On Thu, Nov 15, 2018 at 10:28:56PM -0700, Don NetBSD wrote: > I've a box with a DoM. I'd like to mount / as ro and create a > tmpfs for /var (and /tmp). I don't think anything else NEEDS to > be rw (the infrequent changes to /etc can be made by unlocking / > to make those changes). > > I imagine I can just make a tarball of a skeletal /var and > unpack this over /var, once mounted? > > Is there a preexisting mechanism for this sort of thing? > Or, do I roll my own?
I have done this before. I added an rc script for copying filesystems on non-volatile (NV) storage to memory filesystems and then null-mount the memory filesystems on top of the NV directories. See attachment. I added a line to /etc/fstab, swap /mfs tmpfs rw,-s8M 0 0 I modified my rc.conf to 1) indicate that /etc, /var, temporary and home directories should be on (ephemeral!) memory filesystems, and 2) ensure that the prerequisite filesystems (/usr) were mounted before mountcritmem ran. # When /usr is on a different filesystem than /, I mount it # before the memory filesystems so that pax can run programs # from it. # critical_filesystems_beforemem="/usr" # Do not mount /var, it's a memory fs. Superfluous, since NetBSD # will not mount /var a second time, anyway. # # critical_filesystems_local="" # Don't mount /usr, it comes with / on the CD-ROM. # critical_filesystems_remote="" # Don't mount /usr, it comes with / on the CD-ROM. # critical_filesystems_memory="/etc /home /root /tmp /var" If this works for you, too, maybe mountcritmem should go into the base system. Dave -- David Young dyo...@pobox.com Urbana, IL (217) 721-9981
#!/bin/sh # # $NetBSD$ # $Id: mountcritmem 4133 2006-08-26 06:10:29Z dyoung $ # # PROVIDE: mountcritmem # REQUIRE: root # BEFORE: mountcritlocal $_rc_subr_loaded . /etc/rc.subr name="mountcritmem" required_dirs="/mfs /permanent $critical_filesystems_memory" for _d in $critical_filesystems_memory; do d=${_d#/} required_dirs="$required_dirs /permanent/$d" done start_cmd="mountcritmem_start" stop_cmd="mountcritmem_stop" # # Example /etc/fstab # # /dev/wd0a / ffs ro 0 0 # swap /mfs mfs rw,-s=10880k,-i=256 0 0 abort_mountcritmem() { if [ "$autoboot" = yes ]; then echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!" kill -TERM $$ exit 1 fi } mountcritmem_start() { if [ "${critical_filesystems_memory:-}" = "" ]; then return 0 fi echo "Mounting critical memory filesystems" _fs_list= for _d in $critical_filesystems_memory; do d=${_d#/} _fs_list="$_fs_list $d" done for d in $_fs_list; do if [ ! -d /permanent/$d ]; then echo "ERROR: missing /permanent/$d" abort_mountcritmem return 1 fi done for d in $_fs_list; do if ! mount /mfs; then echo "ERROR: cannot mount /mfs" abort_mountcritmem return 1 fi break done for d in $_fs_list; do if ! mkdir /mfs/$d; then echo "ERROR: cannot mkdir /mfs/$d" abort_mountcritmem return 1 fi done for d in $_fs_list; do if ! mount -t null /$d /permanent/$d; then echo "ERROR: cannot mount /permanent/$d" abort_mountcritmem return 1 fi done for d in $_fs_list; do cd /permanent/$d if ! mount -t null /mfs/$d /$d; then echo "ERROR: cannot mount /mfs/$d" abort_mountcritmem return 1 fi if ! pax -pe -rw . /$d ; then echo "ERROR: cannot populate /mfs/$d" abort_mountcritmem return 1 fi cd - done } mountcritmem_stop() { if [ "${critical_filesystems_memory:-}" = "" ]; then return 0 fi _rev_fs_list= for _d in $critical_filesystems_memory; do d=${_d#/} _rev_fs_list="$d $_rev_fs_list" done for d in $_rev_fs_list; do umount /mfs/$d umount /permanent/$d done for d in $_rev_fs_list; do umount /mfs break done } load_rc_config $name run_rc_command "$1"