Is it possible to setup read-only root ?

[Bill Davidsen]

Reindl Harald wrote:
>
>
> Am 01.07.2012 19:08, schrieb Joe Zeff:
>> On 07/01/2012 10:01 AM, John Wendel wrote:
>>> Is it possible to setup Fedora, using Fedora provided tools/software,
>>> with a read-only root partition?
>>>
>>> There's an ancient wiki entry from the FC6 days that indicates that some
>>> work was done, but I would assume that this depended on the SysV init
>>> system. I've haven't seen any mention of read-only root setup with systemd.
>>>
>>> Any clues would be greatly appreciated.
>>>
>>
>> If I'm not mistaken, /var needs to be on that partition and needs to be writable.
>
> it is not uncommon to have /var on a own partition
>
>> If so, then you can't have a
>> read-only root partition.
>
> it works, but be really carefull
>
>> And, just so we all know where we're going here, why would you want to?
>
> in theory more security
>
> imagine a root-exploit changing a system binary
> much more difficult if the rootfs is readonly
>
Not clear if that really would help or not, setting attribute immutable on 
selected things makes them pretty bulletproof, although for the projected use I 
doubt it would be an issue.

The problem is that Linux doesn't support a overlay filesystem, sort of like 
copy on write, but at the inode level. That will allow you to "change" files all 
you want, but the working copy goes elsewhere.

I run tests using COW copies of disk images, so the original can be shared and 
will remain unchanged. I bet a system using a cheap flashcard for root doesn't 
have a VM capable CPU, or the root could be tiny and the app could run in a 
throwaway VM, recreated at boot time.

See: qemu-img create -b real.img -f qcow2 single-use.img

Booting off the copy will put changes in an image which can be discarded, or you 
can run multiple VMs off a single image.


-- 
Bill Davidsen <davidsen at tmr.com>
   "We have more to fear from the bungling of the incompetent than from
the machinations of the wicked."  - from Slashdot