Re: OpenBSD Readonly File System

Tue, 09 Jun 2020 18:41:03 -0700 

On 2020-06-09 00:59, Vertigo Altair wrote:

Hi Misc,
I have a firewall device and I'm using OpenBSD on it. There is an
electricity problem where the device runs. Therefore, I have to run the
"fsck -y" command regularly at startup due to the electricity problem. To 
overcome this, I want to use readonly file system.
 I know there are some projects like "resflash", but I want to do that
manually.



I have hacked and slashed my way to this kind of configuration for my 
firewall/gateway and a few other machines -- and with what appears to be 
good results.  Please understand this is almost certainly not supported 
by the project.  I have outlined this at the following URL:


https://www.mr72.com/readonlyfs.html

I hope this helps.  Any feedback will be greatly appreciated.

Good luck!

Joe


My partitions like this;

vertigo# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    489M    3.2G    13%    /
/dev/sd0g     91.8G    1.0G   86.2G     1%    /mypartition
/dev/sd0d      989M   12.0K    940M     0%    /tmp
/dev/sd0f      3.9G    1.7G    2.0G    46%    /usr
/dev/sd0e      3.9G   46.9M    3.6G     1%    /var

I want to / and /usr as readonly, I updated /etc/fstab and I made / and
/usr readonly;

vertigo# cat /etc/fstab
ec347fefe8d05509.b none swap sw
ec347fefe8d05509.a / ffs ro 1 1
ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2
ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2
ec347fefe8d05509.f /usr ffs ro,wxallowed,nodev 1 2
ec347fefe8d05509.e /var ffs rw,nodev,nosuid 1 2


On startup following errors comming from /etc/rc; I think errors about

/etc/motd are not so important, but are the errors coming from 
/etc/tty*
can cause any problems? If my method is not correct, what is the best 
way

to do this?


OpenBSD/amd64 BOOTX64 3.50

boot>
booting hd0a:/bsd: 12957000+2753552+327712+0+708608
[807408+128+1024872+749630]=0x1271a18
entry point at 0x1001000
[ using 2583064 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993

        The Regents of the University of California.  All rights 
reserved.
Copyright (c) 1995-2020 OpenBSD. All rights reserved.  
https://www.OpenBSD.org


OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020

r...@syspatch-67-amd64.openbsd.org:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4151607296 (3959MB)
avail mem = 4013170688 (3827MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries)

bios0: vendor American Megatrends Inc. version "BAR3NA05" date 
07/23/2018

bios0: NF533 NF533
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5

acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT 
UEFI

acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.37 MHz, 06-37-09
cpu0:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
cpu1:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.03 MHz, 06-37-09
cpu2:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
cpu3:
FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 7 (RP02)
acpiprt3 at acpi0: bus 8 (RP03)
acpiprt4 at acpi0: bus 9 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
acpitz0 at acpi0: critical temperature is 127 degC
acpicmos0 at acpi0
acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000
"DMA0F28" at acpi0 not configured
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
cpu0: using VERW MDS workaround
cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826,
1743, 1660, 1577, 1494, 1411, 1328 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x11
inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x11
drm0 at inteldrm0
inteldrm0: msi, VALLEYVIEW, gen 7

ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x11: msi, 
AHCI 1.3

ahci0: port 0: 3.0Gb/s
scsibus1 at ahci0: 32 targets

sd0 at scsibus1 targ 0 lun 0: <ATA, KINGSTON SA400S3, SBFK> 
naa.50026b7782d3a666

sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin

xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x11: msi, 
xHCI 1.0

usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
"Intel Bay Trail TXE" rev 0x11 at pci0 dev 26 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x11: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00
pci2 at ppb1 bus 2

ppb2 at pci2 dev 1 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: 
msi

pci3 at ppb2 bus 3

ppb3 at pci2 dev 2 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: 
msi

pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0f

ppb4 at pci2 dev 3 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: 
msi

pci5 at ppb4 bus 5

ppb5 at pci2 dev 4 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: 
msi

pci6 at ppb5 bus 6
ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x11: msi
pci7 at ppb6 bus 7
em1 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0c
ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x11: msi
pci8 at ppb7 bus 8
em2 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0d
ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x11: msi
pci9 at ppb8 bus 9
em3 at pci9 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0e
pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x11
ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x11:
apic 1 int 18
iic0 at ichiic0
"eeprom" at iic0 addr 0x50 not configured
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
efifb at mainbus0 not configured
uhub0: device problem, disabling port 1
uhidev0 at uhub0 port 2 configuration 1 interface 0 " USB Keyboard"
rev 1.10/2.50 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
uhidev1 at uhub0 port 2 configuration 1 interface 1 " USB Keyboard"
rev 1.10/2.50 addr 2
uhidev1: iclass 3/0, 2 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
uhub1 at uhub0 port 4 configuration 1 interface 0 "Genesys Logic
USB2.0 Hub" rev 2.00/88.32 addr 3
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (ec347fefe8d05509.a) swap on sd0b dump on sd0b
inteldrm0: 1600x900, 32bpp
wsdisplay0 at inteldrm0 mux 1
pckbd_enable: command error
wskbd1: connecting to wsdisplay0
wsdisplay0: screen 0-5 added (std, vt100 emulation)
Automatic boot in progress: starting file system checks.
/dev/sd0a (ec347fefe8d05509.a): file system is clean; not checking
/dev/sd0g (ec347fefe8d05509.g): file system is clean; not checking
/dev/sd0d (ec347fefe8d05509.d): file system is clean; not checking
/dev/sd0f (ec347fefe8d05509.f): file system is clean; not checking
/dev/sd0e (ec347fefe8d05509.e): file system is clean; not checking
kbd: keyboard mapping set to tr
net.inet.udp.recvspace: 41600 -> 262144
net.inet.udp.sendspace: 9216 -> 262144
kern.maxfiles: 7030 -> 2048000
kern.maxclusters: 262144 -> 1280000
kern.somaxconn: 128 -> 10240
kern.seminfo.semmni: 10 -> 1024
kern.seminfo.semmns: 60 -> 4096
kern.shminfo.shmmax: 33554432 -> 805306368
kern.shminfo.shmall: 196608 -> 196608
kern.maxvnodes: 5926 -> 200000
net.inet.icmp.errppslimit: 100 -> 1000
ddb.panic: 1 -> 0
net.inet.ip.forwarding: 0 -> 1
kern.maxproc: 1310 -> 200000
kern.bufcachepercent: 20 -> 70
net.inet.ip.mforwarding: 0 -> 1
net.inet.gre.allow: 0 -> 1
net.inet.esp.enable: 1 -> 1
net.pipex.enable: 0 -> 1
machdep.kbdreset: 0 -> 1
kern.pool_debug: 0 -> 0
net.inet.ip.multipath: 0 -> 1
net.inet6.ip6.multipath: 0 -> 1
net.inet.divert.recvspace: 65636 -> 1048576
net.inet.divert.sendspace: 65636 -> 1048576
net.inet6.divert.recvspace: 65636 -> 1048576
net.inet6.divert.sendspace: 65636 -> 1048576
hw.smt: 0 -> 1
starting network
reordering libraries: done.
starting early daemons: syslogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
chmod: /dev/ttyp0: Read-only file system
chmod: /dev/ttyp1: Read-only file system
chmod: /dev/ttyp2: Read-only file system
chmod: /dev/ttyp3: Read-only file system
chmod: /dev/ttyp4: Read-only file system
chmod: /dev/ttyp5: Read-only file system
chmod: /dev/ttyp6: Read-only file system
chmod: /dev/ttyp7: Read-only file system
chmod: /dev/ttyp8: Read-only file system
chmod: /dev/ttyp9: Read-only file system
chmod: /dev/ttypA: Read-only file system
chmod: /dev/ttypB: Read-only file system
chmod: /dev/ttypC: Read-only file system
chmod: /dev/ttypD: Read-only file system
chmod: /dev/ttypE: Read-only file system
chmod: /dev/ttypF: Read-only file system
chmod: /dev/ttypG: Read-only file system
chmod: /dev/ttypH: Read-only file system
chmod: /dev/ttypI: Read-only file system
chmod: /dev/ttypJ: Read-only file system
chmod: /dev/ttypK: Read-only file system
chmod: /dev/ttypL: Read-only file system
chmod: /dev/ttypM: Read-only file system
chmod: /dev/ttypN: Read-only file system
chmod: /dev/ttypO: Read-only file system
chmod: /dev/ttypP: Read-only file system
chmod: /dev/ttypQ: Read-only file system
chmod: /dev/ttypR: Read-only file system
chmod: /dev/ttypS: Read-only file system
chmod: /dev/ttypT: Read-only file system
chmod: /dev/ttypU: Read-only file system
chmod: /dev/ttypV: Read-only file system
chmod: /dev/ttypW: Read-only file system
chmod: /dev/ttypX: Read-only file system
chmod: /dev/ttypY: Read-only file system
chmod: /dev/ttypZ: Read-only file system
chmod: /dev/ttypa: Read-only file system
chmod: /dev/ttypb: Read-only file system
chmod: /dev/ttypc: Read-only file system
chmod: /dev/ttypd: Read-only file system
chmod: /dev/ttype: Read-only file system
chmod: /dev/ttypf: Read-only file system
chmod: /dev/ttypg: Read-only file system
chmod: /dev/ttyph: Read-only file system
chmod: /dev/ttypi: Read-only file system
chmod: /dev/ttypj: Read-only file system
chmod: /dev/ttypk: Read-only file system
chmod: /dev/ttypl: Read-only file system
chmod: /dev/ttypm: Read-only file system
chmod: /dev/ttypn: Read-only file system
chmod: /dev/ttypo: Read-only file system
chmod: /dev/ttypp: Read-only file system
chmod: /dev/ttypq: Read-only file system
chmod: /dev/ttypr: Read-only file system
chmod: /dev/ttyps: Read-only file system
chmod: /dev/ttypt: Read-only file system
chmod: /dev/ttypu: Read-only file system
chmod: /dev/ttypv: Read-only file system
chmod: /dev/ttypw: Read-only file system
chmod: /dev/ttypx: Read-only file system
chmod: /dev/ttypy: Read-only file system
chmod: /dev/ttypz: Read-only file system
chown: /dev/ttyp0: Read-only file system
chown: /dev/ttyp1: Read-only file system
chown: /dev/ttyp2: Read-only file system
chown: /dev/ttyp3: Read-only file system
chown: /dev/ttyp4: Read-only file system
chown: /dev/ttyp5: Read-only file system
chown: /dev/ttyp6: Read-only file system
chown: /dev/ttyp7: Read-only file system
chown: /dev/ttyp8: Read-only file system
chown: /dev/ttyp9: Read-only file system
chown: /dev/ttypA: Read-only file system
chown: /dev/ttypB: Read-only file system
chown: /dev/ttypC: Read-only file system
chown: /dev/ttypD: Read-only file system
chown: /dev/ttypE: Read-only file system
chown: /dev/ttypF: Read-only file system
chown: /dev/ttypG: Read-only file system
chown: /dev/ttypH: Read-only file system
chown: /dev/ttypI: Read-only file system
chown: /dev/ttypJ: Read-only file system
chown: /dev/ttypK: Read-only file system
chown: /dev/ttypL: Read-only file system
chown: /dev/ttypM: Read-only file system
chown: /dev/ttypN: Read-only file system
chown: /dev/ttypO: Read-only file system
chown: /dev/ttypP: Read-only file system
chown: /dev/ttypQ: Read-only file system
chown: /dev/ttypR: Read-only file system
chown: /dev/ttypS: Read-only file system
chown: /dev/ttypT: Read-only file system
chown: /dev/ttypU: Read-only file system
chown: /dev/ttypV: Read-only file system
chown: /dev/ttypW: Read-only file system
chown: /dev/ttypX: Read-only file system
chown: /dev/ttypY: Read-only file system
chown: /dev/ttypZ: Read-only file system
chown: /dev/ttypa: Read-only file system
chown: /dev/ttypb: Read-only file system
chown: /dev/ttypc: Read-only file system
chown: /dev/ttypd: Read-only file system
chown: /dev/ttype: Read-only file system
chown: /dev/ttypf: Read-only file system
chown: /dev/ttypg: Read-only file system
chown: /dev/ttyph: Read-only file system
chown: /dev/ttypi: Read-only file system
chown: /dev/ttypj: Read-only file system
chown: /dev/ttypk: Read-only file system
chown: /dev/ttypl: Read-only file system
chown: /dev/ttypm: Read-only file system
chown: /dev/ttypn: Read-only file system
chown: /dev/ttypo: Read-only file system
chown: /dev/ttypp: Read-only file system
chown: /dev/ttypq: Read-only file system
chown: /dev/ttypr: Read-only file system
chown: /dev/ttyps: Read-only file system
chown: /dev/ttypt: Read-only file system
chown: /dev/ttypu: Read-only file system
chown: /dev/ttypv: Read-only file system
chown: /dev/ttypw: Read-only file system
chown: /dev/ttypx: Read-only file system
chown: /dev/ttypy: Read-only file system
chown: /dev/ttypz: Read-only file system
clearing /tmp
kern.securelevel: 0 -> 1
/etc/rc[557]: cannot create /etc/motd: Read-only file system
/etc/rc[558]: cannot create /etc/motd: Read-only file system
/etc/rc[559]: cannot create /etc/motd: Read-only file system
/etc/rc[560]: cannot create /etc/motd: Read-only file system
/etc/rc[561]: cannot create /etc/motd: Read-only file system
/etc/rc[562]: cannot create /etc/motd: Read-only file system
/etc/rc[563]: cannot create /etc/motd: Read-only file system
/etc/rc[564]: cannot create /etc/motd: Read-only file system
/etc/rc[565]: cannot create /etc/motd: Read-only file system
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons: cron.
Tue Jun  9 10:02:51 +03 2020
























					Reply via email to