[prev in list] [next in list] [prev in thread] [next in thread] 

List:       gentoo-dev
Subject:    [gentoo-dev] rfc: read-only root  Was: rfc: converting /etc/mtab to a symlink
From:       Duncan <1i5t5.duncan () cox ! net>
Date:       2013-10-15 3:33:44
Message-ID: pan$9ae6a$1cadfa62$6a25f8fa$37244e3c () cox ! net
[Download RAW message or body]

William Hubbs posted on Sun, 13 Oct 2013 14:32:32 -0500 as excerpted:

> from what I'm seeing, we should look into converting /etc/mtab to a
> symlink to /proc/self/mounts [1].
> 
> Are there any remaining concerns about doing this?
> 
> If not, it seems like it would be pretty easy to make baselayout create
> this symlink in the stages (I'm willing to do this work), but what about
> on systems that are already installed? Should we send out a news item
> and have everyone convert their /etc/mtab manually or find a way to
> automate that?
> 
> William
> 
> [1] http://bugs.gentoo.org/show_bug.cgi?id=477498

New subthread here as I don't see this mentioned in the others (tho pacho 
mentions it in the bug) ...

TL;DR: An /etc/mtab symlink is the generally recommended and simplest way 
to make a read-only root work, and I've been setup like that for some 
months now, so I'm all for it. =:^)

Some months ago I finally upgraded my core system to SSDs, and with that, 
btrfs (I had been on reiserfs for years with very good results even thru 
hardware issues as since ordered-by-default journaling went in, anyway, 
it's an incredibly stable filesystem that doesn't have the kernel folks 
monkeying around with it and trying stuff like the infamous ext3-
writeback-by-default tricks, like the ext* filesystems do, but 
unfortunately reiserfs simply was no designed for nor is it suited to 
SSDs), which of course is still an experimental filesystem, for good 
reason as altho the mainstream case tends to work relatively well, 
they're still fixing critical corner-case bugs with every kernel release.

So to hopefully counter some of the additional risk, and because I had 
been looking at the idea for a couple years anyway, I setup a read-only 
root by default.  And I'll tell you what, it sure is nice knowing that 
after a hard shutdown and reboot, while /home and /var/log will probably 
have integrity errors due to the bad shutdown and I'll need to do a btrfs 
scrub to repair them (a pair of SSDs with most filesystems in btrfs raid1 
mode for both data and metadata, so there's the second copy of all 
(meta)data to read and restore from if the first is corrupt and fails the 
integrity check), root itself should be safe, since it was mounted read-
only and thus no ongoing writes could have been occurring there when the 
crash occurred.  And of course the btrfs recovery tools are on root, so 
if worse did come to worse, they should be fine to use in recovering 
/home, since the root filesystem was read-only the entire period and thus 
should be undamaged. =;^)

Of course in ordered to setup a read-only root, I had to make some 
changes, including the one under discussion here, making /etc/mtab a 
symlink to /proc/self/mounts.  (Actually, I symlinked it to /proc/mounts, 
but as mentioned elsewhere in the thread, on a modern kernel since mount 
namespaces, that's a symlink to /proc/self/mounts already, so same 
ultimate result.)

So I'm all for the change, since that will bring the default gentoo 
installation one step closer to a read-only root, meaning one less thing 
for people who want to setup that way to have to worry about. =:^)

Meanwhile, the handbook has for years suggested a separate /boot and 
mentioned the separate /home option.  Once we have /etc/mtab as a 
symlink, the next logical step would be to consider upgrading that 
separate /home option to suggested default, adding /var/log as a 
suggested default, and making the default fstab options for / include ro, 
thus increasing default gentoo system data robustness dramatically.  Of 
course the system-updates/portage discussion would then need a reminder 
to remount / rw, but with /etc/mtab a symlink, further necessary changes 
are minor, and it really will improve gentoo system robustness 
dramatically, likely saving a number of users the headache of having to 
recover a screwed up root, simply because it was mounted writable and 
didn't happen to be in a consistent state when the system crashed.

(Arguably that should be a (sub-)thread of its own, thus the retitled 
subthread, already top-level.)

-- 
Duncan - List replies preferred.   No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master."  Richard Stallman


[prev in list] [next in list] [prev in thread] [next in thread]