-assistant
    and run:
      # m-a prepare aufs
      # m-a build aufs
      # m-a install aufs
      # update-initramfs -u

  * For more recent kernels (>=2.6.31-1) nothing is needed. They already
    include aufs as a module (see bug #541828).

Documentation
-------------

The complete documentation is in fsprotect.pdf. Please refer to that for more
information.

Root filesystem
---------------

To enable fsprotect for the root filesystem add:

fsprotect=size

to kernel. size should be the size of the tmpfs. You should make sure that
there is enough memory+swap space available.

size parameter is optional but it is strongly suggested to be used. It is
passed to mount(8) as the size option of the tmpfs. It can be one of:

  * A size in bytes with or without multiplicators: 512M, 1G, 1024K
  * A percentage of system's memory: 30%
  * "auto" to use 50% of system's memory - the default for tmpfs

Other filesystems
-----------------

To enable fsprotect for other filesystems edit /etd/default/fsprotect as needed

Those filesystems will only be protected when fsprotect parameter is passed
to the kernel.

Currently there is no way to protect other filesystems without protecting /.
Is there a reason to do so?

fstab
-----

If you want to use fsprotect you should have a look at your mount options,
especially for the root filesystem. See bug #530241
(http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=530241)

Contact
-------
For suggestions, bug reports, etc contact:

Stefanos Harhalakis <v13@v13.gr>

or file a bug report in debian's bugtracker.