read-only root, and partitioning

Robert Connolly robert at linuxfromscratch.org
Fri Oct 5 21:38:02 PDT 2007


Hi. I checked around a lot to see if any advancements have been made in 
mounting / read-only, and it doesn't look like it. I found 3 methods:

Symlink /etc/mtab to /proc/mounts. The downside to this is that loopback 
mounts don't show up, and so umount doesn't take down the loop device.

Symlink /etc/mtab to a real file, like /var/lib/mtab. The readonly_rootfs.txt 
suggested hard coding the new file in Glibc and Util-linux.

Third is mounting /etc as it's own partition. See:
http://www.seifried.org/oag/advanced-filesystem/
I like this one best, personally, because it makes it easy to reuse /etc when 
upgrading (if all config's are put there), and because /etc can be read-write 
while / is read-only. I have two / and two /usr partitions, so I can upgrade 
to a scratch system, so reusing an /etc partition (along with /boot 
and /home) would be nice. This also allows /etc to be mounted, to change 
passwords or whatever, without mounting /. The downside to this is /etc/fstab 
exists twice (one on /, another on /etc, partitions), and need to both be 
valid, and there's still an issue with /etc/mtab.

/etc/resolv.conf might also need a symlink to /somewhere/resolv.conf, 
depending on whether you change this file during uptime.

Any other ideas?

Also, for the above reason and more, I'm always looking for better ways to 
partition. This is my latest idea (with 3 drives), for a desktop:

devpts on /dev/pts type devpts (rw,nosuid,gid=4,mode=620)
shm on /dev/shm type tmpfs (rw,nosuid,nodev,mode=1777)
tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=512m,mode=1777)
Symlink /var/tmp to /tmp

ide 80G. These partitions get reused with dual-boots:
	extended		80G
	/boot		2G		ro,noexec,nosuid,nodev				ext3
	/etc			512M	ro,noexec,nosuid,nodev				ext3
	/root			4G		rw,noexec,nosuid,nodev				ext3
	/var			4G		rw,nosuid,nodev					ext3
	/var/spool	4G		rw,noexec,nosuid,nodev,noatime,sync	ext2	AES128
	/multimedia	-		rw,noexec,nosuid,nodev,noatime,sync	ext2	AES128

Note: As per the loop-aes README file, if a journaling file system is used 
then write cache should be disabled on the drive to allow the file system to 
handle all the writes. For this drive I prefer to leave write caching enabled 
and use ext2 with the sync option, which is only sane with the noatime 
option. On a server, something like the Mars or Twofish algorithm might be a 
better idea for performance, but requires additional kernel modules to be 
loaded.

Symlink /etc/resolv.conf to /tmp/resolv.conf
Symlink /etc/mtab to /tmp/mtab
Symlink /var/log to /var/spool/log
Symlink /var/mail to /var/spool/mail

sata 250G (write caching disabled via `hdparm` in bootscript):
	/home		-		rw,nosuid,nodev,noatime			ext3	AES256

sata 80G:
	 extended	80G
	swap		4G											AES128
	/			2G		ro,nodev							ext3
	/usr			12G		ro,nodev							ext3
	/			2G		ro,nodev							ext3
	/usr			12G		ro,nodev							ext3
	/usr/src		-		rw,noexec,nosuid,nodev,noatime		ext3

Symlink /opt to /usr/opt.
Use /dev/shm for builds, or a /usr/obj.

robert
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: not available
URL: <http://lists.linuxfromscratch.org/pipermail/hlfs-dev/attachments/20071006/258a455c/attachment.sig>


More information about the hlfs-dev mailing list