[Buildroot] [PATCH] fs/cpio/init: remout / as read-only as a first step

Arnout Vandecappelle arnout at mind.be
Wed Jul 5 22:18:23 UTC 2017 


On 05-07-17 22:52, Andrey Smirnov wrote:
> On Wed, Jul 5, 2017 at 7:17 AM, Peter Korsgaard <peter at korsgaard.com> wrote:
>>>>>>> "Andrey" == Andrey Smirnov <andrew.smirnov at gmail.com> writes:
>>
>>  > When /init is present on root file system kernel does not take into
>>  > accout kernel arguments such as "ro" and does not remount root as
>>  > read-only. So prior to this commit the system would continue booting
>>  > with "rw" root filesystem until corresponding line in /etc/fstab to
>>  > remount it as "ro" was processed.
>>
>>  > Change the code to immediately remount / as read-only and rely on
>>  > /etc/fstab processing to remount it as "rw" if that is what's selected
>>  > in Buildroot configuration.
>>
>>  > Signed-off-by: Andrey Smirnov <andrew.smirnov at gmail.com>
>>
>> I see what you're getting at, but this doesn't actually work (with
>> busybox mount at least):
>>
>> NET: Registered protocol family 17
>> Freeing unused kernel memory: 2528K
>> This architecture does not have kernel memory protection.
>> mount: can't read '/proc/mounts': No such file or directory
>> Starting logging: OK
>> Initializing random number generator... done.
>>
>> The reason is that mount had to read the current mount flags (either
>> directly in /proc/mounts or through /etc/mtab depending on busybox
>> config, but we symlink /etc/mtab to /proc/mounts) to be able to remount,
>> and as /proc is not mounted in an initramfs this doesn't work.
>>
> 
> Hmm, fascinating. I think the reason why I didn't see this and why it
> worked for me is because systemd selects BR2_PACKAGE_UTIL_LINUX_MOUNT
> and my system is using it instead of what busybox provides.
> 
>> We could conceptually mount /proc in /init as well, but then things gets
>> confusing when /sbin/init does it again.
>>
>> I don't see any clean way of doing this without adding quite some
>> complexity, and I think your usecase (systemd in initramfs that you want
>> ro) is so special that I would suggest you just use a custom /init in
>> your rootfs overlay.
>>
> 
> What about either of the following:
> 
> - Adding that line and silencing errors, so that on on systems with
> busybox's mount it would be effectively a no-op and systems that use
> util-linux it would achieve desired results?
> 
> - Making BR2_TARGET_ROOTFS_CPIO select BR2_PACKAGE_UTIL_LINUX_MOUNT?
> 
> - Optionally adding that line if BR2_PACKAGE_UTIL_LINUX_MOUNT?

 All of this is fairly complicated for something that is really a corner case.


> - Adding a note to fs/cpio/Config.in that root filesystem will become
> read-only only after corresponding line in /etc/fstab is processed
> successfully?

 The thing is, depending on various circumstances, the kernel may start the
rootfs either rw or ro. It's pretty complicated. It's not even specific for
cpio/initramfs (except that in that case it always starts rw so it's in fact
simpler).

 You *might* add a comment like that in the BR2_TARGET_GENERIC_REMOUNT_ROOTFS_RW
option, but even that is a bit too much detail I think.


> I am more than happy to alter the patch to accommodate for either of
> the above or just drop it and keep this change private to my buildroot
> customization layer.

 Yes, just put your version of /init in your fs-overlay and Bob's your uncle.

 Regards,
 Arnout

-- 
Arnout Vandecappelle                          arnout at mind be
Senior Embedded Software Architect            +32-16-286500
Essensium/Mind                                http://www.mind.be
G.Geenslaan 9, 3001 Leuven, Belgium           BE 872 984 063 RPR Leuven
LinkedIn profile: http://www.linkedin.com/in/arnoutvandecappelle
GPG fingerprint:  7493 020B C7E3 8618 8DEC 222C 82EB F404 F9AC 0DDF

More information about the buildroot mailing list