Ticket #3581 (new defect)

Opened 6 years ago

Last modified 5 years ago

Base Filesystem should be read-only.

Reported by: cscott Owned by: cscott
Priority: normal Milestone: 8.2.0 (was Update.2)
Component: distro Version:
Keywords: Cc: kimquirk
Action Needed: never set Verified: no
Deployments affected: Blocked By:
Blocking:

Description

We currently write a number of files in the base filesystem. For a number of reasons, we'd like to reduce this number -- writable files should live in /home/olpc, /security, or a tmpfs.

This bug will track efforts to reduce the number of writable files in the base os. The current list of files written is:

/dev/.in_sysinit /etc/X11/xorg.conf /etc/ssh/ssh_host_rsa_key.pub /etc/ssh/ssh_host_key.pub /etc/ssh/ssh_host_key /etc/ssh/ssh_host_dsa_key.pub /etc/ssh/ssh_host_dsa_key /etc/ssh/ssh_host_rsa_key /etc/alsa/asound.state /etc/mtab /etc/dhclient.conf /etc/avahi/etc/localtime /etc/hosts /etc/sysconfig/i18n /etc/resolv.conf /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/fs/fat/fat.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/fs/vfat/vfat.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/net/ieee80211/ieee80211_crypt.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/net/ieee80211/ieee80211.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/i2c/i2c-dev.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/net/wireless/libertas/libertas.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/net/wireless/libertas/usb8xxx.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/char/cs5535_gpio.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/scsi/sg.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/input/mouse/psmouse.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/input/serio/serio_raw.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/input/mousedev.ko /lib/modules/2.6.22-20070828.4.olpc.e009125a2683ebc/kernel/drivers/input/joydev.ko /var/lib/dbus/machine-id /var/lib/random-seed /var/log/wtmp /var/run/utmp /var/cache/hald/fdi-cache /var/empty/sshd/etc/localtime /root/.bash_history /.olpc-configured /.autofsck

Some of these are not part of 'stateless' because they are written to by creating a new file and mv'ing it on top of the old file; this procedure doesn't work if the file is bind-mounted.

Notable entries above:

- sshd should create its keys in /security, if it creates them at all.

- we shouldn't need to write xorg.conf on first boot -- let's install the XO version, and only write a new one if on an emulator, if at all.

- why the heck are we writing (or possible 'touch'ing) the kernel's modules? Maybe depmod is doing this?

- random-seed should live in /security, or be dropped (since we've got a real hardware RNG)

Change History

  Changed 6 years ago by AlbertCahalan

/etc/ssh/* should only be getting filled in once. This could be done at Quanta, during activation, or when first needed. The files are quite static otherwise, and do have a standard location. Going non-standard would not be good.

A quick hack to stop wtmp and utmp would be to create them as directories, either non-empty or with something mounted over them. (I know, I know... please stop groaning) I'd say to use the immutable flag on an empty file, but JFFS2 doesn't support that.

Symlink /etc/mtab to /proc/mounts. The normal tools know how to deal with this. See the mount(8) man page. Minor issues: loop device usage is less convenient and the "user" mount option will fail.

  Changed 6 years ago by jg

  • milestone changed from Untriaged to First Deployment, V1.0

  Changed 6 years ago by cscott

Kim reports that changes to /etc/timezone should be preserved as well.

Albert: we can also use bind-mounts to address parts of the problem: bind-mounting /security/ssh_host_key.pub on top of /etc/ssh/ssh_host_key.pub accomplishes the goals of this bug without using a "nonstandard" file location. This is like the "stateless" system in FC7, except in reverse ("stateful"?)

  Changed 6 years ago by cscott

  • cc kimquirk added

  Changed 6 years ago by Quozl

Per #3814, olpc-update results in regeneration of SSH host key.

  Changed 6 years ago by cscott

/var/log/wtmp and /var/run/utmp should already be mounted in a tmpfs by stateless; we must be writing them somehow during very early first boot.

http://wiki.laptop.org/go/Customizing_NAND_images lists a number of other files we use for internationalization; we should ensure that these changes are persistent as well.

follow-up: ↓ 9   Changed 6 years ago by cscott

initscripts-8.54.1-9.olpc2.src.rpm makes the following files bind-mounts to /security/state:

/etc/ssh /etc/sysconfig/i18n /etc/timezone /var/lib/dbus /var/lib/random-seed

There are still a number of puzzling files left in the list. I also opened trac #3912 for the xorg.conf issue.

  Changed 6 years ago by cscott

The kernel modules are being opened by 'modprobe' in rw mode; see trac #4184. I wonder what happens if the fs is read-only? In any case, we should fix modprobe.

in reply to: ↑ 7   Changed 6 years ago by bernie

Replying to cscott:

/etc/sysconfig/i18n

I was thinking to just put LANG=C here and move the real language setting to /home/olpc/.i18n, which is already the supported mechanism by /etc/profile.d/lang.sh

We should also update /etc/init.d/olpc-configure to do the right thing.

  Changed 6 years ago by gnu

See #4184 for modprobe patch that avoids opening the modules read/write.

  Changed 5 years ago by cscott

  • owner changed from jg to cscott
  • next_action set to never set
Note: See TracTickets for help on using tickets.