I'm using an embedded version of linux called white dwarf, which is based on slackware. I'm trying to mount the / filesystem as read only, but when I use:

mount -o ro,remount /
or
mount -o ro,remount /dev/hda1

I get a "device is busy" error. Also, I've tried going straight to fstab and changing the option from defaults to ro, but also with no success. After rebooting with the new fstab, I type mount and see that / is mount ro, but I can still write to it! I can change it back to rw with

mount -o rw,remount /

but it won't go back to ro at all. How can I mount this drive as read only?

Note: I have external storage that is rw if there are things that the system MUST write.

Thanks!

you cannot mount / as read only!!
there are certain programs in /bin and /sbin that
need to be executable in order for the system
to boot and run properly.

Thanks 320mb!

Can't programs still run on a read-only disk if they're not changing at all?? or does read-only mean that strictly? if so, then is there a read/execute mode? It would be nice to have a mode like this because I'm using a flash disk that has a limited number of writes and I'd like to keep it going as long as possible. I have external disk storage which is used for day-to-day stuff that is available for other stuff. Is it worthwhile to make some partitions on the external disk and drop /bin and /sbin on them?

You may want to read the FHS (Filesystem Hierarchy System) as well as the chroot howto's. The /proc, /tmp, /var, and /usr/local partitions need to be writable. The FHS guide goes into detail on which directories can be mounted readonly. The ones that need to be writable need to be mounted on a writable partition.

I don't think you can have the root partition mounted read-only since partitions are mounted under it that need to be writable. However, many of the partitions mounted under it can be. The /usr/local partition needs to be remounted writable when installing new software. You can have a separate partition for /usr/local and include a line in the fstab for it. That way, /usr can remain mounted readonly. The /proc is a pseudo file system, but to be writable by the kernel, the root partition needs to be writable. The /var partition is where the log files are written to, as well as other types of caches.

You may also want to google for 'embedded linux ram-disk'. Normally, during bootup, the partitions are first mounted read-only, with the root partition being the ramdisk 'initrd'. An option may be to retain the ram-disk as the root partition, but you'll need to do this research yourself. The chroot howto may help. I think there is also an embedded linux howto around also.

I'd be interested if you gave more infomation on what system you are using and what it is used for. Sounds like it might be interesting.

Good Luck!

you can mount root as read-only but not on a fully running system. the filesystem is mounted as read-only at boot, if it is ext2, checked to see if it is clean, then if it is, it is remounted read-write. reiserfs cannot be mounted read-only, i think. a lot of software
needs to be able to write to the drive to run.

Don't forget about the logs too ... they need the hd to write to.

Since the logs in /var/cache are written to quite frequently, you may want to make sure they are either written to a hd or sent to a logging host rather than written to flash memory. Using a dedicated logging host connected directly to the computer is a security method I read about. The logging host may be connected directly to the computer sending the logs, rather than having a connection on the network switch. This makes it harder for hackers to cover their tracks, and reveals which files where comprimised. Look for the syslog or syslog.conf man page for information. There may be some programs running that can't be configured or able to log events via syslog however.

Since you are using an embedded system, I assume you might be using it as a gateway or router. If that is the case, consider having the root partition, and writable partitions in ramdisk, and the read-only partitions like /bin /usr /sbin /etc on the flash drive.

wow! thanks everyone for all the responses. Right now, I'm using an embedded computer on an autonomous vehicle at Virginia Tech.

http://www.ee.vt.edu/~ascl/

I want to hard drive to be read-only to reserve the onboard flash hard drive as long as possible, which has a limited number of writes. Setting up a ramdisk might not be the easiest option for me, since i have limited amount and i'd like to keep it available for computation, since i need data and control in realtime. right now, im taking a look at FHS. is it universal across all linuces? more importantly, is slackware compliant with it? (since thats what my bare bones version is based on)

i tried moving /sbin /bin /etc to partitions on the external storage, but that did not solve the problem.

you could look at the knoppix scripts for that. since they run from a cdrom, most of it has to be read-only.

Well,
1. read-only doesn't mean no-execute
2. a filesystem can be mounted read-write, under the directory tree of a read-only filesystem (try it )
3. yes, logs can be redirected, or not made at all
4. since you are developing an embedded system, why not take a step further and customize everything you can? No need to stick to FHS

I don't think Slackware is FHS-compliant, but as I said before, you might as well customize everything to get a very small footprint and a realtime system