I have been desperately trying to figure out a way to mount (on boot up) a RHEL 5.2 root (/) partition.

I started following the instructions here:
http://en.opensuse.org/How-To_Make_t...stem_read-only

but those are tailored to openSUSE and (in those instructions) there isn't an "/etc/init.d/boot.rootfsck" file in RHEL. I have set the /etc/sysconfig/readonly-root file to readonly=yes and symlinked the var and tmp directories (as well as mtab and resolve.conf files) to the tmpfs partition (just like those instructions state).

Being that RHEL doens't have a /etc/init.d/boot.rootfsck file, I created a script (in /etc/init.d/) that runs out of /etc/rc.d/rc5.d (symlinked...perms are 0775) that has the functions that would be changed in the authors file...ie:

touch /dev/shm/resolv.conf
mkdir /dev/shm/tmp
tar -C /dev/shm -zxf /var.tgz

It is named S10readonly, so it runs at the near beginning of bootup.

Does anyone have and links, suggestions, etc. on mounting the / partition as RO on bootup on a RHEL system?

Thanks.

Have you looked into editing fstab with the information?

yes...that is part of those instructions in the link. I set the / partition to be "ro,defaults"

I think you need to edit initrd image. Because if initrd is specified then root setup is specified in initrd.

Thanks

Two questions:

1. Why do you want to do this?
2. What is the output of $ df -h ?

I am doing this as a security criteria. I will be migrating all of my notes, steps, etc over to a CompactFlash card here soon (actually, I have the OS on a CF already, just testing it out on my laptop running RHEL 5.2). Anyhow, I must show how nothing can be written to the CF device itself...the tmpfs partition (in this case /data) will be ran in the onboard RAM.

Here is my /etc/fstab file:



LABEL=/ / ext3 defaults,ro 1 1
LABEL=/boot /boot ext3 defaults 1 2
tmpfs /data tmpfs uid=500,gid=500,mode=775,size=1g 0 0
devpts /dev/pts devpts gid=5,mode=620 0 0
sysfs /sys sysfs defaults 0 0
proc /proc proc defaults 0 0

Here is the output from a df -h:

Filesystem Size Used Avail Use% Mounted on
rootfs 71G 2.0G 65G 3% /
/dev/root 71G 2.0G 65G 3% /
/dev 1013M 132K 1013M 1% /dev
tmpfs 1.0G 33M 992M 4% /data
tmpfs 1.0G 33M 992M 4% /data/var/cache/man
tmpfs 1.0G 33M 992M 4% /data/var/gdm
tmpfs 1.0G 33M 992M 4% /data/var/lock
tmpfs 1.0G 33M 992M 4% /data/var/log
tmpfs 1.0G 33M 992M 4% /data/var/run
tmpfs 1.0G 33M 992M 4% /data/tmp
tmpfs 1.0G 33M 992M 4% /data/var/cache/foomatic
tmpfs 1.0G 33M 992M 4% /data/var/cache/logwatch
tmpfs 1.0G 33M 992M 4% /data/var/db/nscd
tmpfs 1.0G 33M 992M 4% /data/var/lib/dhclient
tmpfs 1.0G 33M 992M 4% /data/var/tmp
/dev/root 71G 2.0G 65G 3% /etc/adjtime
/dev/root 71G 2.0G 65G 3% /etc/fstab
/dev/root 71G 2.0G 65G 3% /etc/ntp.conf
tmpfs 1.0G 33M 992M 4% /data/resolv.conf
tmpfs 1.0G 33M 992M 4% /data/var/account
tmpfs 1.0G 33M 992M 4% /data/var/cache/alchemist
tmpfs 1.0G 33M 992M 4% /data/var/lib/logrotate.status
tmpfs 1.0G 33M 992M 4% /data/var/lib/ntp
tmpfs 1.0G 33M 992M 4% /data/var/empty/sshd/etc/localtime
tmpfs 1.0G 33M 992M 4% /data/var/lib/random-seed
/dev/sda1 1.9G 41M 1.8G 3% /boot

also, for an update...I figured out how to get the /var /tmp /home and /root directories to load from tar files, which actually lets me login now...and / is mounted RO... (I added some commands in the /etc/sysconfig/readonly-root file)

thing is that many of the services fail to start now (ie auditd, etc). And I can't load any of the gui utilities...such as system-config-users, etc. I get the following error:

Xlib: connection to "0:0" refused by server
Xlib: No protocol specified


I am figuring it is a permission error somewhere in /var (which is symlinked to /data/var)

well, I disabled selinux and everything works fine... imagine that