FS#5378 - move /etc/mtab to /var/etc/mtab for read-only / support

Attached to Project: Arch Linux
Opened by Jeremy (loserMcloser) - Saturday, 09 September 2006, 16:35 GMT
Last edited by Aaron Griffin (phrakture) - Tuesday, 29 January 2008, 19:37 GMT
Task Type Feature Request
Category System
Status Closed
Assigned To Aaron Griffin (phrakture)
Architecture All
Severity Very Low
Priority Normal
Reported Version 0.7.2 Gimmick
Due in Version Undecided
Due Date Undecided
Percent Complete 100%
Votes 0
Private No

Details

Setting up / to be read-only is generally very easy, mostly involves setting a few symlinks and a little tweaking of the /etc/rc.* files. The exception is /etc/mtab -- mount won't follow a symlink for this file, and its location is hard-coded in /usr/include/paths.h.

Changing this at the package level is very simple though:

1) move /etc/mtab to /var/etc/mtab: add the line

sed -i -e 's/\/etc\/mtab/\/var\/etc\/mtab/g' ${startdir}/src/glibc-${pkgver}/sysdeps/unix/sysv/linux/paths.h

to the build() section of the PKGBUILD for glibc, somewhere before configure. rebuild glibc and coreutils packages.

2) add a /var/etc directory and a /etc/mtab->/var/etc/mtab symlink to the filesystem package

3) correct any handling of /etc/mtab in /etc/rc.sysinit

I hope the above small changes can make it in -- and I don't expect (or request!) any other read-only / support changes; this is the only change that requires rebuilding packages.

Thanks!
This task depends upon

Closed by  Aaron Griffin (phrakture)
Tuesday, 29 January 2008, 19:37 GMT
Reason for closing:  Won't implement
Additional comments about closing:  See  FS#9384  for more details
Comment by Jeremy (loserMcloser) - Tuesday, 14 November 2006, 14:28 GMT
sorry, should be rebuild glibc and *util-linux* package...
Comment by Andrea Garbarini (garba) - Wednesday, 27 December 2006, 02:53 GMT
readonly root fan here ;) and i wonder what /etc/mtab is good for anyway, usually i symlink it to /proc/mounts
Comment by Roman Kyrylych (Romashka) - Wednesday, 27 December 2006, 13:37 GMT
You shouldn't symlink it to /proc/mounts!
See the bug about double / in nautilus, for example.
Comment by Andrea Garbarini (garba) - Wednesday, 27 December 2006, 14:06 GMT
that's a problem with nautilus being a piece of crap, and not with the symlink thing by itself, mtab is just a leftover from the days of old when there was no support for /proc, there are a few gotchas with this symnlink thing but 99% of the times you'll be just fine ;)
Comment by Jeremy (loserMcloser) - Sunday, 31 December 2006, 18:46 GMT
I used to use a symlink to /proc/mounts, but it doesn't work for things like mount -o user

The real solution is for the glibc maintainers to put the *varying* file mtab in the proper place for files that vary -- /var !
Comment by Andrea Garbarini (garba) - Monday, 01 January 2007, 18:28 GMT
i don't think that's viable because that file must always be available which is not the case when /var is on a separate partition for example, the best thing to do would be IMO rewriting the apps which rely on /etc/mtab to take advantage of /proc/mounts instead, of course this is an upstream issue
Comment by Jeremy (loserMcloser) - Wednesday, 03 January 2007, 18:01 GMT
I have /var on a separate partition, just needs a little tweaking of /etc/rc.sysinit and /etc/rc.shutdown

1) Add a -n option to any mount command in rc.sysinit and rc.shutdown that occurs while /var is not mounted.

2) Change the "Mounting Local Filesystems" section of rc.sysinit to:

stat_busy "Mounting Local Filesystems"
/bin/mount -n -o remount,rw /
# need /var/etc/mtab to be accessible
# if /var is on a separate partition, this will mount it
# if it is not, this will just fail silently
/bin/mount -n /var &>/dev/null
/bin/rm -f /var/etc/mtab*
/bin/touch /var/etc/mtab
# make sure / gets written to /var/etc/mtab
/bin/mount -o remount,rw /
# re-mount /proc , /sys and usbfs so they can be written to /var/etc/mtab
umount /proc/bus/usb
umount /proc && mount -t proc none /proc
grep -qw sysfs /proc/filesystems && umount /sys && mount -t sysfs none /sys
if grep -qw usbfs /proc/filesystems; then
# Some people use custom permissions for their usbfs
if grep -qw /proc/bus/usb /etc/fstab; then
mount /proc/bus/usb
else
mount -t usbfs none /proc/bus/usb
fi
fi
# make sure /var gets written to /var/etc/mtab
# again, this will just fail silently if /var is not in fstab
/bin/mount -f /var &>/dev/null
# now mount all the local filesystems
/bin/mount -a -t $NETFS
stat_done

If upstream hasn't addressed this issue yet I don't think they ever will - people have used read-only / for ages and upstream hasn't concerned themselves with it so far...

I think my proposed solution is simple enough to be a reasonable request.
Comment by Aaron Griffin (phrakture) - Monday, 17 December 2007, 07:45 GMT
Hmmm, this is going against the "vanilla" package philosophy, and directly affects core packages.

My suggestion? Submit a patch against the initscripts that uses "mount -n" instead, to prevent /etc/mtab writing at all.

It's probably fairly easy to add a "READONLY_ROOT=yes" param into rc.conf to do all this stuff in one go. I'd gladly accept a patch like that.
Comment by Jeremy (loserMcloser) - Saturday, 22 December 2007, 18:48 GMT
Just "mount -n" in initscripts isn't enough -- mount won't follow a symlink ever, so (for example) "mount -o user" won't work properly.

I'm happy to work out a patch against initscripts to support a READONLY_ROOT rc.conf option, but only if paths.h is going to be changed as in the initial bug report (and I completely understand if you don't want to do this). Otherwise I'll just keep on with what I've always been doing -- building my own glibc package with patched paths.h.

Let me know or I guess just close this report.
Comment by Aaron Griffin (phrakture) - Sunday, 23 December 2007, 21:16 GMT
Hmmm, it seems like there should be a better way to do this. I definitely think patching glibc for this is a bad idea, but there has to be a better way.

Do any other distros do this without patching glibc?
Comment by Jeremy (loserMcloser) - Monday, 28 January 2008, 01:55 GMT
Aha, your question inspired me to go looking again. When I first wanted to have read-only root, seemed like "patch glibc" was the only solution out there that didn't have any drawbacks (besides having to patch glibc...)

Someone over at gentoo has since come up with a clever solution -- using unionfs to overlay a write-able filesystem onto /etc

http://gentoo-wiki.com/HOWTO_Read-only_root_filesystem

So I withdraw this request -- please close this report. When I finally finish my thesis and have some free time, I may still submit some initscripts patches to support a READONLY_ROOT option in rc.conf.

cheers.
Comment by Aaron Griffin (phrakture) - Monday, 28 January 2008, 18:22 GMT
Ok, I will close this - but could you open another bug report for read-only root support. I have to say, I find the concept "neat" so I'd like to try to tackle it
Comment by Jeremy (loserMcloser) - Tuesday, 29 January 2008, 03:18 GMT
OK, see:

http://bugs.archlinux.org/task/9384

Loading...