LinuxQuestions.org
Latest LQ Deal: Complete CCNA, CCNP & Red Hat Certification Training Bundle
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Newbie
User Name
Password
Linux - Newbie This Linux forum is for members that are new to Linux.
Just starting out and have a question? If it is not in the man pages or the how-to's this is the place!

Notices


Reply
  Search this Thread
Old 10-25-2011, 11:51 AM   #1
fantod
LQ Newbie
 
Registered: Oct 2011
Posts: 2

Rep: Reputation: Disabled
Setting up a read-only Debian system?


Greetings

I have a Seagate Dockstar (1.2 GHZ ARM processor, 128 MB RAM, boots Debian squeeze from a usb flash drive). It's used as a NAS.

I have been trying to make the boot flash drive read-only using the method described here:

http://www.logicsupply.com/blog/2009...-linux-system/

The method entails moving the root filesystem to an aufs filesystem so that the boot drive is read-only and there's a writeable layer in RAM. This is done by adding a hook file to /etc/initramfs-tools/hooks

Code:
#!/bin/sh

PREREQ=''

prereqs() {
  echo "$PREREQ"
}

case $1 in
prereqs)
  prereqs
  exit 0
  ;;
esac

. /usr/share/initramfs-tools/hook-functions
manual_add_modules aufs
manual_add_modules tmpfs
copy_exec /bin/chmod /bin
adding an init-bottom script to /etc/initramfs-tools/scripts/init-bottom

Code:
#!/bin/sh

PREREQ=''

prereqs() {
  echo "$PREREQ"
}

case $1 in
prereqs)
  prereqs
  exit 0
  ;;
esac

# Boot normally when the user selects single user mode.
if grep single /proc/cmdline >/dev/null; then
  exit 0
fi

ro_mount_point="${rootmnt%/}.ro"
rw_mount_point="${rootmnt%/}.rw"

# Create mount points for the read-only and read/write layers:
mkdir "${ro_mount_point}" "${rw_mount_point}"

# Move the already-mounted root filesystem to the ro mount point:
mount --move "${rootmnt}" "${ro_mount_point}"

# Mount the read/write filesystem:
mount -t tmpfs root.rw "${rw_mount_point}"

# Mount the union:
mount -t aufs -o "dirs=${rw_mount_point}=rw:${ro_mount_point}=ro" root.union "${rootmnt}"

# Correct the permissions of /:
chmod 755 "${rootmnt}"

# Make sure the individual ro and rw mounts are accessible from within the root
# once the union is assumed as /.  This makes it possible to access the
# component filesystems individually.
mkdir "${rootmnt}/ro" "${rootmnt}/rw"
mount --move "${ro_mount_point}" "${rootmnt}/ro"
mount --move "${rw_mount_point}" "${rootmnt}/rw"

# Make sure checkroot.sh doesn't run.  It might fail or erroneously remount /.
rm -f "${rootmnt}/etc/rcS.d"/S[0-9][0-9]checkroot.sh
and then rebuilding the initramfs

Code:
# update-initramfs -u
and rebooting.

I have done this procedure on a test system: a Dell Mini 9 netbook (Intel Atom processor) that boots Debian squeeze from an external usb hard disk. It works: the system comes up read-only. I can create a text file in my home directory, then reboot and the text file is gone. Just what I want.

I do the same thing on the Dockstar and it boots OK but is not read-only. I looked at dmesg on the Dockstar and see the following:

Code:
[   12.960395] aufs: module is from the staging directory, the quality is unknown, you have been warned.
[   12.993986] aufs 2-standalone.tree-32-20100125
[   13.003956] aufs test_add:218:mount[124]: unsupported filesystem, /root.ro (rootfs)
but on the Dell Mini 9, the corresponding lines from dmesg are

Code:
[    7.884717] aufs: module is from the staging directory, the quality is unknown, you have been warned.
[    7.897495] aufs 2-standalone.tree-32-20100125
[    7.898237] aufs test_add:248:exe[371]: uid/gid/perm /root.ro 0/0/0755, 0/0/01777
As I said, both of these systems are running up-to-date Debian squeeze. One works and the other doesn't.

Any idea why this is? Troubleshooting this is a bit beyond my current knowledge level, but I would love to get this working. Any help is appreciated.
 
Old 10-26-2011, 06:09 PM   #2
replica9000
Member
 
Registered: Jul 2006
Location: USA
Distribution: Debian, FreeBSD, Android
Posts: 997
Blog Entries: 2

Rep: Reputation: 212Reputation: 212Reputation: 212
Debian has a package in the repository that does this. fsprotect. All you should have to do is install it, and add a line to your grub's kernel entry:

example from my Grub 2 USB install:
Code:
linux   /boot/vmlinuz-3.0.0-2-amd64 root=UUID=7bbe90bc-7793-4a60-87e7-cbb6cfb7ec25 ro quiet fsprotect=1G
You can change the 1G to another size if you wish.
 
Old 10-27-2011, 08:57 AM   #3
fantod
LQ Newbie
 
Registered: Oct 2011
Posts: 2

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by replica9000 View Post
Debian has a package in the repository that does this. fsprotect. All you should have to do is install it, and add a line to your grub's kernel entry:

example from my Grub 2 USB install:
Code:
linux   /boot/vmlinuz-3.0.0-2-amd64 root=UUID=7bbe90bc-7793-4a60-87e7-cbb6cfb7ec25 ro quiet fsprotect=1G
You can change the 1G to another size if you wish.

Ok - very good. I'll try that - it looks like it does what I want.

FWIW, the Dockstar uses uboot instead of grub 2 so I'll have to figure out how to set the fsprotect kernel parameter for uboot.

Thanks again
 
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Read System Call is getting blocked when tried to read the data from CDC device sanju.lnt Linux - Embedded & Single-board computer 0 09-12-2011 12:48 AM
LXer: Setting up dual monitors system-wide with XRandR on Debian Lenny LXer Syndicated Linux News 0 10-24-2008 10:50 AM
Debian on VBox Read Only File System and Permission Denied Errors The Konqi Kid Debian 5 03-04-2008 06:07 PM
Setting up folders read, read/write? airplaneb777 Linux - Software 1 04-17-2006 09:37 AM


All times are GMT -5. The time now is 12:49 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Facebook: linuxquestions Google+: linuxquestions
Open Source Consulting | Domain Registration