Hi Paul, On Sun, Jun 08, 2014 at 10:13:27AM +0800, Paul Wise wrote: > We kind-of already support that; Debian Live is essentially that. What > would official support for read-only root look like to you? Option in > the installer?
Probably fix the last bits of details that makes a read-only install not totally functionnal. Currently, it appears you can pass the read-only option as extra-flags for / when configuring the filesystem, but you still need to adjust: mtab -> /proc/mounts adjtime -> /var/lib/adjtime blkid.tab -> /var/local/blkid.tab You still need a /tmp as tmpfs, too - as far as I can see we still are having a /tmp under / > > https://wiki.debian.org/ReadonlyRoot > That page needs updating, some of the bugs/issues are fixed. Since you > are familiar with the use-case, could you do that? The /etc/network/run issue has been fixed (but this is implied in the page) What I see seems to be still relevant (ie. /etc/mtab still needs to be symlinked to /proc/mounts on wheezy, for example) Bug 156489 is still there on wheezy (https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=156489) # LANG=C /etc/init.d/hwclock.sh stop Saving the system clock. hwclock: Could not open file with the clock adjustment parameters in it (/etc/adjtime) for writing: Read-only file system hwclock: Drift adjustment parameters not updated. Hardware Clock updated to Sun Jun 8 10:53:36 CEST 2014. The workaround is really obvious: mv /etc/adjtime /var/lib && ln -s /var/lib/adjtime /etc I could not confirm the other issues (such as cups or alsa I'm not using on this machine) > > the only annoying thing is the 'mount: / is busy' issue > Have you reported this bug? Not yet, for multiple reasons: * I can't seem to find the real culprit - checkrestart fails to spot any relevant information, and neither lsof nor fuser -c could help me at this point * I'm using a customized grsec kernel - I first need to confirm that the issue also appears on a vanilla kernel * I'm using wheezy/sid mixed packages, and here again a real vanilla install will be necessary to du further tests But I'll check that next time moire thoroughly, as the issue almost always pops when updating a package. -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: https://lists.debian.org/20140608092547.GA21027@proliant.localnet
