Opened 9 years ago

Last modified 9 years ago

#3581 new defect

Base Filesystem should be read-only.

Reported by: cscott Owned by: cscott
Priority: normal Milestone: 8.2.0 (was Update.2)
Component: distro Version:
Keywords: Cc: kimquirk
Blocked By: Blocking:
Deployments affected: Action Needed: never set
Verified: no


We currently write a number of files in the base filesystem. For a number of reasons, we'd like to reduce this number -- writable files should live in /home/olpc, /security, or a tmpfs.

This bug will track efforts to reduce the number of writable files in the base os. The current list of files written is:


Some of these are not part of 'stateless' because they are written to by creating a new file and mv'ing it on top of the old file; this procedure doesn't work if the file is bind-mounted.

Notable entries above:

  • sshd should create its keys in /security, if it creates them at all.
  • we shouldn't need to write xorg.conf on first boot -- let's install the XO version, and only write a new one if on an emulator, if at all.
  • why the heck are we writing (or possible 'touch'ing) the kernel's modules? Maybe depmod is doing this?
  • random-seed should live in /security, or be dropped (since we've got a real hardware RNG)

Change History (11)

comment:1 Changed 9 years ago by AlbertCahalan

/etc/ssh/* should only be getting filled in once. This could be done at Quanta, during activation, or when first needed. The files are quite static otherwise, and do have a standard location. Going non-standard would not be good.

A quick hack to stop wtmp and utmp would be to create them as directories, either non-empty or with something mounted over them. (I know, I know... please stop groaning) I'd say to use the immutable flag on an empty file, but JFFS2 doesn't support that.

Symlink /etc/mtab to /proc/mounts. The normal tools know how to deal with this. See the mount(8) man page. Minor issues: loop device usage is less convenient and the "user" mount option will fail.

comment:2 Changed 9 years ago by jg

  • Milestone changed from Untriaged to First Deployment, V1.0

comment:3 Changed 9 years ago by cscott

Kim reports that changes to /etc/timezone should be preserved as well.

Albert: we can also use bind-mounts to address parts of the problem: bind-mounting /security/ on top of /etc/ssh/ accomplishes the goals of this bug without using a "nonstandard" file location. This is like the "stateless" system in FC7, except in reverse ("stateful"?)

comment:4 Changed 9 years ago by cscott

  • Cc kimquirk added

comment:5 Changed 9 years ago by Quozl

Per #3814, olpc-update results in regeneration of SSH host key.

comment:6 Changed 9 years ago by cscott

/var/log/wtmp and /var/run/utmp should already be mounted in a tmpfs by stateless; we must be writing them somehow during very early first boot. lists a number of other files we use for internationalization; we should ensure that these changes are persistent as well.

comment:7 follow-up: Changed 9 years ago by cscott

initscripts-8.54.1-9.olpc2.src.rpm makes the following files bind-mounts to /security/state:


There are still a number of puzzling files left in the list. I also opened trac #3912 for the xorg.conf issue.

comment:8 Changed 9 years ago by cscott

The kernel modules are being opened by 'modprobe' in rw mode; see trac #4184. I wonder what happens if the fs is read-only? In any case, we should fix modprobe.

comment:9 in reply to: ↑ 7 Changed 9 years ago by bernie

Replying to cscott:


I was thinking to just put LANG=C here and move the real language setting to /home/olpc/.i18n, which is already the supported mechanism by /etc/profile.d/

We should also update /etc/init.d/olpc-configure to do the right thing.

comment:10 Changed 9 years ago by gnu

See #4184 for modprobe patch that avoids opening the modules read/write.

comment:11 Changed 9 years ago by cscott

  • Action Needed set to never set
  • Owner changed from jg to cscott
Note: See TracTickets for help on using tickets.