Welcome! Log In Create A New Profile

Advanced

Overlayfs/ readonly rootfs | system on USB

Posted by lcg 
lcg
Overlayfs/ readonly rootfs | system on USB
July 13, 2017 02:14PM
Dear all,

has anybody successfully installed a Debian system (>jessie) with read-only rootfilesystem (on USB stick)? I read guides on how to do that on non-ARM platforms. What are the steps in detail?

- new kernel necessary? or build at least a kernel-module?
- install overlayroot package and configure it with "tmpfs" like:

apt-get install overlayroot
echo 'overlayroot="tmpfs"' >> /etc/overlayroot.conf
reboot


- anything to do with uboot or boot commands?

Thanks!
best
lcg
Re: Overlayfs/ readonly rootfs | system on USB
July 13, 2017 03:54PM
lcg,

> - anything to do with uboot or boot commands?
>

No, IIRC, you dont need to change u-boot envs or bootcmd. Look for overlayfs as keyword.

-bodhi
===========================
Wiki
latest Kirkwood kernel builds and rootfs
latest u-boot-kirkwood builds
latest Oxnas kernel builds and rootfs
latest u-boot-oxnas builds
latest MVEBU Armada kernel builds and rootfs
U-Boot & Kernel Booting process
bodhi's u-boot GitHub
bodhi's corner
lcg
Re: Overlayfs/ readonly rootfs | system on USB
July 14, 2017 02:29AM
bodhi Wrote:
-------------------------------------------------------

> No, IIRC, you dont need to change u-boot envs or b
> ootcmd. Look for overlayfs as keyword.

thanks, overlayfs is not available as a package, but a package called bilibop:

# dpkg -l|fgrep bilibop
ii  bilibop-common                   0.4.23                            armel        shell functions for bilibop scripts
ii  bilibop-lockfs                   0.4.23                            armel        lock filesystems and write changes into RAM
ii  bilibop-rules                    0.4.23                            armel        device management rules for OS running from external media

Install went ok, but after reboot the rootfs is still rw:

# mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,relatime,size=10240k,nr_inodes=14204,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,relatime,size=24188k,mode=755)
/dev/sda1 on / type ext3 (rw,noatime,errors=remount-ro,data=ordered)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=22,pgrp=1,timeout=300,minproto=5,maxproto=5,direct)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
mqueue on /dev/mqueue type mqueue (rw,relatime)
tmpfs on /tmp type tmpfs (rw,relatime)
rpc_pipefs on /run/rpc_pipefs type rpc_pipefs (rw,relatime)

updated initramfs (first it did not work, but used the -t option and that worked, then it worked outofthebox):

# dpkg-reconfigure bilibop-lockfs
update-initramfs: deferring update (trigger activated)
Processing triggers for initramfs-tools (0.120+deb8u3) ...
update-initramfs: Generating /boot/initrd.img-4.4.0-kirkwood-tld-1

and

# cat /etc/bilibop/bilibop.conf

# /etc/bilibop/bilibop.conf
# Global configuration file for bilibop-* packages. For a comprehensive list
# of possible default or custom settings, read the bilibop.conf(5) manpage,
# and see the examples provided by each concerned bilibop-* package in
# /usr/share/doc/bilibop-*/examples/bilibop.conf
BILIBOP_LOCKFS=true
BILIBOP_LOCKFS_POLICY=soft
BILIBOP_LOCKFS_SWAP_POLICY=soft

Neither journalctl nor netconsole showed any error. Unfortunately this is not documented very well on the net.

Any suggestions or errors in what I did?

thanks and best
lcg
Re: Overlayfs/ readonly rootfs | system on USB
July 14, 2017 03:34AM
lcg,

Overlayfs is a kernel module. So there is realy no need to install any package.

Starting point:
https://wiki.archlinux.org/index.php/Overlay_filesystem

The syntax is simple, but it is a little bit abstract. It has been a long time ago for me, so I can't help you with the specifics. But the idea is like this:

cat /etc/fstab
# /etc/fstab: static file system information.
#
# <file system> <mount point>   <type>  <options>       <dump>  <pass>
#
/dev/root      /               ext3    ro,noatime,errors=remount-ro 0 1
/dev/root      /etc            overlay lowerdir=/etc,upperdir=/mnt/kernel/rootfs/etc,workdir=/mnt/kernel/work 0 0

In this fstab, the overlaid /etc is RW, and it is at /mnt/kernel/rootfs/etc. In other words, you would mount the working dir /mnt/kernel/work as a union of the RO rootfs /etc with the overlay /mnt/kernel/rootfs/etc.

I don't know if what I said has helped! but the general kernel mechanism is overlayfs. There might be ready-made packages that provide this funcitonality. That bilipop might be one of them.

-bodhi
===========================
Wiki
latest Kirkwood kernel builds and rootfs
latest u-boot-kirkwood builds
latest Oxnas kernel builds and rootfs
latest u-boot-oxnas builds
latest MVEBU Armada kernel builds and rootfs
U-Boot & Kernel Booting process
bodhi's u-boot GitHub
bodhi's corner
lcg
Re: Overlayfs/ readonly rootfs | system on USB
July 17, 2017 03:59AM
bodhi Wrote:
-------------------------------------------------------

thanks bodhi... so I will check first whether the kernel module is present or where to get the sources for it. I was a little bit surprised about the fact that bilibop did not show *any* error or log-entry, maybe I misconfigured it. It should be exactly such an overlayfs implementation as you pointed it out.

However, I tried out to boot rootfs with a simple ro switch in fstab. There were not that much errors and I can take care of them with some links to tmpfs as well as logrotate. Probably that is much faster - and maybe a short script to write those files back to the usb stick while doing a proper shutdown (and temporarily enable rw to rootfs while shutting down the system).

For a standalone mpd player this is totally sufficient.

best regards
lcg

> lcg,
>
> Overlayfs is a kernel module. So there is realy no
> need to install any package.
>
> Starting point:
> https://wiki.archlinux.org/index.php/Overlay_files
> ystem
>
> The syntax is simple, but it is a little bit abstr
> act. It has been a long time ago for me, so I can'
> t help you with the specifics. But the idea is lik
> e this:
>
> cat /etc/fstab
>
> # /etc/fstab: static file system information.
> #
> # <file system> <mount point>   <type>  <options>
> <dump>  <pass>
> #
> /dev/root      /               ext3    ro,noatime,
> errors=remount-ro 0 1
> /dev/root      /etc            overlay lowerdir=/e
> tc,upperdir=/mnt/kernel/rootfs/etc,workdir=/mnt/ke
> rnel/work 0 0
>
>
> In this fstab, the overlaid /etc is RW, and it is
> at /mnt/kernel/rootfs/etc. In other words, you wo
> uld mount the working dir /mnt/kernel/work as a un
> ion of the RO rootfs /etc with the overlay /mnt/ke
> rnel/rootfs/etc.
>
> I don't know if what I said has helped! but the ge
> neral kernel mechanism is overlayfs. There might b
> e ready-made packages that provide this funcitonal
> ity. That bilipop might be one of them.
Re: Overlayfs/ readonly rootfs | system on USB
July 17, 2017 04:20AM
lcg,

> However, I tried out to boot rootfs with a simple
> ro switch in fstab. There were not that much error
> s and I can take care of them with some links to t
> mpfs as well as logrotate. Probably that is much f
> aster - and maybe a short script to write those fi
> les back to the usb stick while doing a proper shu
> tdown (and temporarily enable rw to rootfs while s
> hutting down the system).
>
> For a standalone mpd player this is totally suffic
> ient.

Yes, for a special purpose system, I think you've picked the simplest and best approach. You only need to redirect the application log to /tmp to tell what's going on while it's running.

-bodhi
===========================
Wiki
latest Kirkwood kernel builds and rootfs
latest u-boot-kirkwood builds
latest Oxnas kernel builds and rootfs
latest u-boot-oxnas builds
latest MVEBU Armada kernel builds and rootfs
U-Boot & Kernel Booting process
bodhi's u-boot GitHub
bodhi's corner
Author:

Your Email:


Subject:


Spam prevention:
Please, enter the code that you see below in the input field. This is for blocking bots that try to post this form automatically. If the code is hard to read, then just try to guess it right. If you enter the wrong code, a new image is created and you get another chance to enter it right.
Message: