mounting /usr read-only -- didn't this *used* to work?

Robert Nichols rnicholsNOSPAM at comcast.net
Sun Oct 21 12:53:09 UTC 2007


Robert P. J. Day wrote:
>   once upon a time, after i set up my fedora system, i had a habit of
> re-mounting the entire /usr filesystem read-only so that, even as
> root, i couldn't do something indescribably stupid and destroy
> valuable files.  (theoretically, this remounting should be fine since,
> according to the FHS, the contents of /usr should be static and
> shareable.)
> 
>   all i would do (and demo to students in class, as well, since they
> thought it was tres cool), was to use mount with the remount option:
> 
>     # mount -oro,remount /usr
> 
>   if i try that nowadays, though, i get:
> 
>   # mount -oro,remount /usr
>   mount: /usr is busy
> 
> i can certainly do the above with one of my currently unused
> partitions like, say, /opt, but i'm not sure why the /usr filesystem
> is considered "busy."
> 
>   i'm unsure of the semantics of remounting a FS as read-only -- will
> it fail if some file is currently opened with write access?  i've
> used "fuser" to (apparently) verify that nothing like that seems to be
> happening.  thoughts?  does anyone else remember doing this on earlier
> fedora systems, and does it work on your latest version of fedora?
> thanks.

Your enemies are software updates and prelink, coupled with long-
running processes that are keeping old, now deleted, files open.
The files system cannot be made read-only until the space for those
deleted files has been released.  You can see some of that with
"lsof /usr | grep -i del", but there will be some deleted library
files that won't show up.

You can mount /usr read-only after a reboot (I include "ro" in the
options for /usr in /etc/fstab), or after restarting any currently
running processes holding deleted files on /usr.  Getting all
those processes out of the way may require bringing the system
down to runlevel 1 plus killing off any stray background processes
that didn't get stopped automatically.

WARNING:  If you're going to have /usr mounted read-only you must
disable the automatic daily execution of prelink.  The way I did
that is by adding a line at top of /etc/sysconfig/prelink:

      /usr/bin/tty -s || exit    # Don't let cron run this

That lets me run /etc/cron.daily/prelink manually while I have
/usr mounted read-write.  You could replace that test with a check
on whether /usr was writable.

-- 
Bob Nichols     "NOSPAM" is really part of my email address.
                 Do NOT delete it.




More information about the users mailing list