DaemonForums  

Go Back   DaemonForums > OpenBSD > OpenBSD General

OpenBSD General Other questions regarding OpenBSD which do not fit in any of the categories below.

Reply
 
Thread Tools Display Modes
  #1   (View Single Post)  
Old 28th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default Embedded.

Hiya.

I have a bunch of questions about OpenBSD on embedded.
At the moment one specific question.

I am using CF and am interested in getting the card read only for obvious reasons.
Apparently it's as simple as editing my fstab. :]

Here is my fstab:
Code:
# cat /etc/fstab
/dev/wd0a / ffs ro 1 1
swap /tmp mfs rw,nosuid,-P=/tmplate,-s=65536 0 0
As far as I understand that's all I need to do.
Not being familiar with this I rebooted to test. :]
I tried this:
Code:
# mount -v
/dev/wd0a on / type ffs (rw, local, ctime=Thu Aug 14 17:39:12 2008)
mfs:12843 on /tmp type mfs (rw, asynchronous, local, nosuid, ctime=Thu Aug 14 17
:39:09 2008, size=65536 512-blocks)
As you can see it looks read write.
To be sure I tried to make a file in /.
Sure enough it works.
Any thoughts?

Best wishes.
Reply With Quote
  #2   (View Single Post)  
Old 28th March 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

I believe the "1 1" must be "0 0" for read only filesystems.

With the default installation, the following hierarchies need to be read/write:
/root
/etc
/home
/var
/tmp
/dev
You should either make these MFS, or make appropriate adjustments. /tmp is the only one you've accounted for. You may also want to set the mode for /tmp to 1777.
Reply With Quote
  #3   (View Single Post)  
Old 28th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by jggimi View Post
I believe the "1 1" must be "0 0" for read only filesystems.
I don't want to discount that.
After all you saved my bacon getting pxe working.

I don't think this will help though.
The first number (fs_freq) is the dump(8) identifier. Apparently this allows for different levels of backup (0 to 9). I suspect that it is usual to back up / even if it is read only.
The second number (fs_passno) is used by fsck(8) to work out the order of checking on boot. If the number is 0 apparently the file system is not checked. I suspect that / should be checked even if it is read only.

I guess that's why all the docs I read for doing this (mounting a filesystem in RAM) had "0 0" for the memory filesystem. They also had "1 1" for the CF.
Hey, I'll give it a whirl ...

Quote:
Originally Posted by jggimi View Post
With the default installation, the following hierarchies need to be read/write:
/root
/etc
/home
/var
/tmp
/dev
You should either make these MFS, or make appropriate adjustments. /tmp is the only one you've accounted for. You may also want to set the mode for /tmp to 1777.
I am populating my mfs with the /tmplate folder containing copies of /var and /dev. And of course I have got /tmp done.
This is the minimum according to (user) documentation.
One guide recommends /root also. I suspect I don't need it. Nor /home. Can you confirm or deny.
Are you sure I need /etc read write?

I think the big problem is I don't have symlinks yet.
It seems obvious to me that the kernel is gonna still look for these folders in the usual places until I tell it otherwise. :]
I suspect when I get that done it will be okay ...

Best wishes.
Reply With Quote
  #4   (View Single Post)  
Old 28th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

I tried. :]

0 0

Code:
# cat fstab
/dev/wd0a / ffs ro 0 0

# mount -v
/dev/wd0a on / type ffs (rw, local, ctime=Fri Aug 15 05:30:45 2008)

dmesg:
Automatic boot in progress: starting file system checks.
Note, no file check takes place.

1 1

Code:
# cat fstab
/dev/wd0a / ffs ro 1 1

# mount -v
/dev/wd0a on / type ffs (rw, local, ctime=Fri Aug 15 05:34:20 2008)

dmesg:
Automatic boot in progress: starting file system checks.
/dev/rwd0a: file system is clean; not checking
Both still read write.

Best wishes.
Reply With Quote
  #5   (View Single Post)  
Old 28th March 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

Ooops. "/" is mounted writeable by /etc/rc; read-only in fstab(5) won't help. You'll have to modify the rc(8) script to keep it read only:
Code:
.
.
.
umount -a >/dev/null 2>&1
mount -a -t nonfs,vnd
mount -uw /        # root on nfs requires this, others aren't hurt
rm -f /fastboot        # XXX (root now writeable)
.
.
.
Having /root and /home read-only is your choice, based on your needs.

/etc read/write is required by dhclient(8) as it writes resolv.conf(5).
Reply With Quote
  #6   (View Single Post)  
Old 28th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by jggimi View Post
Ooops. "/" is mounted writeable by /etc/rc; read-only in fstab(5) won't help.
So for / rc overrides anything in fstab?
Presumably this is true and it could be changed for other mounts - not that I would.

Quote:
Originally Posted by jggimi View Post
You'll have to modify the rc(8) script to keep it read only:
Code:
.
.
.
umount -a >/dev/null 2>&1
mount -a -t nonfs,vnd
mount -uw /        # root on nfs requires this, others aren't hurt
rm -f /fastboot        # XXX (root now writeable)
.
.
.
Are we still in Kansas?
A good thing ™ I paid attention in Italian lessons ...

Quote:
Originally Posted by jggimi View Post
Having /root and /home read-only is your choice, based on your needs.
Cool.
As long as I don't want to write I don't need them.

Quote:
Originally Posted by jggimi View Post
/etc read/write is required by dhclient(8) as it writes resolv.conf(5).
Of course. Good thinking. Although that would be DNS yes?

Best wishes.
Reply With Quote
  #7   (View Single Post)  
Old 28th March 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

dhclient is the DHCP client. If you are using TCP/IP, and not using static IP for your embedded platform, your choice is either use DHCP or BOOTP, both of which use dhclient(8). If your DHCP or BOOTP server passes any domain or nameserver information, dhclient will attempt to write it to /etc/resolv.conf. This is, of course, dependent on your environment: whether TCP/IP is used, and whether information for the resolver is passed by your DHCP/BOOTP server.
Reply With Quote
  #8   (View Single Post)  
Old 28th March 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

Continuing: The command that /etc/rc uses for the root partition is:
Code:
mount -uw /
This is the line you must change if you want your root partition of a writeable drive to be read only.
Reply With Quote
  #9   (View Single Post)  
Old 28th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by jggimi View Post
Continuing: The command that /etc/rc uses for the root partition is:
Code:
mount -uw /
This is the line you must change if you want your root partition of a writeable drive to be read only.
Thanks.

I had a look today. Of course you made it much easier.
This makes me wonder if other people doing this are getting read only drives.
Still they are doing custom installs. Me - I did a standard install. :]
I figured that way I would have to learn everything.
Doing a standard installation on a desktop is not very challenging.
Doing one read only on the other hand is turning into quite the experience.
Exactly what I wanted.

Oop. Here's someone who knows:
http://bsd.dischaos.com/2008/10/06/r...ead-only-mode/
I like the idea of using fstab to organize /dev and /var.
Still considering there is additional jiggery pokery involved I might stick with my current plan. Linking.

Best wishes.
Reply With Quote
Old 29th March 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

If you really want to try something fancy -- you can use a RAIDframe configuration in RAID 1. You set the read-only media to one side of the mirror, RAM disk to the other, then break the mirror pair.

I use RAIDframe, which requires a custom kernel, but I've never tried this:

http://undeadly.org/cgi?action=artic...20020818020316
Reply With Quote
Old 29th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by jggimi View Post
If you really want to try something fancy -- you can use a RAIDframe configuration in RAID 1. You set the read-only media to one side of the mirror, RAM disk to the other, then break the mirror pair.
No, Nooooooo ...
Please no more interesting ideas. I will get sidetracked even more.

Haha. What a great idea.
It's utterly fantastiche. :]

What a great way to learn RAID.
Instead of having symlinks and whatnot I duplicate /var and /dev on one of the mirrors.
Ahh, but the kernel will try to access both of them. So you mean it as a curiosity?

Off to read Undeadly.

Best wishes.

EDIT:
I started reading and now I see where you are going.
Haha. Great stuff.

Last edited by diw; 29th March 2009 at 12:58 AM.
Reply With Quote
Old 29th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

# mount -v
/dev/wd0a on / type ffs (local, read-only, ctime=Fri Aug 15 15:37:30 2008)

:]

Best wishes.
Reply With Quote
Old 29th March 2009
diw's Avatar
diw diw is offline
Port Guard
 
Join Date: Jul 2008
Posts: 45
Thanked 2 Times in 2 Posts
Default

Hiya.

Rather than stuff around with symlinks - something I am not 100% comfortable with, I formed my own plan.

Code:
# cat /etc/fstab
/dev/wd0a / ffs ro 1 1
swap /dev mfs rw,-P=/populate/dev,-s=16384 0 0
swap /var mfs rw,-P=/populate/var,-s=32768 0 0
swap /tmp mfs rw,-s=16384 0 0
Code:
# df
Filesystem  512-blocks      Used     Avail Capacity  Mounted on
/dev/wd0a       491612    445080     21952    95%    /
mfs:12843        15710        44     14882     0%    /dev
mfs:27993        31582      8998     21006    30%    /var
mfs:20489        15710         2     14924     0%    /tmp
Does this make sense?
It seems to work.
What do you think of my sizes?
What do you think of my genius plan?

Do I really need to worry about noatime, nosuid, etcetera?

Best wishes.
Reply With Quote
Old 29th March 2009
jggimi's Avatar
jggimi jggimi is offline
More noise than signal
 
Join Date: May 2008
Location: USA
Posts: 3,886
Thanked 214 Times in 189 Posts
Default

The size of /var will need to be set based on your application needs, and there's no way to predict it without knowing your application set and use requirements.

"noatime" is a helpful primarily for power consumption savings with hard drives (or flash memory) with read/write disk. It can also have performance savings, too. By default, a read/write FFS filesystem will store the last-time-of-access for every file. It isn't used on read/only mounts, so "noatime" will have no impact on them. For MFS filesystems which do not get swapped, you won't see any impact from "noatime". If there is any swapping, "noatime" may reduce the amount occuring, depending on access patterns.

The use of "nodev" and "nosuid" are for security, and are recommended. If need be, "dev" or "suid" may be enabled with mount -u.

-----

I was joking a little bit about deploying RAIDframe to create a complete set of filesystems-in-RAM. I would say you'd need a lot more operational experience with OpenBSD, first. Why? Because that "how to" document is:
  1. unofficial
  2. out of date
  3. uses a custom kernel, which is unsupported
A more modern method, at first glance, would be to use softraid(8) to accomplish the same thing. But recoverability with softraid is not yet possible, nor is root-on-RAID, so the setup and mirror management pieces would need to be completely revamped.
Reply With Quote
Reply

Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Similar Threads
Thread Thread Starter Forum Replies Last Post
A name for an embedded FreeBSD-based OS nimnod Off-Topic 15 16th March 2009 03:06 PM


All times are GMT. The time now is 06:33 AM.


Powered by vBulletin® Version 3.8.4
Copyright ©2000 - 2014, Jelsoft Enterprises Ltd.
Content copyright © 2007-2010, the authors
Daemon image copyright ©1988, Marshall Kirk McKusick