LinuxQuestions.org

LinuxQuestions.org (/questions/)
-   *BSD (http://www.linuxquestions.org/questions/%2Absd-17/)
-   -   OpenBSD 3.8: read-only root with union /dev (http://www.linuxquestions.org/questions/%2Absd-17/openbsd-3-8-read-only-root-with-union-dev-380750/)

Moy Easwaran 11-07-2005 09:06 AM

OpenBSD 3.8: read-only root with union /dev
 
I just installed OpenBSD 3.8 on a box that used to run 3.6. It used to have a read-only root with the following /dev line in /etc/fstab:
Code:

swap /dev mfs rw,noatime,union,-s=12000 0 0
This now fails with the following boot-time message:
Code:

mount_mfs: -o union: option not supported
Notes from this year's hackathon suggest that union is indeed no longer supported. Any ideas on how to have a read-only root in 3.8?

Thanks,

Moy

sigsegv 11-12-2005 01:32 AM

The 'ro' flag seems like a likely candidate ...

Moy Easwaran 11-12-2005 03:41 PM

Thanks, sigsegv, but the question was about what do do after that :). Mounting / read-only makes /dev read-only, which messes up lots of things. This used to be solvable by union-mounting /dev and re-creating the necessary devices but that doesn't work as of 3.8.

A solution follows if anyone's interested. Basically, instead of mfs-union-mounting the whole of /dev, mfs-mount only the pieces that need to be read-write, create the necessary devices there, and create symlinks in /dev to point at the new devices. For example:

Add the following line to /etc/fstab (and also make / ro):
Code:

swap /dev/write mfs rw,noatime,-s=12000 0 0
Create the symlinks:
Code:

# mkdir /dev/write
# cd /dev/write
# /dev/MAKEDEV wscons pty0
# for x in *; do rm /dev/$x; ln -s /dev/write/$x /dev; done

And add the following line to /etc/rc to create these devices at boot after the filesystem checks:
Code:

( cd /dev/write; /dev/MAKEDEV wscons pty0; cd - ) > /dev/null 2>&1
Note that: (a) depending on your situation, you might also need to make some files in /etc read-write, (b) as written, this will disallow root logins (since ttys will be symlinks and hence won't be recognized as secure), so you'll need to su or sudo, and (c) if it's security you're after, system-immutable flags (see the manpages for chflags(1)) are almost as good as all this stuff and a lot easier and safer.

Moy


All times are GMT -5. The time now is 10:02 PM.