Getting rid of /usr for F12?

Callum Lerwick seg at haxxed.com
Mon Apr 20 00:42:33 UTC 2009


On Sat, 2009-04-18 at 01:28 +0200, Lennart Poettering wrote:
> On Fri, 17.04.09 15:16, Jeff Spaleta (jspaleta at gmail.com) wrote:
> 
> > 
> > On Fri, Apr 17, 2009 at 3:11 PM, Lennart Poettering
> > <mzerqung at 0pointer.de> wrote:
> > > Oh, it makes a lot of sense. I mean, most config files are only
> > > touched during installation and during package upgrades. Otherwise
> > > they are practically read-only. During package upgrades or if the
> > > admin really wants to change something he can temporarily remount / to
> > > rw without a problem. This is eprfectly well supported by Debian.
> > 
> > Hmm I guess we need to redesign how denyhosts works as a service as
> > its default operation is to edit /etc/hosts.deny..quite frequently.
> > 
> > Should I file a bug report now?
> 
> I am not aware that it was an official Fedora goal to make it boot
> from a ro /. Would be good if it was, though.

Think about LiveCDs. No writes are going to be permanent, so why bother
writing at all?

Think about the proliferation of solid state storage. We can no longer
take for granted that writes are free, with flash storage writes come
with a cost. Read only root would guarantee preservation of operating
lifetime.

Read only also makes filesystem corruption much less likely.

Read only also allows the possibility of mastering a "perfect"
filesystem. No fragmentation, and you can compress it to hell and back.

Read only, if it's ensured in hardware, ensures security. Cleanup only
takes a reboot.

Is it weird of me to pine for the the days of floppy disks? Things were
so much easier then. Just put in the disk you want and go. I've got a
whole long blog post about this I should write some day. I'd like to see
a clear, hard line separation between the operating system, and user
data. The operating system should be self-contained, and uniform. The OS
should be able to be easily replaced, upgraded or downgraded, free of
state to muck things up. Hence, write only root. Once mastered, it stays
the same.

Remember write protect tabs?

> However, no daemon should ever touch files in /etc automatically. That
> NM does that is pretty bad style. Instead resolv.conf should be
> replaced by a symlink to /var and manipulated there.

In my wireless firmware:

http://www.haxxed.com/belkin/

resolve.conf is hardwired to localhost and dnsmasq is used for all DNS
configuration.

# ls -l /etc/
lrwxrwxrwx    1 0        0              11 shadow -> /tmp/shadow
-rw-r--r--    1 0        0              21 resolv.conf
-rw-r--r--    1 0        0             458 radvd.split.conf
-rw-r--r--    1 0        0             228 radvd.conf
-rw-r--r--    1 0        0              23 profile
-rw-r--r--    1 0        0              84 passwd
drwxrwxr-x    1 0        0              76 init.d
lrwxrwxrwx    1 0        0              10 hosts -> /tmp/hosts
-rw-------    1 0        0               0 gshadow
-rw-r--r--    1 0        0              30 group
lrwxrwxrwx    1 0        0              11 ethers -> /tmp/ethers
lrwxrwxrwx    1 0        0              13 dropbear -> /tmp/dropbear

# cat /etc/resolv.conf 
nameserver 127.0.0.1

Though various other things have to be redirected to /tmp, a ramfs
populated on boot by the init scripts from nvram settings. 2mb flash
just doesn't provide enough space for JFFS2.


dnsmasq ftw
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 197 bytes
Desc: This is a digitally signed message part
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20090419/e46567c9/attachment.bin 


More information about the devel mailing list