KatolaZ <katolaz@???> writes:
> On Thu, Feb 04, 2016 at 10:02:51PM +0000, Simon Hobson wrote:
>> Arnt Karlsen <arnt@???> wrote:
>>
>> > ..me, I do not see any point in keeping it mounted at all.
>> > Whenever such a need arises, it should be mounted read-only.
>> > If a need to write to /sys/firmware/efi/efivars should happen,
>> > the machine should first be taken off-line, backed-up etc out
>> > of production and into a maintenance mode, where mounting
>> > /sys/firmware/efi/efivars read-write, _may_ be warranted.
>>
>>
>> Yes, in an ideal world where everyone is a "full time admin". But in
>> the real world, more systems are used by "average users" who just
>> expect "stuff to work". So IMO, you either build stuff that works (or
>> at least is up-front about what's wrong), or you leave these people
>> stuck with "stuff that's broken" and regardless of how right you are,
>> the pi**ed off user will be moaning about how "rubbish and
>> complicated this Linux is - best go back to Windows".
>>
>
> I don't get why any of those occasional "sysadmin-wannabe" users you
> have described above would ever need to mess around with their UEFI by
> hand. If you need to do that, you should first *know* what you are
> doing.
It's not really that simple: This really an interesting multi-level
fuck-up.
- the systemd people shouldn't just mount the efivarfs r/w
because that's convenient for them and tell people to get lost
if they think otherwise
- someone who runs rm -rf on a group of mounted filesystems
should understand that whatever was affected by that didn't
chose to unlink itself
- the people who implemented the firmware shouldn't have
implemented that such that it ceases to work if userspace
software performs perfectly legitimate operations such as
deleting unprotected variables
[- the issue shouldn't be generalized until the answer becomes
42 ]