jastev at alumni.rice.edu
Fri Feb 24 17:02:04 PST 2006
This may or may not be an HLFS question per se, but it was prompted by
the HLFS build process and research thereon.
I took to reading the Hierarchical Filesystem Standard after seeing it
references in the HLFS book. One thing that they mention there is that
a goal of HFS was to be able to differentiate those parts of the
filesystem that are static from variable, and shareable from not. My
assumption is that from a security perspective, it would be desireable
to mount static, shareable content as read-only.
Looking at the HLFS build, it seems reasonable (to me, anyway) that one
might construct a small root filesystem with /boot, /dev, /lib, /bin,
and /sbin on it, and then mount /usr (if it needed to be separate) and
/opt, /home, /svr, etc as separate filesystems onto it. Again, it seems
natural to me to mount / as read-only; root can always boot single-user
and remount it rw if sysadmin needs to be done on it, otherwise nothing
should be written to it.
And yet, this does not seem possible. The rc script that init runs
ignores the options field (and /etc/fstab altogether) and simply
remounts / read-write. Why would I necessarily need to mount / rw? Am
I missing something obvious?
(In case context is relevant, I'm running a number of virtual machines
on a single physical server; it would be convenient for them all to
mount the same root filesystem read-only, and only have the
non-shareable and variable content be unique diskfiles. Obviously, this
would require the VMs to never mount / writeable. Presumably, I could
create a / with nothing or just /boot in it, but this seems inelegant.)
More information about the hlfs-dev