| 1 |
William Hubbs posted on Sun, 13 Oct 2013 14:32:32 -0500 as excerpted: |
| 2 |
|
| 3 |
> from what I'm seeing, we should look into converting /etc/mtab to a |
| 4 |
> symlink to /proc/self/mounts [1]. |
| 5 |
> |
| 6 |
> Are there any remaining concerns about doing this? |
| 7 |
> |
| 8 |
> If not, it seems like it would be pretty easy to make baselayout create |
| 9 |
> this symlink in the stages (I'm willing to do this work), but what about |
| 10 |
> on systems that are already installed? Should we send out a news item |
| 11 |
> and have everyone convert their /etc/mtab manually or find a way to |
| 12 |
> automate that? |
| 13 |
> |
| 14 |
> William |
| 15 |
> |
| 16 |
> [1] http://bugs.gentoo.org/show_bug.cgi?id=477498 |
| 17 |
|
| 18 |
New subthread here as I don't see this mentioned in the others (tho pacho |
| 19 |
mentions it in the bug) ... |
| 20 |
|
| 21 |
TL;DR: An /etc/mtab symlink is the generally recommended and simplest way |
| 22 |
to make a read-only root work, and I've been setup like that for some |
| 23 |
months now, so I'm all for it. =:^) |
| 24 |
|
| 25 |
Some months ago I finally upgraded my core system to SSDs, and with that, |
| 26 |
btrfs (I had been on reiserfs for years with very good results even thru |
| 27 |
hardware issues as since ordered-by-default journaling went in, anyway, |
| 28 |
it's an incredibly stable filesystem that doesn't have the kernel folks |
| 29 |
monkeying around with it and trying stuff like the infamous ext3- |
| 30 |
writeback-by-default tricks, like the ext* filesystems do, but |
| 31 |
unfortunately reiserfs simply was no designed for nor is it suited to |
| 32 |
SSDs), which of course is still an experimental filesystem, for good |
| 33 |
reason as altho the mainstream case tends to work relatively well, |
| 34 |
they're still fixing critical corner-case bugs with every kernel release. |
| 35 |
|
| 36 |
So to hopefully counter some of the additional risk, and because I had |
| 37 |
been looking at the idea for a couple years anyway, I setup a read-only |
| 38 |
root by default. And I'll tell you what, it sure is nice knowing that |
| 39 |
after a hard shutdown and reboot, while /home and /var/log will probably |
| 40 |
have integrity errors due to the bad shutdown and I'll need to do a btrfs |
| 41 |
scrub to repair them (a pair of SSDs with most filesystems in btrfs raid1 |
| 42 |
mode for both data and metadata, so there's the second copy of all |
| 43 |
(meta)data to read and restore from if the first is corrupt and fails the |
| 44 |
integrity check), root itself should be safe, since it was mounted read- |
| 45 |
only and thus no ongoing writes could have been occurring there when the |
| 46 |
crash occurred. And of course the btrfs recovery tools are on root, so |
| 47 |
if worse did come to worse, they should be fine to use in recovering |
| 48 |
/home, since the root filesystem was read-only the entire period and thus |
| 49 |
should be undamaged. =;^) |
| 50 |
|
| 51 |
Of course in ordered to setup a read-only root, I had to make some |
| 52 |
changes, including the one under discussion here, making /etc/mtab a |
| 53 |
symlink to /proc/self/mounts. (Actually, I symlinked it to /proc/mounts, |
| 54 |
but as mentioned elsewhere in the thread, on a modern kernel since mount |
| 55 |
namespaces, that's a symlink to /proc/self/mounts already, so same |
| 56 |
ultimate result.) |
| 57 |
|
| 58 |
So I'm all for the change, since that will bring the default gentoo |
| 59 |
installation one step closer to a read-only root, meaning one less thing |
| 60 |
for people who want to setup that way to have to worry about. =:^) |
| 61 |
|
| 62 |
Meanwhile, the handbook has for years suggested a separate /boot and |
| 63 |
mentioned the separate /home option. Once we have /etc/mtab as a |
| 64 |
symlink, the next logical step would be to consider upgrading that |
| 65 |
separate /home option to suggested default, adding /var/log as a |
| 66 |
suggested default, and making the default fstab options for / include ro, |
| 67 |
thus increasing default gentoo system data robustness dramatically. Of |
| 68 |
course the system-updates/portage discussion would then need a reminder |
| 69 |
to remount / rw, but with /etc/mtab a symlink, further necessary changes |
| 70 |
are minor, and it really will improve gentoo system robustness |
| 71 |
dramatically, likely saving a number of users the headache of having to |
| 72 |
recover a screwed up root, simply because it was mounted writable and |
| 73 |
didn't happen to be in a consistent state when the system crashed. |
| 74 |
|
| 75 |
(Arguably that should be a (sub-)thread of its own, thus the retitled |
| 76 |
subthread, already top-level.) |
| 77 |
|
| 78 |
-- |
| 79 |
Duncan - List replies preferred. No HTML msgs. |
| 80 |
"Every nonfree program has a lord, a master -- |
| 81 |
and if you use the program, he is your master." Richard Stallman |
Archives