I can't take credit for this idea, but have talked to Jeff Bonwick about this a couple times, and recentely we were talking about this at the SVOSUG meeting last week.
Currently, the way Mac OSX handles their system configuration is to store it in LDAP, then allow the admin/user to make changes to the traditional configuration files on UNIX to layer on afterwards. What if Solaris leap-frog'd that idea, and did similar, but stored our configuration in SMF manifests (i.e., XML), and at the same time made the root filesystem Read-Only. If a change was to be made to any of the binaries, those files would be linked in (through /var/xxxx or somewhere else), and modified for the system by the kernel. This would present some interesting possibilities. 1) Solaris would be able to treat the root filesystem as a ROM, in the sense that you need to upgrade, new bits gets blasted to the root, BFU at it's finest. Every system has the same root always. 2) Live Upgrade - pretty much all systems turn into a live upgrade, where the changes are issolated from the system, and laid over the top of it. 3) Not only the global zone, but all zones would inherit from the Read-Only Root FS, making it more secure. I was thinking it might be able to use the ZFS ACLs to store some information about the files, that could in turn be queried from at boot so the kernel could make the associations to such files. For instance, let's say a user replaced /usr/sbin/sendmail, in this case sendmail's ACL would have a relation to store the associated file and/or action, say to remove it, replace it with a link, or replace it. Even if the file was removed, maybe it would just be hidden and access not allowed, so that the ROM portion would remain the same. It would still be possible to update new bits to the ROM, but thinking about booting a ROM filesystem (replace failsafe possibly???) in order to get that update. This is kinda how embedded devices work in some cases today, boot from ROM, reflash NAND if needed, and then boot off the NAND in memory. There's a lot of interesting possibilities, IMO, by creating a Read-Only Root FS, and it's worth consideration as the install is being re-worked. Could be out of your scope, but something to consider. Any thoughts? Alien concept? -- Alan DuBoff - Solaris x86 Engineering - IHV/OEM Group Advocate of Insourcing at Sun, hire people that care about our company!
