read-only root, and partitioning

Kevin Day thekevinday at
Sat Oct 6 08:32:38 PDT 2007

On 10/5/07, Robert Connolly <robert at> wrote:
> Hi. I checked around a lot to see if any advancements have been made in
> mounting / read-only, and it doesn't look like it. I found 3 methods:
> Symlink /etc/mtab to /proc/mounts. The downside to this is that loopback
> mounts don't show up, and so umount doesn't take down the loop device.
> Symlink /etc/mtab to a real file, like /var/lib/mtab. The readonly_rootfs.txt
> suggested hard coding the new file in Glibc and Util-linux.
> Third is mounting /etc as it's own partition. See:
> I like this one best, personally, because it makes it easy to reuse /etc when
> upgrading (if all config's are put there), and because /etc can be read-write
> while / is read-only. I have two / and two /usr partitions, so I can upgrade
> to a scratch system, so reusing an /etc partition (along with /boot
> and /home) would be nice. This also allows /etc to be mounted, to change
> passwords or whatever, without mounting /. The downside to this is /etc/fstab
> exists twice (one on /, another on /etc, partitions), and need to both be
> valid, and there's still an issue with /etc/mtab.
> /etc/resolv.conf might also need a symlink to /somewhere/resolv.conf,
> depending on whether you change this file during uptime.
> Any other ideas?
> Also, for the above reason and more, I'm always looking for better ways to
> partition. This is my latest idea (with 3 drives), for a desktop:
> devpts on /dev/pts type devpts (rw,nosuid,gid=4,mode=620)
> shm on /dev/shm type tmpfs (rw,nosuid,nodev,mode=1777)
> tmpfs on /tmp type tmpfs (rw,nosuid,nodev,size=512m,mode=1777)
> Symlink /var/tmp to /tmp
> ide 80G. These partitions get reused with dual-boots:
>         extended                80G
>         /boot           2G              ro,noexec,nosuid,nodev                          ext3
>         /etc                    512M    ro,noexec,nosuid,nodev                          ext3
>         /root                   4G              rw,noexec,nosuid,nodev                          ext3
>         /var                    4G              rw,nosuid,nodev                                 ext3
>         /var/spool      4G              rw,noexec,nosuid,nodev,noatime,sync     ext2    AES128
>         /multimedia     -               rw,noexec,nosuid,nodev,noatime,sync     ext2    AES128
> Note: As per the loop-aes README file, if a journaling file system is used
> then write cache should be disabled on the drive to allow the file system to
> handle all the writes. For this drive I prefer to leave write caching enabled
> and use ext2 with the sync option, which is only sane with the noatime
> option. On a server, something like the Mars or Twofish algorithm might be a
> better idea for performance, but requires additional kernel modules to be
> loaded.
> Symlink /etc/resolv.conf to /tmp/resolv.conf
> Symlink /etc/mtab to /tmp/mtab
> Symlink /var/log to /var/spool/log
> Symlink /var/mail to /var/spool/mail
> sata 250G (write caching disabled via `hdparm` in bootscript):
>         /home           -               rw,nosuid,nodev,noatime                 ext3    AES256
> sata 80G:
>          extended       80G
>         swap            4G                                                                                      AES128
>         /                       2G              ro,nodev                                                        ext3
>         /usr                    12G             ro,nodev                                                        ext3
>         /                       2G              ro,nodev                                                        ext3
>         /usr                    12G             ro,nodev                                                        ext3
>         /usr/src                -               rw,noexec,nosuid,nodev,noatime          ext3
> Symlink /opt to /usr/opt.
> Use /dev/shm for builds, or a /usr/obj.
> robert
> --
> FAQ:
> Unsubscribe: See the above information page

Hereis a practiceI generally do.

If daemons or other services need to start, have /var/run under a small tmpfs.

Thats all I have for the moment.

Kevin Day

More information about the hlfs-dev mailing list