Educational question

Dimitry Naldayev dimitryn at perm.ru
Sat Feb 25 06:34:48 PST 2006


Jason Stevens <jastev at alumni.rice.edu> writes:

> This may or may not be an HLFS question per se, but it was prompted by
> the HLFS build process and research thereon.
>
> I took to reading the Hierarchical Filesystem Standard after seeing it
> references in the HLFS book.  One thing that they mention there is
> that a goal of HFS was to be able to differentiate those parts of the
> filesystem that are static from variable, and shareable from not.  My
> assumption is that from a security perspective, it would be desireable
> to mount static, shareable content as read-only.
>
> Looking at the HLFS build, it seems reasonable (to me, anyway) that
> one might construct a small root filesystem with /boot, /dev, /lib,
> /bin, and /sbin on it, and then mount /usr (if it needed to be
> separate) and /opt, /home, /svr, etc as separate filesystems onto it.
> Again, it seems natural to me to mount / as read-only; root can always
> boot single-user and remount it rw if sysadmin needs to be done on it,
> otherwise nothing should be written to it.
>
> And yet, this does not seem possible.  The rc script that init runs
> ignores the options field (and /etc/fstab altogether) and simply
> remounts / read-write.  Why would I necessarily need to mount / rw?
> Am I missing something obvious?

You are missing /etc. It mast be part of / (root fs) becouse init need some
information from there and several files in /etc need to be writable ;-/
Most famous is /etc/mtab and there workaround about this, but there are a
few other depending on what software you have installed

The /usr always can be mounted as read-only if you do not need
install/deinstall software
>
> (In case context is relevant, I'm running a number of virtual machines
> on a single physical server; it would be convenient for them all to
> mount the same root filesystem read-only, and only have the
> non-shareable and variable content be unique diskfiles.  Obviously,
> this would require the VMs to never mount / writeable.  Presumably, I
> could create a / with nothing or just /boot in it, but this seems
> inelegant.)

There was several diskless howto around the net and one of them describe
very similar setup with main difference they use different phisical
computers in local network (instead of vitual machines) wich share the same
root fs (over nfs in case of diskless). Unfortunately I can not point you
directly on this howto becouse I had read the howto several years ago. But
google or Linux Documentation Project can help you to find it.

--
        Dimitry




More information about the hlfs-dev mailing list