[Buildroot] [PATCH] fs/cpio/init: remout / as read-only as a first step

Andrey Smirnov andrew.smirnov at gmail.com
Wed Jul 5 20:52:14 UTC 2017 

On Wed, Jul 5, 2017 at 7:17 AM, Peter Korsgaard <peter at korsgaard.com> wrote:
>>>>>> "Andrey" == Andrey Smirnov <andrew.smirnov at gmail.com> writes:
>
>  > When /init is present on root file system kernel does not take into
>  > accout kernel arguments such as "ro" and does not remount root as
>  > read-only. So prior to this commit the system would continue booting
>  > with "rw" root filesystem until corresponding line in /etc/fstab to
>  > remount it as "ro" was processed.
>
>  > Change the code to immediately remount / as read-only and rely on
>  > /etc/fstab processing to remount it as "rw" if that is what's selected
>  > in Buildroot configuration.
>
>  > Signed-off-by: Andrey Smirnov <andrew.smirnov at gmail.com>
>
> I see what you're getting at, but this doesn't actually work (with
> busybox mount at least):
>
> NET: Registered protocol family 17
> Freeing unused kernel memory: 2528K
> This architecture does not have kernel memory protection.
> mount: can't read '/proc/mounts': No such file or directory
> Starting logging: OK
> Initializing random number generator... done.
>
> The reason is that mount had to read the current mount flags (either
> directly in /proc/mounts or through /etc/mtab depending on busybox
> config, but we symlink /etc/mtab to /proc/mounts) to be able to remount,
> and as /proc is not mounted in an initramfs this doesn't work.
>

Hmm, fascinating. I think the reason why I didn't see this and why it
worked for me is because systemd selects BR2_PACKAGE_UTIL_LINUX_MOUNT
and my system is using it instead of what busybox provides.

> We could conceptually mount /proc in /init as well, but then things gets
> confusing when /sbin/init does it again.
>
> I don't see any clean way of doing this without adding quite some
> complexity, and I think your usecase (systemd in initramfs that you want
> ro) is so special that I would suggest you just use a custom /init in
> your rootfs overlay.
>

What about either of the following:

- Adding that line and silencing errors, so that on on systems with
busybox's mount it would be effectively a no-op and systems that use
util-linux it would achieve desired results?

- Making BR2_TARGET_ROOTFS_CPIO select BR2_PACKAGE_UTIL_LINUX_MOUNT?

- Optionally adding that line if BR2_PACKAGE_UTIL_LINUX_MOUNT?

- Adding a note to fs/cpio/Config.in that root filesystem will become
read-only only after corresponding line in /etc/fstab is processed
successfully?

I am more than happy to alter the patch to accommodate for either of
the above or just drop it and keep this change private to my buildroot
customization layer.

Thanks,
Andrey Smirnov

More information about the buildroot mailing list