read-only root, and partitioning
junk_mail at iol.ie
Sat Oct 6 02:18:46 PDT 2007
On Sat, 2007-10-06 at 00:38 -0400, Robert Connolly wrote:
> Hi. I checked around a lot to see if any advancements have been made in
> mounting / read-only, and it doesn't look like it. I found 3 methods:
> Symlink /etc/mtab to /proc/mounts. The downside to this is that loopback
> mounts don't show up, and so umount doesn't take down the loop device.
> Symlink /etc/mtab to a real file, like /var/lib/mtab. The readonly_rootfs.txt
> suggested hard coding the new file in Glibc and Util-linux.
> Third is mounting /etc as it's own partition. See:
> I like this one best, personally, because it makes it easy to reuse /etc when
> upgrading (if all config's are put there), and because /etc can be read-write
> while / is read-only. I have two / and two /usr partitions, so I can upgrade
> to a scratch system, so reusing an /etc partition (along with /boot
> and /home) would be nice. This also allows /etc to be mounted, to change
> passwords or whatever, without mounting /. The downside to this is /etc/fstab
> exists twice (one on /, another on /etc, partitions), and need to both be
> valid, and there's still an issue with /etc/mtab.
> /etc/resolv.conf might also need a symlink to /somewhere/resolv.conf,
> depending on whether you change this file during uptime.
> Any other ideas?
It's about time you built yourself the LFS live cd. That has an ro root
filesystem (The cdrom) and circumnavigates your issues by having /etc/
in ram, afaict.
Another thing to have a look at is the scientific linux live dvd which
has a ro root filesystem (the dvd) over which it mounts a unionfs;
Unionfs mirrors the directory tree, and any changed files are written to
ramdisk and served up first, if I understand/remember it right. It's
impressive. I booted kde on it and ran free on a box with 512Megs of
ram. Free reported 399 megs free, and no swap.
You would want to make a clear decision if HLFS is going to be compliant
to norms like FHS. You can tweak where most files are written/looked for
at compile time with --sysconfdir=/somewhere/unusual
I'm no expert (Here to learn), but I fail to see reward for this effort.
With any attack, files can be written to /tmp, and a fresh instance of
something like inetd or even X can be started with an option specifying
the hacker's config in /tmp instead of your own. The ro /etc is
pointless in this case. Patching these options out might be a more
Declan Moriarty <junk_mail at iol.ie>
More information about the hlfs-dev