Mailinglist Archive: opensuse-security (260 mails)

< Previous Next >
RE: [suse-security] root fs read-only
  • From: Roman Drahtmueller <draht@xxxxxxx>
  • Date: Tue, 18 Jul 2000 14:28:44 +0200 (MEST)
  • Message-id: <Pine.LNX.4.21.0007181421070.1197-100000@xxxxxxxxxxxx>
> On 18-Jul-00 Nikolai Dahlem wrote:
> > Hi,
> >
> > I try to mount my root-fs readonly.
> > My fstab contains
> > / ext2 (ro)
> > and the msg during boot process say it mounted read-only, but in fact it's
> > not; I can cp/mv/rm files and evertyhing. Strange thing is /boot ext2 (ro)
> > works.
> > Any suggestions ?
> /etc/fstab can only be read after / is mounted. To mount / read-only you
> have to use the `rdev' command (Try `rdev -h'). To mount the root-fs
> readonly you have to use `rdev -R <kernel> 1' (or `rdev -R <kernel> 0´ to
> mount it read/write).

According to /proc/cmdline this should have been the case already. Having
the kernel mount the root-filesystem read-only is necessary for the e2fsck
to operate seamlessly.

It's another problem:

/sbin/init.d/boot (the first script to run after kernel boot) reads:

mount -n -o remount,rw /

This happens regardless of the fstab entry. You have to change this
manually in order for the root-fs to become read-only.

Read-only root-filesystems aren't very common in the Linux world, which is
why it isn't generally considered a bug to not respect the fstab entry.

Roman Drahtmüller.
- -
| Roman Drahtmüller <draht@xxxxxxx> "Caution: Cape does not |
SuSE GmbH - Security enable user to fly."
| Nürnberg, Germany (Batman Costume warning label) |
- -

< Previous Next >
Follow Ups