From 2c20ee2f8a2122989d13a5477ac5cc83eeb186f3 Mon Sep 17 00:00:00 2001 From: Justin Cormack Date: Fri, 28 Jul 2017 13:04:14 +0100 Subject: [PATCH] Use a tmpfs for /var Previously we were cheating and remounting /var `rw` but this does not work if the filesystem is really read only. Nount a tmpfs, which may be overmounted later by a persistent filesystem. Signed-off-by: Justin Cormack --- pkg/init/bin/rc.init | 17 ++++++++--------- 1 file changed, 8 insertions(+), 9 deletions(-) diff --git a/pkg/init/bin/rc.init b/pkg/init/bin/rc.init index 1601b6a7a..27ff9f9ad 100755 --- a/pkg/init/bin/rc.init +++ b/pkg/init/bin/rc.init @@ -1,11 +1,18 @@ #!/bin/sh -# mount filesystems +# mount proc filesystem mount -n -t proc proc /proc -o nodev,nosuid,noexec,relatime +# remount rootfs as readonly +mount -o remount,ro / + +# mount tmpfs for /tmp and /run mount -n -t tmpfs tmpfs /run -o nodev,nosuid,noexec,relatime,size=10%,mode=755 mount -n -t tmpfs tmpfs /tmp -o nodev,nosuid,noexec,relatime,size=10%,mode=1777 +# mount tmpfs for /var. This may be overmounted with a persistent filesystem later +mount -n -t tmpfs tmpfs /var -o nodev,nosuid,noexec,relatime,size=50%,mode=755 + # mount devfs mount -n -t devtmpfs dev /dev -o nosuid,noexec,relatime,size=10m,nr_inodes=248418,mode=755 # devices @@ -101,14 +108,6 @@ ip link set lo up # for containerizing dhcpcd and other containers that need writable /etc/resolv.conf [ -L /etc/resolv.conf ] && mkdir -p $(dirname $(readlink -n /etc/resolv.conf)) && touch /etc/resolv.conf -# remount rootfs as readonly -mount -o remount,ro / - -# make /var writeable and shared -mount -o bind /var /var -mount -o remount,rw,nodev,nosuid,noexec,relatime /var /var -mount --make-rshared /var - # make / rshared mount --make-rshared /