RFE: Atomic should meet full NIST-800 compliance

[ghost]

** Host system details **

Any

** Expected vs actual behavior **

Atomic has /home as a separate partition, but /var/log and /var/log/audit should also be separate, so malicious containers cannot fill the partitions with logging and create a denial of service.

Would you like to work on the issue?
I'm happy to do the implementation here.

[dustymabe]

I'm not sure exactly what is missing. I just ran an anaconda install from last night's f26 ISO and I'm able to do all of what you ask I believe (assuming you plug in /var/home instead of /home). Here is what my lsblk output looks like:

[root@localhost ~]# lsblk
NAME                             MAJ:MIN RM  SIZE RO TYPE MOUNTPOINT
sda                                8:0    0   15G  0 disk 
├─sda1                             8:1    0  300M  0 part /boot
└─sda2                             8:2    0 13.5G  0 part 
  ├─fedora--atomic-root          253:0    0    3G  0 lvm  /sysroot
  ├─fedora--atomic-swap          253:1    0  1.5G  0 lvm  [SWAP]
  ├─fedora--atomic-var           253:2    0    5G  0 lvm  /var
  ├─fedora--atomic-var_log       253:3    0    1G  0 lvm  /var/log
  ├─fedora--atomic-var_log_audit 253:4    0    1G  0 lvm  /var/log/audit
  └─fedora--atomic-home          253:5    0    2G  0 lvm  /var/home
sr0                               11:0    1 1024M  0 rom  
[root@localhost ~]# rpm-ostree status
State: idle
Deployments:
● fedora-atomic:fedora/26/x86_64/atomic-host
                   Version: 26.150 (2017-10-14 23:19:12)
                    Commit: d518b37c348eb814093249f035ae852e7723840521b4bcb4a271a80b5988c44a
              GPGSignature: Valid signature by E641850B77DF435378D1D7E2812A6B4B64DAB85D

@evol262 - please find me in IRC (dustymabe in #atomic on freenode) and let's chat about your needs

[lucab]

Closing this one as it looks like a stale distro-related report (against Fedora Atomic).