FS#5378 - move /etc/mtab to /var/etc/mtab for read-only / support
Attached to Project:
Arch Linux
Opened by Jeremy (loserMcloser) - Saturday, 09 September 2006, 16:35 GMT
Last edited by Aaron Griffin (phrakture) - Tuesday, 29 January 2008, 19:37 GMT
Opened by Jeremy (loserMcloser) - Saturday, 09 September 2006, 16:35 GMT
Last edited by Aaron Griffin (phrakture) - Tuesday, 29 January 2008, 19:37 GMT
|
Details
Setting up / to be read-only is generally very easy, mostly
involves setting a few symlinks and a little tweaking of the
/etc/rc.* files. The exception is /etc/mtab -- mount won't
follow a symlink for this file, and its location is
hard-coded in /usr/include/paths.h.
Changing this at the package level is very simple though: 1) move /etc/mtab to /var/etc/mtab: add the line sed -i -e 's/\/etc\/mtab/\/var\/etc\/mtab/g' ${startdir}/src/glibc-${pkgver}/sysdeps/unix/sysv/linux/paths.h to the build() section of the PKGBUILD for glibc, somewhere before configure. rebuild glibc and coreutils packages. 2) add a /var/etc directory and a /etc/mtab->/var/etc/mtab symlink to the filesystem package 3) correct any handling of /etc/mtab in /etc/rc.sysinit I hope the above small changes can make it in -- and I don't expect (or request!) any other read-only / support changes; this is the only change that requires rebuilding packages. Thanks! |
This task depends upon
Closed by Aaron Griffin (phrakture)
Tuesday, 29 January 2008, 19:37 GMT
Reason for closing: Won't implement
Additional comments about closing: See FS#9384
for more details
Tuesday, 29 January 2008, 19:37 GMT
Reason for closing: Won't implement
Additional comments about closing: See
See the bug about double / in nautilus, for example.
The real solution is for the glibc maintainers to put the *varying* file mtab in the proper place for files that vary -- /var !
1) Add a -n option to any mount command in rc.sysinit and rc.shutdown that occurs while /var is not mounted.
2) Change the "Mounting Local Filesystems" section of rc.sysinit to:
stat_busy "Mounting Local Filesystems"
/bin/mount -n -o remount,rw /
# need /var/etc/mtab to be accessible
# if /var is on a separate partition, this will mount it
# if it is not, this will just fail silently
/bin/mount -n /var &>/dev/null
/bin/rm -f /var/etc/mtab*
/bin/touch /var/etc/mtab
# make sure / gets written to /var/etc/mtab
/bin/mount -o remount,rw /
# re-mount /proc , /sys and usbfs so they can be written to /var/etc/mtab
umount /proc/bus/usb
umount /proc && mount -t proc none /proc
grep -qw sysfs /proc/filesystems && umount /sys && mount -t sysfs none /sys
if grep -qw usbfs /proc/filesystems; then
# Some people use custom permissions for their usbfs
if grep -qw /proc/bus/usb /etc/fstab; then
mount /proc/bus/usb
else
mount -t usbfs none /proc/bus/usb
fi
fi
# make sure /var gets written to /var/etc/mtab
# again, this will just fail silently if /var is not in fstab
/bin/mount -f /var &>/dev/null
# now mount all the local filesystems
/bin/mount -a -t $NETFS
stat_done
If upstream hasn't addressed this issue yet I don't think they ever will - people have used read-only / for ages and upstream hasn't concerned themselves with it so far...
I think my proposed solution is simple enough to be a reasonable request.
My suggestion? Submit a patch against the initscripts that uses "mount -n" instead, to prevent /etc/mtab writing at all.
It's probably fairly easy to add a "READONLY_ROOT=yes" param into rc.conf to do all this stuff in one go. I'd gladly accept a patch like that.
I'm happy to work out a patch against initscripts to support a READONLY_ROOT rc.conf option, but only if paths.h is going to be changed as in the initial bug report (and I completely understand if you don't want to do this). Otherwise I'll just keep on with what I've always been doing -- building my own glibc package with patched paths.h.
Let me know or I guess just close this report.
Do any other distros do this without patching glibc?
Someone over at gentoo has since come up with a clever solution -- using unionfs to overlay a write-able filesystem onto /etc
http://gentoo-wiki.com/HOWTO_Read-only_root_filesystem
So I withdraw this request -- please close this report. When I finally finish my thesis and have some free time, I may still submit some initscripts patches to support a READONLY_ROOT option in rc.conf.
cheers.
http://bugs.archlinux.org/task/9384