Responding to a question posted earlier this month, Centos 5.1 includes configuration files for enabling the read-only root filesystem. Actually, all filesystems can be mounted read-only with particular files and directories mounted on a read-write tmpfs (in RAM). This capability comes directly from the upstream provider.
You can have your Centos system running read-only root in two easy steps: 1. Edit /etc/sysconfig/readonly-root and change READONLY=no to READONLY=yes 2. Reboot
When your computer comes back up, the root and any other system partitions will be mounted read-only. All the files and directories listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. You can add additional files and directories to rwtab to make them writable after reboot.
Note that this system is stateless. When you reboot again, everything written to the tmpfs filesystem vanishes and the system will be exactly as it was the last time it was booted. You could add a writable filesystem on disk or NFS for writing files you want to retain after rebooting.
Take a look at /etc/rc.d/rc.sysinit to see how the magic is done.
This capability is a "technology preview" (beta) and is buggy. Note that /etc/mtab and thus "mount" do not show the complete list of filesystems because the /etc directory is on a read-only filesystem. /proc/mounts always shows the correct mount information. You could update /etc/mtab from /proc/mounts to correct it both after boot and after running the mount or umount commands to change mounts.
Run "fgrep -v rootfs /proc/mounts >/etc/mtab" to correct /etc/mtab. Note that mounting or symlinking /proc/mounts to /etc/mtab causes other problems such as breaking the df command.
You can change your read-only root filesystem to read-write mode immediately with this command run by the root user: mount -n -o remount,rw /
- Fred
On Saturday 24 May 2008 12:05:30 Fred Noz wrote:
Responding to a question posted earlier this month, Centos 5.1 includes configuration files for enabling the read-only root filesystem. Actually, all filesystems can be mounted read-only with particular files and directories mounted on a read-write tmpfs (in RAM). This capability comes directly from the upstream provider.
When your computer comes back up, the root and any other system partitions will be mounted read-only. All the files and directories listed in /etc/rwtab will be mounted read-write on a tmpfs filesystem. You can add additional files and directories to rwtab to make them writable after reboot.
Note that this system is stateless. When you reboot again, everything written to the tmpfs filesystem vanishes and the system will be exactly as it was the last time it was booted. You could add a writable filesystem on disk or NFS for writing files you want to retain after rebooting.
This is very interesting. Thanks for the sharing Fred. So, it's somekind of Live CD on a disk? I can't think of a practical benefit of using such system, is it to protect it from unwanted modification?