[SOLVED] How can I mount /dev/sda1 read only?

[andyj]

I've looked through the scripts in the /etc directory and I see where it's added to fstab, but I can't find the actual mount anywhere. If I were to add ro to the mount options in rebuildfstab it would affect everything it finds. I could remount it ro, but I would rather it be ro from the start. Removable media still needs to be writable.

Andy

[Rich]

Hi andyj
I would add a command to /opt/bootlocal.sh to remount the drive read only.

[andyj]

I thought about that, but I still say the right way is to make it RO from the start. If I find it I will figure out how to make it a kernel command line option for all to use.

Andy

[tinypoodle]

I could remount it ro, but I would rather it be ro from the start.

It is far from clear what your issue is.
What exactly is holding you back mounting ro from start?

[andyj]

Where is the mount command for /mnt/sda1 in the boot process, so I can fix it?

Andy

[tinypoodle]

Fix what exactly?
Are you talking about a partition getting automatically mounted at boot?

[gerald_clark]

If your tce directory contains loop mounted extensions, you cannot mount it read only.
The only partitions that are automatically mounted at boot are partitions that contain tce, opt, or home.
These cannot be remounted read only.

You can use the copy2fs flag to ensure that there are no loop mounted extentions. 
You can then remount the partition containing the tce directory read only.
Ex: mount -oremount -r /mnt/sda2
This line can be entered in /opt/bootlocal.sh

Other partitions must be manually mounted, or mounted in bootlocal.sh.
Ex: mount -r /mnt/sdb2

[andyj]

The TCE dir is mounted in /usr/bin/tce-setup. It's an easy two line update. This would make a nice enhancement for systems which use read only media like CF cards with write protect switches. Then just change tce to tcero in syslinux.cfg / extlinux.conf.

--- /usr/bin/tce-setup
+++ tce-setup
@@ -19,7 +19,7 @@
                        if [ "$MOUNTED" == "yes" ]; then
                                setupExtnDirs
                        else
-                               mount "$MOUNTPOINT"
+                               mount "$MOUNTPOINT" $TCERO
                                if [ $? == 0 ]; then
                                        UMOUNT="yes"
                                        setupExtnDirs
@@ -125,6 +125,7 @@
 for i in `cat /proc/cmdline`; do
        case $i in
                tce=*) TCE=${i#*=} ;;
+               tcero=*) TCE=${i#*=} ; TCERO="-o ro" ;;
                lst=*) TARGETLIST=${i#*=} ;;
        esac
        case $i in

Andy

[tinypoodle]

If I understand right, then you would end up with a read-only TCEDIR, when it is a requirement for TCEDIR to be writable.
I think the reason cde was introduced was to avoid that.

[tinypoodle]

Clean ways to prevent a partition from being mounted rw would be:

1. boot code "base"
2. mv /tce
3. see Reply #6

[andyj]

All of those have problems:

1. What is the requirement that the TCEDIR be writable? If you WANT to make changes then it NEEDS to be writable, but if you don't want anyone to make changes, then I don't see any reason why it must be writable.
2. There is nothing in the CDE mount command that forces it to be read-only. It must be assumed that if you are using this then the media already is. This would have to be fixed.
3. The base option doesn't mount the tce dir so that the extensions can be loaded
4. Move tce to where? CF cards are detected and mounted as sda1, which is automatically assumed to be writable. This isn't always true, and needs to be addressed.

Andy

[tinypoodle]

2. There is nothing in the CDE mount command that forces it to be read-only. It must be assumed that if you are using this then the media already is. This would have to be fixed.

I don't think there is any explicit requirement for CDE to be read-only, but purpose of CDE being that a read-only dir would not become TCEDIR, i.e. to allow CorePlus with default mode. 

4. Move tce to where?

mv /tce /tce.moved

[andyj]

My system has no CD drives, so /etc/sysconfig/cdroms would be empty and CDE would do nothing. What does moving tce accomplish? The goal is to have the boot media mounted read only, even if it is physically writeable.

Andy

[tinypoodle]

There is no mechanism for the boot medium to be automounted, in fact the boot medium could be detached immediately after the bootloader has loaded kernel and initrd's into RAM.

[andyj]

Unless "nofstab" is specified in cmdline, disk devices will be added to the fstab, and the device tce is on will be mounted unless "base" is specified. If one does specify "base" then how do extensions get loaded?

The original design was a PXE setup, so this wasn't an issue. The machines for this project aren't on that network, so they need to boot locally. I've looked through the boot process, and there just isn't a clean and easy way to have a read only system booting from a local hard disk, flash card, or USB stick. There needs to be one.

Andy