1 |
William Hubbs posted on Sun, 13 Oct 2013 14:32:32 -0500 as excerpted: |
2 |
|
3 |
> from what I'm seeing, we should look into converting /etc/mtab to a |
4 |
> symlink to /proc/self/mounts [1]. |
5 |
> |
6 |
> Are there any remaining concerns about doing this? |
7 |
> |
8 |
> If not, it seems like it would be pretty easy to make baselayout create |
9 |
> this symlink in the stages (I'm willing to do this work), but what about |
10 |
> on systems that are already installed? Should we send out a news item |
11 |
> and have everyone convert their /etc/mtab manually or find a way to |
12 |
> automate that? |
13 |
> |
14 |
> William |
15 |
> |
16 |
> [1] http://bugs.gentoo.org/show_bug.cgi?id=477498 |
17 |
|
18 |
New subthread here as I don't see this mentioned in the others (tho pacho |
19 |
mentions it in the bug) ... |
20 |
|
21 |
TL;DR: An /etc/mtab symlink is the generally recommended and simplest way |
22 |
to make a read-only root work, and I've been setup like that for some |
23 |
months now, so I'm all for it. =:^) |
24 |
|
25 |
Some months ago I finally upgraded my core system to SSDs, and with that, |
26 |
btrfs (I had been on reiserfs for years with very good results even thru |
27 |
hardware issues as since ordered-by-default journaling went in, anyway, |
28 |
it's an incredibly stable filesystem that doesn't have the kernel folks |
29 |
monkeying around with it and trying stuff like the infamous ext3- |
30 |
writeback-by-default tricks, like the ext* filesystems do, but |
31 |
unfortunately reiserfs simply was no designed for nor is it suited to |
32 |
SSDs), which of course is still an experimental filesystem, for good |
33 |
reason as altho the mainstream case tends to work relatively well, |
34 |
they're still fixing critical corner-case bugs with every kernel release. |
35 |
|
36 |
So to hopefully counter some of the additional risk, and because I had |
37 |
been looking at the idea for a couple years anyway, I setup a read-only |
38 |
root by default. And I'll tell you what, it sure is nice knowing that |
39 |
after a hard shutdown and reboot, while /home and /var/log will probably |
40 |
have integrity errors due to the bad shutdown and I'll need to do a btrfs |
41 |
scrub to repair them (a pair of SSDs with most filesystems in btrfs raid1 |
42 |
mode for both data and metadata, so there's the second copy of all |
43 |
(meta)data to read and restore from if the first is corrupt and fails the |
44 |
integrity check), root itself should be safe, since it was mounted read- |
45 |
only and thus no ongoing writes could have been occurring there when the |
46 |
crash occurred. And of course the btrfs recovery tools are on root, so |
47 |
if worse did come to worse, they should be fine to use in recovering |
48 |
/home, since the root filesystem was read-only the entire period and thus |
49 |
should be undamaged. =;^) |
50 |
|
51 |
Of course in ordered to setup a read-only root, I had to make some |
52 |
changes, including the one under discussion here, making /etc/mtab a |
53 |
symlink to /proc/self/mounts. (Actually, I symlinked it to /proc/mounts, |
54 |
but as mentioned elsewhere in the thread, on a modern kernel since mount |
55 |
namespaces, that's a symlink to /proc/self/mounts already, so same |
56 |
ultimate result.) |
57 |
|
58 |
So I'm all for the change, since that will bring the default gentoo |
59 |
installation one step closer to a read-only root, meaning one less thing |
60 |
for people who want to setup that way to have to worry about. =:^) |
61 |
|
62 |
Meanwhile, the handbook has for years suggested a separate /boot and |
63 |
mentioned the separate /home option. Once we have /etc/mtab as a |
64 |
symlink, the next logical step would be to consider upgrading that |
65 |
separate /home option to suggested default, adding /var/log as a |
66 |
suggested default, and making the default fstab options for / include ro, |
67 |
thus increasing default gentoo system data robustness dramatically. Of |
68 |
course the system-updates/portage discussion would then need a reminder |
69 |
to remount / rw, but with /etc/mtab a symlink, further necessary changes |
70 |
are minor, and it really will improve gentoo system robustness |
71 |
dramatically, likely saving a number of users the headache of having to |
72 |
recover a screwed up root, simply because it was mounted writable and |
73 |
didn't happen to be in a consistent state when the system crashed. |
74 |
|
75 |
(Arguably that should be a (sub-)thread of its own, thus the retitled |
76 |
subthread, already top-level.) |
77 |
|
78 |
-- |
79 |
Duncan - List replies preferred. No HTML msgs. |
80 |
"Every nonfree program has a lord, a master -- |
81 |
and if you use the program, he is your master." Richard Stallman |