mounting /usr read-only -- didn't this *used* to work?
Robert Nichols
rnicholsNOSPAM at comcast.net
Sun Oct 21 12:53:09 UTC 2007
Robert P. J. Day wrote:
> once upon a time, after i set up my fedora system, i had a habit of
> re-mounting the entire /usr filesystem read-only so that, even as
> root, i couldn't do something indescribably stupid and destroy
> valuable files. (theoretically, this remounting should be fine since,
> according to the FHS, the contents of /usr should be static and
> shareable.)
>
> all i would do (and demo to students in class, as well, since they
> thought it was tres cool), was to use mount with the remount option:
>
> # mount -oro,remount /usr
>
> if i try that nowadays, though, i get:
>
> # mount -oro,remount /usr
> mount: /usr is busy
>
> i can certainly do the above with one of my currently unused
> partitions like, say, /opt, but i'm not sure why the /usr filesystem
> is considered "busy."
>
> i'm unsure of the semantics of remounting a FS as read-only -- will
> it fail if some file is currently opened with write access? i've
> used "fuser" to (apparently) verify that nothing like that seems to be
> happening. thoughts? does anyone else remember doing this on earlier
> fedora systems, and does it work on your latest version of fedora?
> thanks.
Your enemies are software updates and prelink, coupled with long-
running processes that are keeping old, now deleted, files open.
The files system cannot be made read-only until the space for those
deleted files has been released. You can see some of that with
"lsof /usr | grep -i del", but there will be some deleted library
files that won't show up.
You can mount /usr read-only after a reboot (I include "ro" in the
options for /usr in /etc/fstab), or after restarting any currently
running processes holding deleted files on /usr. Getting all
those processes out of the way may require bringing the system
down to runlevel 1 plus killing off any stray background processes
that didn't get stopped automatically.
WARNING: If you're going to have /usr mounted read-only you must
disable the automatic daily execution of prelink. The way I did
that is by adding a line at top of /etc/sysconfig/prelink:
/usr/bin/tty -s || exit # Don't let cron run this
That lets me run /etc/cron.daily/prelink manually while I have
/usr mounted read-write. You could replace that test with a check
on whether /usr was writable.
--
Bob Nichols "NOSPAM" is really part of my email address.
Do NOT delete it.
More information about the users
mailing list