全部博文(404)
分类: LINUX
2008-12-18 15:50:02
Contents[] |
There are several reasons why you might want to make your root file system read only. I wanted to have a system on a flash disk, and since flash disks are damaged after repeated read-write circles the read-only root is a very nice solution. Other reasons why you would want to make your root partition read only include:
The following procedure is what i did to turn my SuSE 10.1 root file system to read-only. It should work on both earlier and later versions but i haven't tested it yet. There could be better/more elegant solutions, if you think that something is missing please fill free to edit this howto.
Some of the information on this howto where found .
There are two files in the /etc directory that need to be writable. These are:
/etc/mtab /etc/resolv.conf
Also there are several files (logs etc) in /var which need to be writable, and of-cource /tmp. We will use /dev/shm ramfs to keep these files. In order to do that we need to edit some of the boot-scripts in /etc/init.d
# ln -s /proc/mounts /etc/mtab
# mv /etc/resolv.conf /dev/shm
# ln -s /dev/shm/resolv.conf /etc/resolv.conf
# tar -zcvf /var.tgz /var/*
# mv /var /dev/shm
# ln -s /dev/shm/var /var
You could create links only for the folders inside /var that need to be writable (i.e /var/log,etc) and save some memory by not copying libraries and other read-only files located under /var into memory. Here for simplicity, we just copy everything into /dev/shm.
# ln -s /dev/shm/tmp /tmp
After the fsck the script remounts the root file system as read-write. Find every line that remounts and change it like this:
from: mount -n -o remount,rw / to: mount -n -o remount,ro /
Find the line that deletes /etc/mtab* and comment it out.
#rm -f /etc/mtab*
Bellow that line add the following:
touch /dev/shm/resolv.conf # creates the /dev/shm/resolv.conf file. mkdir /dev/shm/tmp tar -C /dev/shm -zxf /var.tgz
#rm -f /etc/nologin /nologin /fastboot /forcefsck /success
comment out the line: # session required pam_lastlog.so nowtmp
line: /dev/sda2 / reiserfs acl,user_xattr 1 1 is changed to: /dev/sda2 / reiserfs ro,acl,user_xattr 1 1
# mount -o remount,ro /
If everything worked, your system has now a read only root filesystem. Note that each time you need to install extra software or run online update, etc, you must first remount your root partition to be writable.
# mount -o remount,rw /
Note that keeping all the tmp files in memory for systems that have a long uptime can be a problem. You can add a cronjob to periodically delete /tmp/* and maybe store the logs of /var/log to a persistent location and then delete them. This way you can avoid problems coused by a full /dev/shm fs.