OpenBSD Readonly File System

classic Classic list List threaded Threaded
21 messages Options
12
Reply | Threaded
Open this post in threaded view
|

OpenBSD Readonly File System

Vertigo Altair
Hi Misc,
I have a firewall device and I'm using OpenBSD on it. There is an
electricity problem where the device runs. Therefore, I have to run the
"fsck -y" command regularly at startup due to the electricity problem. To
overcome this, I want to use readonly file system.
 I know there are some projects like "resflash", but I want to do that
manually.

My partitions like this;

vertigo# df -h
Filesystem     Size    Used   Avail Capacity  Mounted on
/dev/sd0a      3.9G    489M    3.2G    13%    /
/dev/sd0g     91.8G    1.0G   86.2G     1%    /mypartition
/dev/sd0d      989M   12.0K    940M     0%    /tmp
/dev/sd0f      3.9G    1.7G    2.0G    46%    /usr
/dev/sd0e      3.9G   46.9M    3.6G     1%    /var

I want to / and /usr as readonly, I updated /etc/fstab and I made / and
/usr readonly;

vertigo# cat /etc/fstab
ec347fefe8d05509.b none swap sw
ec347fefe8d05509.a / ffs ro 1 1
ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2
ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2
ec347fefe8d05509.f /usr ffs ro,wxallowed,nodev 1 2
ec347fefe8d05509.e /var ffs rw,nodev,nosuid 1 2


On startup following errors comming from /etc/rc; I think errors about
/etc/motd are not so important, but are the errors coming from /etc/tty*
can cause any problems? If my method is not correct, what is the best way
to do this?

>> OpenBSD/amd64 BOOTX64 3.50
boot>
booting hd0a:/bsd: 12957000+2753552+327712+0+708608
[807408+128+1024872+749630]=0x1271a18
entry point at 0x1001000
[ using 2583064 bytes of bsd ELF symbol table ]
Copyright (c) 1982, 1986, 1989, 1991, 1993
        The Regents of the University of California.  All rights reserved.
Copyright (c) 1995-2020 OpenBSD. All rights reserved.  https://www.OpenBSD.org

OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020
    [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
real mem = 4151607296 (3959MB)
avail mem = 4013170688 (3827MB)
mpath0 at root
scsibus0 at mpath0: 256 targets
mainbus0 at root
bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries)
bios0: vendor American Megatrends Inc. version "BAR3NA05" date 07/23/2018
bios0: NF533 NF533
acpi0 at bios0: ACPI 5.0
acpi0: sleep states S0 S3 S4 S5
acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT UEFI
acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
acpitimer0 at acpi0: 3579545 Hz, 24 bits
acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
cpu0 at mainbus0: apid 0 (boot processor)
cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.37 MHz, 06-37-09
cpu0: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu0: 1MB 64b/line 16-way L2 cache
cpu0: smt 0, core 0, package 0
mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
cpu0: apic clock running at 83MHz
cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
cpu1 at mainbus0: apid 2 (application processor)
cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
cpu1: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu1: 1MB 64b/line 16-way L2 cache
cpu1: smt 0, core 1, package 0
cpu2 at mainbus0: apid 4 (application processor)
cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.03 MHz, 06-37-09
cpu2: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu2: 1MB 64b/line 16-way L2 cache
cpu2: smt 0, core 2, package 0
cpu3 at mainbus0: apid 6 (application processor)
cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
cpu3: FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
cpu3: 1MB 64b/line 16-way L2 cache
cpu3: smt 0, core 3, package 0
ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
acpimcfg0 at acpi0
acpimcfg0: addr 0xe0000000, bus 0-255
acpihpet0 at acpi0: 14318179 Hz
acpiprt0 at acpi0: bus 0 (PCI0)
acpiprt1 at acpi0: bus 1 (RP01)
acpiprt2 at acpi0: bus 7 (RP02)
acpiprt3 at acpi0: bus 8 (RP03)
acpiprt4 at acpi0: bus 9 (RP04)
acpiec0 at acpi0: not present
acpicpu0 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpicpu1 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpicpu2 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpicpu3 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
acpipwrres0 at acpi0: PLPE
acpipwrres1 at acpi0: PLPE
acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
acpitz0 at acpi0: critical temperature is 127 degC
acpicmos0 at acpi0
acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000
"DMA0F28" at acpi0 not configured
acpibtn0 at acpi0: PWRB
acpibtn1 at acpi0: SLPB
acpivideo0 at acpi0: GFX0
cpu0: using VERW MDS workaround
cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826,
1743, 1660, 1577, 1494, 1411, 1328 MHz
pci0 at mainbus0 bus 0
pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x11
inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x11
drm0 at inteldrm0
inteldrm0: msi, VALLEYVIEW, gen 7
ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x11: msi, AHCI 1.3
ahci0: port 0: 3.0Gb/s
scsibus1 at ahci0: 32 targets
sd0 at scsibus1 targ 0 lun 0: <ATA, KINGSTON SA400S3, SBFK> naa.50026b7782d3a666
sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x11: msi, xHCI 1.0
usb0 at xhci0: USB revision 3.0
uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
3.00/1.00 addr 1
"Intel Bay Trail TXE" rev 0x11 at pci0 dev 26 function 0 not configured
ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x11: msi
pci1 at ppb0 bus 1
ppb1 at pci1 dev 0 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00
pci2 at ppb1 bus 2
ppb2 at pci2 dev 1 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: msi
pci3 at ppb2 bus 3
ppb3 at pci2 dev 2 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: msi
pci4 at ppb3 bus 4
em0 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0f
ppb4 at pci2 dev 3 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: msi
pci5 at ppb4 bus 5
ppb5 at pci2 dev 4 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00: msi
pci6 at ppb5 bus 6
ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x11: msi
pci7 at ppb6 bus 7
em1 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0c
ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x11: msi
pci8 at ppb7 bus 8
em2 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0d
ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x11: msi
pci9 at ppb8 bus 9
em3 at pci9 dev 0 function 0 "Intel I211" rev 0x03: msi, address
00:30:18:00:05:0e
pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x11
ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x11:
apic 1 int 18
iic0 at ichiic0
"eeprom" at iic0 addr 0x50 not configured
isa0 at pcib0
isadma0 at isa0
com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
com0: console
com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
pckbc0 at isa0 port 0x60/5 irq 1 irq 12
pckbd0 at pckbc0 (kbd slot)
wskbd0 at pckbd0 mux 1
pcppi0 at isa0 port 0x61
spkr0 at pcppi0
vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
efifb at mainbus0 not configured
uhub0: device problem, disabling port 1
uhidev0 at uhub0 port 2 configuration 1 interface 0 " USB Keyboard"
rev 1.10/2.50 addr 2
uhidev0: iclass 3/1
ukbd0 at uhidev0: 8 variable keys, 6 key codes
wskbd1 at ukbd0 mux 1
uhidev1 at uhub0 port 2 configuration 1 interface 1 " USB Keyboard"
rev 1.10/2.50 addr 2
uhidev1: iclass 3/0, 2 report ids
uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
uhub1 at uhub0 port 4 configuration 1 interface 0 "Genesys Logic
USB2.0 Hub" rev 2.00/88.32 addr 3
vscsi0 at root
scsibus2 at vscsi0: 256 targets
softraid0 at root
scsibus3 at softraid0: 256 targets
root on sd0a (ec347fefe8d05509.a) swap on sd0b dump on sd0b
inteldrm0: 1600x900, 32bpp
wsdisplay0 at inteldrm0 mux 1
pckbd_enable: command error
wskbd1: connecting to wsdisplay0
wsdisplay0: screen 0-5 added (std, vt100 emulation)
Automatic boot in progress: starting file system checks.
/dev/sd0a (ec347fefe8d05509.a): file system is clean; not checking
/dev/sd0g (ec347fefe8d05509.g): file system is clean; not checking
/dev/sd0d (ec347fefe8d05509.d): file system is clean; not checking
/dev/sd0f (ec347fefe8d05509.f): file system is clean; not checking
/dev/sd0e (ec347fefe8d05509.e): file system is clean; not checking
kbd: keyboard mapping set to tr
net.inet.udp.recvspace: 41600 -> 262144
net.inet.udp.sendspace: 9216 -> 262144
kern.maxfiles: 7030 -> 2048000
kern.maxclusters: 262144 -> 1280000
kern.somaxconn: 128 -> 10240
kern.seminfo.semmni: 10 -> 1024
kern.seminfo.semmns: 60 -> 4096
kern.shminfo.shmmax: 33554432 -> 805306368
kern.shminfo.shmall: 196608 -> 196608
kern.maxvnodes: 5926 -> 200000
net.inet.icmp.errppslimit: 100 -> 1000
ddb.panic: 1 -> 0
net.inet.ip.forwarding: 0 -> 1
kern.maxproc: 1310 -> 200000
kern.bufcachepercent: 20 -> 70
net.inet.ip.mforwarding: 0 -> 1
net.inet.gre.allow: 0 -> 1
net.inet.esp.enable: 1 -> 1
net.pipex.enable: 0 -> 1
machdep.kbdreset: 0 -> 1
kern.pool_debug: 0 -> 0
net.inet.ip.multipath: 0 -> 1
net.inet6.ip6.multipath: 0 -> 1
net.inet.divert.recvspace: 65636 -> 1048576
net.inet.divert.sendspace: 65636 -> 1048576
net.inet6.divert.recvspace: 65636 -> 1048576
net.inet6.divert.sendspace: 65636 -> 1048576
hw.smt: 0 -> 1
starting network
reordering libraries: done.
starting early daemons: syslogd ntpd.
starting RPC daemons:.
savecore: no core dump
checking quotas: done.
chmod: /dev/ttyp0: Read-only file system
chmod: /dev/ttyp1: Read-only file system
chmod: /dev/ttyp2: Read-only file system
chmod: /dev/ttyp3: Read-only file system
chmod: /dev/ttyp4: Read-only file system
chmod: /dev/ttyp5: Read-only file system
chmod: /dev/ttyp6: Read-only file system
chmod: /dev/ttyp7: Read-only file system
chmod: /dev/ttyp8: Read-only file system
chmod: /dev/ttyp9: Read-only file system
chmod: /dev/ttypA: Read-only file system
chmod: /dev/ttypB: Read-only file system
chmod: /dev/ttypC: Read-only file system
chmod: /dev/ttypD: Read-only file system
chmod: /dev/ttypE: Read-only file system
chmod: /dev/ttypF: Read-only file system
chmod: /dev/ttypG: Read-only file system
chmod: /dev/ttypH: Read-only file system
chmod: /dev/ttypI: Read-only file system
chmod: /dev/ttypJ: Read-only file system
chmod: /dev/ttypK: Read-only file system
chmod: /dev/ttypL: Read-only file system
chmod: /dev/ttypM: Read-only file system
chmod: /dev/ttypN: Read-only file system
chmod: /dev/ttypO: Read-only file system
chmod: /dev/ttypP: Read-only file system
chmod: /dev/ttypQ: Read-only file system
chmod: /dev/ttypR: Read-only file system
chmod: /dev/ttypS: Read-only file system
chmod: /dev/ttypT: Read-only file system
chmod: /dev/ttypU: Read-only file system
chmod: /dev/ttypV: Read-only file system
chmod: /dev/ttypW: Read-only file system
chmod: /dev/ttypX: Read-only file system
chmod: /dev/ttypY: Read-only file system
chmod: /dev/ttypZ: Read-only file system
chmod: /dev/ttypa: Read-only file system
chmod: /dev/ttypb: Read-only file system
chmod: /dev/ttypc: Read-only file system
chmod: /dev/ttypd: Read-only file system
chmod: /dev/ttype: Read-only file system
chmod: /dev/ttypf: Read-only file system
chmod: /dev/ttypg: Read-only file system
chmod: /dev/ttyph: Read-only file system
chmod: /dev/ttypi: Read-only file system
chmod: /dev/ttypj: Read-only file system
chmod: /dev/ttypk: Read-only file system
chmod: /dev/ttypl: Read-only file system
chmod: /dev/ttypm: Read-only file system
chmod: /dev/ttypn: Read-only file system
chmod: /dev/ttypo: Read-only file system
chmod: /dev/ttypp: Read-only file system
chmod: /dev/ttypq: Read-only file system
chmod: /dev/ttypr: Read-only file system
chmod: /dev/ttyps: Read-only file system
chmod: /dev/ttypt: Read-only file system
chmod: /dev/ttypu: Read-only file system
chmod: /dev/ttypv: Read-only file system
chmod: /dev/ttypw: Read-only file system
chmod: /dev/ttypx: Read-only file system
chmod: /dev/ttypy: Read-only file system
chmod: /dev/ttypz: Read-only file system
chown: /dev/ttyp0: Read-only file system
chown: /dev/ttyp1: Read-only file system
chown: /dev/ttyp2: Read-only file system
chown: /dev/ttyp3: Read-only file system
chown: /dev/ttyp4: Read-only file system
chown: /dev/ttyp5: Read-only file system
chown: /dev/ttyp6: Read-only file system
chown: /dev/ttyp7: Read-only file system
chown: /dev/ttyp8: Read-only file system
chown: /dev/ttyp9: Read-only file system
chown: /dev/ttypA: Read-only file system
chown: /dev/ttypB: Read-only file system
chown: /dev/ttypC: Read-only file system
chown: /dev/ttypD: Read-only file system
chown: /dev/ttypE: Read-only file system
chown: /dev/ttypF: Read-only file system
chown: /dev/ttypG: Read-only file system
chown: /dev/ttypH: Read-only file system
chown: /dev/ttypI: Read-only file system
chown: /dev/ttypJ: Read-only file system
chown: /dev/ttypK: Read-only file system
chown: /dev/ttypL: Read-only file system
chown: /dev/ttypM: Read-only file system
chown: /dev/ttypN: Read-only file system
chown: /dev/ttypO: Read-only file system
chown: /dev/ttypP: Read-only file system
chown: /dev/ttypQ: Read-only file system
chown: /dev/ttypR: Read-only file system
chown: /dev/ttypS: Read-only file system
chown: /dev/ttypT: Read-only file system
chown: /dev/ttypU: Read-only file system
chown: /dev/ttypV: Read-only file system
chown: /dev/ttypW: Read-only file system
chown: /dev/ttypX: Read-only file system
chown: /dev/ttypY: Read-only file system
chown: /dev/ttypZ: Read-only file system
chown: /dev/ttypa: Read-only file system
chown: /dev/ttypb: Read-only file system
chown: /dev/ttypc: Read-only file system
chown: /dev/ttypd: Read-only file system
chown: /dev/ttype: Read-only file system
chown: /dev/ttypf: Read-only file system
chown: /dev/ttypg: Read-only file system
chown: /dev/ttyph: Read-only file system
chown: /dev/ttypi: Read-only file system
chown: /dev/ttypj: Read-only file system
chown: /dev/ttypk: Read-only file system
chown: /dev/ttypl: Read-only file system
chown: /dev/ttypm: Read-only file system
chown: /dev/ttypn: Read-only file system
chown: /dev/ttypo: Read-only file system
chown: /dev/ttypp: Read-only file system
chown: /dev/ttypq: Read-only file system
chown: /dev/ttypr: Read-only file system
chown: /dev/ttyps: Read-only file system
chown: /dev/ttypt: Read-only file system
chown: /dev/ttypu: Read-only file system
chown: /dev/ttypv: Read-only file system
chown: /dev/ttypw: Read-only file system
chown: /dev/ttypx: Read-only file system
chown: /dev/ttypy: Read-only file system
chown: /dev/ttypz: Read-only file system
clearing /tmp
kern.securelevel: 0 -> 1
/etc/rc[557]: cannot create /etc/motd: Read-only file system
/etc/rc[558]: cannot create /etc/motd: Read-only file system
/etc/rc[559]: cannot create /etc/motd: Read-only file system
/etc/rc[560]: cannot create /etc/motd: Read-only file system
/etc/rc[561]: cannot create /etc/motd: Read-only file system
/etc/rc[562]: cannot create /etc/motd: Read-only file system
/etc/rc[563]: cannot create /etc/motd: Read-only file system
/etc/rc[564]: cannot create /etc/motd: Read-only file system
/etc/rc[565]: cannot create /etc/motd: Read-only file system
creating runtime link editor directory cache.
preserving editor files.
starting network daemons: sshd.
starting local daemons: cron.
Tue Jun  9 10:02:51 +03 2020
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Ottavio Caruso
On Tue, 9 Jun 2020 at 08:59, Vertigo Altair <[hidden email]> wrote:
>
> Hi Misc,
> I have a firewall device and I'm using OpenBSD on it. There is an
> electricity problem where the device runs. Therefore, I have to run the
> "fsck -y" command regularly at startup due to the electricity problem.

Isn't it just easier to buy a UPS?


--
Ottavio Caruso

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Stuart Henderson
In reply to this post by Vertigo Altair
On 2020-06-09, Vertigo Altair <[hidden email]> wrote:
> Hi Misc,
> I have a firewall device and I'm using OpenBSD on it. There is an
> electricity problem where the device runs. Therefore, I have to run the
> "fsck -y" command regularly at startup due to the electricity problem. To
> overcome this, I want to use readonly file system.
>  I know there are some projects like "resflash", but I want to do that
> manually.

The usual way to handle / is to have it RW during boot and remount
it (mount -ur /) in rc.local.

Use a ramdisk (MFS) for /dev. Create a directory on / to populate
it from, e.g.

cd /
mkdir dev_src
cp dev/MAKEDEV dev_src
cd dev_src
sh MAKEDEV all

Mount /dev using the -P mount option to populate it from your source
directory, it doesn't need much space but needs quite a few inodes,
a line like this works:

swap /dev mfs rw,async,noatime,nosuid,-s2M,-i8,-P/dev_src 0 0

The dev_src directory needs regenerating after OS updates.

/tmp and /var/run probably also best done as ramdisk.
Other parts of /var, especially /var/db, are tricky, you can use a
ramdisk populated from a source directory as with /dev, but you need
a way to sync it back to the source directory otherwise you run into
problems (dhcp leases, /var/db/pkg, maybe others depending on what
you run).

logs: syslog memory buffers are useful.

Normally OpenBSD relinks the kernel in a random order - at the end of
running /etc/rc, and when you use syspatch to add kernel patches.
With RO /usr and / this can't be done. If power is unstable it is
often good to avoid the relinking at boot (I've had a few where
power has gone, come back for long enough to start relinking, then
gone again during relink - considering how circuit breakers work
this isn't a big surprise).. but you'll need to be aware of this
when applying patches.

I have a number of VPN client routers in situations where they
may have unstable power or people powering them down without halting
first. I tried quite hard to use OpenBSD with them (usually on
pcengines boards - alix, apu etc) with various run-from-ramdisk
(flashboot, flashrd, resflash) or manual readonly+MFS setups,
but came to the conclusion that it's just too much hassle wrangling
these and keeping on top of OpenBSD updates. I had to add a bunch
more earlier this year so now I have ~60 hapac2 running routeros.
Definitely not perfect but seems a better fit to this situation.


Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Joe Barnett-2
In reply to this post by Vertigo Altair
On 2020-06-09 00:59, Vertigo Altair wrote:
> Hi Misc,
> I have a firewall device and I'm using OpenBSD on it. There is an
> electricity problem where the device runs. Therefore, I have to run the
> "fsck -y" command regularly at startup due to the electricity problem.
> To
> overcome this, I want to use readonly file system.
>  I know there are some projects like "resflash", but I want to do that
> manually.

I have hacked and slashed my way to this kind of configuration for my
firewall/gateway and a few other machines -- and with what appears to be
good results.  Please understand this is almost certainly not supported
by the project.  I have outlined this at the following URL:

https://www.mr72.com/readonlyfs.html

I hope this helps.  Any feedback will be greatly appreciated.

Good luck!

Joe

> My partitions like this;
>
> vertigo# df -h
> Filesystem     Size    Used   Avail Capacity  Mounted on
> /dev/sd0a      3.9G    489M    3.2G    13%    /
> /dev/sd0g     91.8G    1.0G   86.2G     1%    /mypartition
> /dev/sd0d      989M   12.0K    940M     0%    /tmp
> /dev/sd0f      3.9G    1.7G    2.0G    46%    /usr
> /dev/sd0e      3.9G   46.9M    3.6G     1%    /var
>
> I want to / and /usr as readonly, I updated /etc/fstab and I made / and
> /usr readonly;
>
> vertigo# cat /etc/fstab
> ec347fefe8d05509.b none swap sw
> ec347fefe8d05509.a / ffs ro 1 1
> ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2
> ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2
> ec347fefe8d05509.f /usr ffs ro,wxallowed,nodev 1 2
> ec347fefe8d05509.e /var ffs rw,nodev,nosuid 1 2
>
>
> On startup following errors comming from /etc/rc; I think errors about
> /etc/motd are not so important, but are the errors coming from
> /etc/tty*
> can cause any problems? If my method is not correct, what is the best
> way
> to do this?
>
>>> OpenBSD/amd64 BOOTX64 3.50
> boot>
> booting hd0a:/bsd: 12957000+2753552+327712+0+708608
> [807408+128+1024872+749630]=0x1271a18
> entry point at 0x1001000
> [ using 2583064 bytes of bsd ELF symbol table ]
> Copyright (c) 1982, 1986, 1989, 1991, 1993
>         The Regents of the University of California.  All rights
> reserved.
> Copyright (c) 1995-2020 OpenBSD. All rights reserved.  
> https://www.OpenBSD.org
>
> OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020
>
> [hidden email]:/usr/src/sys/arch/amd64/compile/GENERIC.MP
> real mem = 4151607296 (3959MB)
> avail mem = 4013170688 (3827MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries)
> bios0: vendor American Megatrends Inc. version "BAR3NA05" date
> 07/23/2018
> bios0: NF533 NF533
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT
> UEFI
> acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.37 MHz, 06-37-09
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 83MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.03 MHz, 06-37-09
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE36,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MWAIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe0000000, bus 0-255
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (RP01)
> acpiprt2 at acpi0: bus 7 (RP02)
> acpiprt3 at acpi0: bus 8 (RP03)
> acpiprt4 at acpi0: bus 9 (RP04)
> acpiec0 at acpi0: not present
> acpicpu0 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpipwrres0 at acpi0: PLPE
> acpipwrres1 at acpi0: PLPE
> acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
> acpitz0 at acpi0: critical temperature is 127 degC
> acpicmos0 at acpi0
> acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000
> "DMA0F28" at acpi0 not configured
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: SLPB
> acpivideo0 at acpi0: GFX0
> cpu0: using VERW MDS workaround
> cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826,
> 1743, 1660, 1577, 1494, 1411, 1328 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x11
> inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x11
> drm0 at inteldrm0
> inteldrm0: msi, VALLEYVIEW, gen 7
> ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x11: msi,
> AHCI 1.3
> ahci0: port 0: 3.0Gb/s
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, KINGSTON SA400S3, SBFK>
> naa.50026b7782d3a666
> sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
> xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x11: msi,
> xHCI 1.0
> usb0 at xhci0: USB revision 3.0
> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
> 3.00/1.00 addr 1
> "Intel Bay Trail TXE" rev 0x11 at pci0 dev 26 function 0 not configured
> ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x11: msi
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00
> pci2 at ppb1 bus 2
> ppb2 at pci2 dev 1 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci3 at ppb2 bus 3
> ppb3 at pci2 dev 2 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci4 at ppb3 bus 4
> em0 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0f
> ppb4 at pci2 dev 3 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci5 at ppb4 bus 5
> ppb5 at pci2 dev 4 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci6 at ppb5 bus 6
> ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x11: msi
> pci7 at ppb6 bus 7
> em1 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0c
> ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x11: msi
> pci8 at ppb7 bus 8
> em2 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0d
> ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x11: msi
> pci9 at ppb8 bus 9
> em3 at pci9 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0e
> pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x11
> ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x11:
> apic 1 int 18
> iic0 at ichiic0
> "eeprom" at iic0 addr 0x50 not configured
> isa0 at pcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: console
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0 mux 1
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation)
> efifb at mainbus0 not configured
> uhub0: device problem, disabling port 1
> uhidev0 at uhub0 port 2 configuration 1 interface 0 " USB Keyboard"
> rev 1.10/2.50 addr 2
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> uhidev1 at uhub0 port 2 configuration 1 interface 1 " USB Keyboard"
> rev 1.10/2.50 addr 2
> uhidev1: iclass 3/0, 2 report ids
> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
> uhub1 at uhub0 port 4 configuration 1 interface 0 "Genesys Logic
> USB2.0 Hub" rev 2.00/88.32 addr 3
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> root on sd0a (ec347fefe8d05509.a) swap on sd0b dump on sd0b
> inteldrm0: 1600x900, 32bpp
> wsdisplay0 at inteldrm0 mux 1
> pckbd_enable: command error
> wskbd1: connecting to wsdisplay0
> wsdisplay0: screen 0-5 added (std, vt100 emulation)
> Automatic boot in progress: starting file system checks.
> /dev/sd0a (ec347fefe8d05509.a): file system is clean; not checking
> /dev/sd0g (ec347fefe8d05509.g): file system is clean; not checking
> /dev/sd0d (ec347fefe8d05509.d): file system is clean; not checking
> /dev/sd0f (ec347fefe8d05509.f): file system is clean; not checking
> /dev/sd0e (ec347fefe8d05509.e): file system is clean; not checking
> kbd: keyboard mapping set to tr
> net.inet.udp.recvspace: 41600 -> 262144
> net.inet.udp.sendspace: 9216 -> 262144
> kern.maxfiles: 7030 -> 2048000
> kern.maxclusters: 262144 -> 1280000
> kern.somaxconn: 128 -> 10240
> kern.seminfo.semmni: 10 -> 1024
> kern.seminfo.semmns: 60 -> 4096
> kern.shminfo.shmmax: 33554432 -> 805306368
> kern.shminfo.shmall: 196608 -> 196608
> kern.maxvnodes: 5926 -> 200000
> net.inet.icmp.errppslimit: 100 -> 1000
> ddb.panic: 1 -> 0
> net.inet.ip.forwarding: 0 -> 1
> kern.maxproc: 1310 -> 200000
> kern.bufcachepercent: 20 -> 70
> net.inet.ip.mforwarding: 0 -> 1
> net.inet.gre.allow: 0 -> 1
> net.inet.esp.enable: 1 -> 1
> net.pipex.enable: 0 -> 1
> machdep.kbdreset: 0 -> 1
> kern.pool_debug: 0 -> 0
> net.inet.ip.multipath: 0 -> 1
> net.inet6.ip6.multipath: 0 -> 1
> net.inet.divert.recvspace: 65636 -> 1048576
> net.inet.divert.sendspace: 65636 -> 1048576
> net.inet6.divert.recvspace: 65636 -> 1048576
> net.inet6.divert.sendspace: 65636 -> 1048576
> hw.smt: 0 -> 1
> starting network
> reordering libraries: done.
> starting early daemons: syslogd ntpd.
> starting RPC daemons:.
> savecore: no core dump
> checking quotas: done.
> chmod: /dev/ttyp0: Read-only file system
> chmod: /dev/ttyp1: Read-only file system
> chmod: /dev/ttyp2: Read-only file system
> chmod: /dev/ttyp3: Read-only file system
> chmod: /dev/ttyp4: Read-only file system
> chmod: /dev/ttyp5: Read-only file system
> chmod: /dev/ttyp6: Read-only file system
> chmod: /dev/ttyp7: Read-only file system
> chmod: /dev/ttyp8: Read-only file system
> chmod: /dev/ttyp9: Read-only file system
> chmod: /dev/ttypA: Read-only file system
> chmod: /dev/ttypB: Read-only file system
> chmod: /dev/ttypC: Read-only file system
> chmod: /dev/ttypD: Read-only file system
> chmod: /dev/ttypE: Read-only file system
> chmod: /dev/ttypF: Read-only file system
> chmod: /dev/ttypG: Read-only file system
> chmod: /dev/ttypH: Read-only file system
> chmod: /dev/ttypI: Read-only file system
> chmod: /dev/ttypJ: Read-only file system
> chmod: /dev/ttypK: Read-only file system
> chmod: /dev/ttypL: Read-only file system
> chmod: /dev/ttypM: Read-only file system
> chmod: /dev/ttypN: Read-only file system
> chmod: /dev/ttypO: Read-only file system
> chmod: /dev/ttypP: Read-only file system
> chmod: /dev/ttypQ: Read-only file system
> chmod: /dev/ttypR: Read-only file system
> chmod: /dev/ttypS: Read-only file system
> chmod: /dev/ttypT: Read-only file system
> chmod: /dev/ttypU: Read-only file system
> chmod: /dev/ttypV: Read-only file system
> chmod: /dev/ttypW: Read-only file system
> chmod: /dev/ttypX: Read-only file system
> chmod: /dev/ttypY: Read-only file system
> chmod: /dev/ttypZ: Read-only file system
> chmod: /dev/ttypa: Read-only file system
> chmod: /dev/ttypb: Read-only file system
> chmod: /dev/ttypc: Read-only file system
> chmod: /dev/ttypd: Read-only file system
> chmod: /dev/ttype: Read-only file system
> chmod: /dev/ttypf: Read-only file system
> chmod: /dev/ttypg: Read-only file system
> chmod: /dev/ttyph: Read-only file system
> chmod: /dev/ttypi: Read-only file system
> chmod: /dev/ttypj: Read-only file system
> chmod: /dev/ttypk: Read-only file system
> chmod: /dev/ttypl: Read-only file system
> chmod: /dev/ttypm: Read-only file system
> chmod: /dev/ttypn: Read-only file system
> chmod: /dev/ttypo: Read-only file system
> chmod: /dev/ttypp: Read-only file system
> chmod: /dev/ttypq: Read-only file system
> chmod: /dev/ttypr: Read-only file system
> chmod: /dev/ttyps: Read-only file system
> chmod: /dev/ttypt: Read-only file system
> chmod: /dev/ttypu: Read-only file system
> chmod: /dev/ttypv: Read-only file system
> chmod: /dev/ttypw: Read-only file system
> chmod: /dev/ttypx: Read-only file system
> chmod: /dev/ttypy: Read-only file system
> chmod: /dev/ttypz: Read-only file system
> chown: /dev/ttyp0: Read-only file system
> chown: /dev/ttyp1: Read-only file system
> chown: /dev/ttyp2: Read-only file system
> chown: /dev/ttyp3: Read-only file system
> chown: /dev/ttyp4: Read-only file system
> chown: /dev/ttyp5: Read-only file system
> chown: /dev/ttyp6: Read-only file system
> chown: /dev/ttyp7: Read-only file system
> chown: /dev/ttyp8: Read-only file system
> chown: /dev/ttyp9: Read-only file system
> chown: /dev/ttypA: Read-only file system
> chown: /dev/ttypB: Read-only file system
> chown: /dev/ttypC: Read-only file system
> chown: /dev/ttypD: Read-only file system
> chown: /dev/ttypE: Read-only file system
> chown: /dev/ttypF: Read-only file system
> chown: /dev/ttypG: Read-only file system
> chown: /dev/ttypH: Read-only file system
> chown: /dev/ttypI: Read-only file system
> chown: /dev/ttypJ: Read-only file system
> chown: /dev/ttypK: Read-only file system
> chown: /dev/ttypL: Read-only file system
> chown: /dev/ttypM: Read-only file system
> chown: /dev/ttypN: Read-only file system
> chown: /dev/ttypO: Read-only file system
> chown: /dev/ttypP: Read-only file system
> chown: /dev/ttypQ: Read-only file system
> chown: /dev/ttypR: Read-only file system
> chown: /dev/ttypS: Read-only file system
> chown: /dev/ttypT: Read-only file system
> chown: /dev/ttypU: Read-only file system
> chown: /dev/ttypV: Read-only file system
> chown: /dev/ttypW: Read-only file system
> chown: /dev/ttypX: Read-only file system
> chown: /dev/ttypY: Read-only file system
> chown: /dev/ttypZ: Read-only file system
> chown: /dev/ttypa: Read-only file system
> chown: /dev/ttypb: Read-only file system
> chown: /dev/ttypc: Read-only file system
> chown: /dev/ttypd: Read-only file system
> chown: /dev/ttype: Read-only file system
> chown: /dev/ttypf: Read-only file system
> chown: /dev/ttypg: Read-only file system
> chown: /dev/ttyph: Read-only file system
> chown: /dev/ttypi: Read-only file system
> chown: /dev/ttypj: Read-only file system
> chown: /dev/ttypk: Read-only file system
> chown: /dev/ttypl: Read-only file system
> chown: /dev/ttypm: Read-only file system
> chown: /dev/ttypn: Read-only file system
> chown: /dev/ttypo: Read-only file system
> chown: /dev/ttypp: Read-only file system
> chown: /dev/ttypq: Read-only file system
> chown: /dev/ttypr: Read-only file system
> chown: /dev/ttyps: Read-only file system
> chown: /dev/ttypt: Read-only file system
> chown: /dev/ttypu: Read-only file system
> chown: /dev/ttypv: Read-only file system
> chown: /dev/ttypw: Read-only file system
> chown: /dev/ttypx: Read-only file system
> chown: /dev/ttypy: Read-only file system
> chown: /dev/ttypz: Read-only file system
> clearing /tmp
> kern.securelevel: 0 -> 1
> /etc/rc[557]: cannot create /etc/motd: Read-only file system
> /etc/rc[558]: cannot create /etc/motd: Read-only file system
> /etc/rc[559]: cannot create /etc/motd: Read-only file system
> /etc/rc[560]: cannot create /etc/motd: Read-only file system
> /etc/rc[561]: cannot create /etc/motd: Read-only file system
> /etc/rc[562]: cannot create /etc/motd: Read-only file system
> /etc/rc[563]: cannot create /etc/motd: Read-only file system
> /etc/rc[564]: cannot create /etc/motd: Read-only file system
> /etc/rc[565]: cannot create /etc/motd: Read-only file system
> creating runtime link editor directory cache.
> preserving editor files.
> starting network daemons: sshd.
> starting local daemons: cron.
> Tue Jun  9 10:02:51 +03 2020

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Dirk Coetzee
I have been in a similar situation of power being unreliable and no UPS, so I sympathize.

This is how I have achieved RO filesystem (default partitions)

1. Add to /etc/fstab
        swap /dev mfs rw,-P=/dev,-s=32m 0 0

2. Create RO Script
        #!/bin/sh

        UP=$(( $(date +%s) - $(sysctl -n kern.boottime) ))          ## Date in Seconds subtracted from OS boot time

        if [ $UP -lt 3600 ]; then           ## If less than 1 hour - leave system as is. No modification of FS. You can add crontab for this script to run every hour.
           exit 1
        else
           mount -uvr /
           mount -uvr /usr
           mount -uvr /usr/X11R6
           mount -uvr /usr/local
           mount -uvr /usr/obj
           mount -uvr /usr/src
        fi

        exit 1


Obviously this is a last resort. Default partitions, etc should remain as devs intended. The Developers also assume a work (RW) filesystem.

I have a RW script that I run before doing  sysupgrade / syspatch etc. Also make the Filesystems RW before rebooting.




-----Original Message-----
From: [hidden email] <[hidden email]> On Behalf Of Joe Barnett
Sent: Wednesday, 10 June 2020 8:02 AM
To: Vertigo Altair <[hidden email]>
Cc: Misc <[hidden email]>
Subject: Re: OpenBSD Readonly File System

On 2020-06-09 00:59, Vertigo Altair wrote:
> Hi Misc,
> I have a firewall device and I'm using OpenBSD on it. There is an
> electricity problem where the device runs. Therefore, I have to run
> the "fsck -y" command regularly at startup due to the electricity problem.
> To
> overcome this, I want to use readonly file system.
>  I know there are some projects like "resflash", but I want to do that
> manually.

I have hacked and slashed my way to this kind of configuration for my firewall/gateway and a few other machines -- and with what appears to be good results.  Please understand this is almost certainly not supported by the project.  I have outlined this at the following URL:

https://www.mr72.com/readonlyfs.html

I hope this helps.  Any feedback will be greatly appreciated.

Good luck!

Joe

> My partitions like this;
>
> vertigo# df -h
> Filesystem     Size    Used   Avail Capacity  Mounted on
> /dev/sd0a      3.9G    489M    3.2G    13%    /
> /dev/sd0g     91.8G    1.0G   86.2G     1%    /mypartition
> /dev/sd0d      989M   12.0K    940M     0%    /tmp
> /dev/sd0f      3.9G    1.7G    2.0G    46%    /usr
> /dev/sd0e      3.9G   46.9M    3.6G     1%    /var
>
> I want to / and /usr as readonly, I updated /etc/fstab and I made /
> and /usr readonly;
>
> vertigo# cat /etc/fstab
> ec347fefe8d05509.b none swap sw
> ec347fefe8d05509.a / ffs ro 1 1
> ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2
> ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2 ec347fefe8d05509.f
> /usr ffs ro,wxallowed,nodev 1 2 ec347fefe8d05509.e /var ffs
> rw,nodev,nosuid 1 2
>
>
> On startup following errors comming from /etc/rc; I think errors about
> /etc/motd are not so important, but are the errors coming from
> /etc/tty*
> can cause any problems? If my method is not correct, what is the best
> way to do this?
>
>>> OpenBSD/amd64 BOOTX64 3.50
> boot>
> booting hd0a:/bsd: 12957000+2753552+327712+0+708608
> [807408+128+1024872+749630]=0x1271a18
> entry point at 0x1001000
> [ using 2583064 bytes of bsd ELF symbol table ] Copyright (c) 1982,
> 1986, 1989, 1991, 1993
>         The Regents of the University of California.  All rights
> reserved.
> Copyright (c) 1995-2020 OpenBSD. All rights reserved.  
> https://www.OpenBSD.org
>
> OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020
>
> [hidden email]:/usr/src/sys/arch/amd64/compile/GEN
> ERIC.MP
> real mem = 4151607296 (3959MB)
> avail mem = 4013170688 (3827MB)
> mpath0 at root
> scsibus0 at mpath0: 256 targets
> mainbus0 at root
> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries)
> bios0: vendor American Megatrends Inc. version "BAR3NA05" date
> 07/23/2018
> bios0: NF533 NF533
> acpi0 at bios0: ACPI 5.0
> acpi0: sleep states S0 S3 S4 S5
> acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT
> UEFI
> acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
> acpitimer0 at acpi0: 3579545 Hz, 24 bits
> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
> cpu0 at mainbus0: apid 0 (boot processor)
> cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.37 MHz, 06-37-09
> cpu0:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
> 6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
> AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
> ,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu0: 1MB 64b/line 16-way L2 cache
> cpu0: smt 0, core 0, package 0
> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
> cpu0: apic clock running at 83MHz
> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
> cpu1 at mainbus0: apid 2 (application processor)
> cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
> cpu1:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
> 6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
> AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
> ,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu1: 1MB 64b/line 16-way L2 cache
> cpu1: smt 0, core 1, package 0
> cpu2 at mainbus0: apid 4 (application processor)
> cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.03 MHz, 06-37-09
> cpu2:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
> 6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
> AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
> ,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu2: 1MB 64b/line 16-way L2 cache
> cpu2: smt 0, core 2, package 0
> cpu3 at mainbus0: apid 6 (application processor)
> cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
> cpu3:
> FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
> 6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
> AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
> ,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
> cpu3: 1MB 64b/line 16-way L2 cache
> cpu3: smt 0, core 3, package 0
> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
> acpimcfg0 at acpi0
> acpimcfg0: addr 0xe0000000, bus 0-255
> acpihpet0 at acpi0: 14318179 Hz
> acpiprt0 at acpi0: bus 0 (PCI0)
> acpiprt1 at acpi0: bus 1 (RP01)
> acpiprt2 at acpi0: bus 7 (RP02)
> acpiprt3 at acpi0: bus 8 (RP03)
> acpiprt4 at acpi0: bus 9 (RP04)
> acpiec0 at acpi0: not present
> acpicpu0 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpicpu1 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpicpu2 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpicpu3 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
> acpipwrres0 at acpi0: PLPE
> acpipwrres1 at acpi0: PLPE
> acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
> acpitz0 at acpi0: critical temperature is 127 degC
> acpicmos0 at acpi0
> acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000 "DMA0F28" at
> acpi0 not configured
> acpibtn0 at acpi0: PWRB
> acpibtn1 at acpi0: SLPB
> acpivideo0 at acpi0: GFX0
> cpu0: using VERW MDS workaround
> cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826,
> 1743, 1660, 1577, 1494, 1411, 1328 MHz
> pci0 at mainbus0 bus 0
> pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x11
> inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x11
> drm0 at inteldrm0
> inteldrm0: msi, VALLEYVIEW, gen 7
> ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x11: msi,
> AHCI 1.3
> ahci0: port 0: 3.0Gb/s
> scsibus1 at ahci0: 32 targets
> sd0 at scsibus1 targ 0 lun 0: <ATA, KINGSTON SA400S3, SBFK>
> naa.50026b7782d3a666
> sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
> xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x11: msi,
> xHCI 1.0
> usb0 at xhci0: USB revision 3.0
> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
> 3.00/1.00 addr 1
> "Intel Bay Trail TXE" rev 0x11 at pci0 dev 26 function 0 not
> configured
> ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x11: msi
> pci1 at ppb0 bus 1
> ppb1 at pci1 dev 0 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00
> pci2 at ppb1 bus 2
> ppb2 at pci2 dev 1 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci3 at ppb2 bus 3
> ppb3 at pci2 dev 2 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci4 at ppb3 bus 4
> em0 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0f
> ppb4 at pci2 dev 3 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci5 at ppb4 bus 5
> ppb5 at pci2 dev 4 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
> msi
> pci6 at ppb5 bus 6
> ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x11: msi
> pci7 at ppb6 bus 7
> em1 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0c
> ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x11: msi
> pci8 at ppb7 bus 8
> em2 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0d
> ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x11: msi
> pci9 at ppb8 bus 9
> em3 at pci9 dev 0 function 0 "Intel I211" rev 0x03: msi, address
> 00:30:18:00:05:0e
> pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x11
> ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x11:
> apic 1 int 18
> iic0 at ichiic0
> "eeprom" at iic0 addr 0x50 not configured
> isa0 at pcib0
> isadma0 at isa0
> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
> com0: console
> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
> pckbd0 at pckbc0 (kbd slot)
> wskbd0 at pckbd0 mux 1
> pcppi0 at isa0 port 0x61
> spkr0 at pcppi0
> vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation) efifb at
> mainbus0 not configured
> uhub0: device problem, disabling port 1
> uhidev0 at uhub0 port 2 configuration 1 interface 0 " USB Keyboard"
> rev 1.10/2.50 addr 2
> uhidev0: iclass 3/1
> ukbd0 at uhidev0: 8 variable keys, 6 key codes
> wskbd1 at ukbd0 mux 1
> uhidev1 at uhub0 port 2 configuration 1 interface 1 " USB Keyboard"
> rev 1.10/2.50 addr 2
> uhidev1: iclass 3/0, 2 report ids
> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
> uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
> uhub1 at uhub0 port 4 configuration 1 interface 0 "Genesys Logic
> USB2.0 Hub" rev 2.00/88.32 addr 3
> vscsi0 at root
> scsibus2 at vscsi0: 256 targets
> softraid0 at root
> scsibus3 at softraid0: 256 targets
> root on sd0a (ec347fefe8d05509.a) swap on sd0b dump on sd0b
> inteldrm0: 1600x900, 32bpp
> wsdisplay0 at inteldrm0 mux 1
> pckbd_enable: command error
> wskbd1: connecting to wsdisplay0
> wsdisplay0: screen 0-5 added (std, vt100 emulation) Automatic boot in
> progress: starting file system checks.
> /dev/sd0a (ec347fefe8d05509.a): file system is clean; not checking
> /dev/sd0g (ec347fefe8d05509.g): file system is clean; not checking
> /dev/sd0d (ec347fefe8d05509.d): file system is clean; not checking
> /dev/sd0f (ec347fefe8d05509.f): file system is clean; not checking
> /dev/sd0e (ec347fefe8d05509.e): file system is clean; not checking
> kbd: keyboard mapping set to tr
> net.inet.udp.recvspace: 41600 -> 262144
> net.inet.udp.sendspace: 9216 -> 262144
> kern.maxfiles: 7030 -> 2048000
> kern.maxclusters: 262144 -> 1280000
> kern.somaxconn: 128 -> 10240
> kern.seminfo.semmni: 10 -> 1024
> kern.seminfo.semmns: 60 -> 4096
> kern.shminfo.shmmax: 33554432 -> 805306368
> kern.shminfo.shmall: 196608 -> 196608
> kern.maxvnodes: 5926 -> 200000
> net.inet.icmp.errppslimit: 100 -> 1000
> ddb.panic: 1 -> 0
> net.inet.ip.forwarding: 0 -> 1
> kern.maxproc: 1310 -> 200000
> kern.bufcachepercent: 20 -> 70
> net.inet.ip.mforwarding: 0 -> 1
> net.inet.gre.allow: 0 -> 1
> net.inet.esp.enable: 1 -> 1
> net.pipex.enable: 0 -> 1
> machdep.kbdreset: 0 -> 1
> kern.pool_debug: 0 -> 0
> net.inet.ip.multipath: 0 -> 1
> net.inet6.ip6.multipath: 0 -> 1
> net.inet.divert.recvspace: 65636 -> 1048576
> net.inet.divert.sendspace: 65636 -> 1048576
> net.inet6.divert.recvspace: 65636 -> 1048576
> net.inet6.divert.sendspace: 65636 -> 1048576
> hw.smt: 0 -> 1
> starting network
> reordering libraries: done.
> starting early daemons: syslogd ntpd.
> starting RPC daemons:.
> savecore: no core dump
> checking quotas: done.
> chmod: /dev/ttyp0: Read-only file system
> chmod: /dev/ttyp1: Read-only file system
> chmod: /dev/ttyp2: Read-only file system
> chmod: /dev/ttyp3: Read-only file system
> chmod: /dev/ttyp4: Read-only file system
> chmod: /dev/ttyp5: Read-only file system
> chmod: /dev/ttyp6: Read-only file system
> chmod: /dev/ttyp7: Read-only file system
> chmod: /dev/ttyp8: Read-only file system
> chmod: /dev/ttyp9: Read-only file system
> chmod: /dev/ttypA: Read-only file system
> chmod: /dev/ttypB: Read-only file system
> chmod: /dev/ttypC: Read-only file system
> chmod: /dev/ttypD: Read-only file system
> chmod: /dev/ttypE: Read-only file system
> chmod: /dev/ttypF: Read-only file system
> chmod: /dev/ttypG: Read-only file system
> chmod: /dev/ttypH: Read-only file system
> chmod: /dev/ttypI: Read-only file system
> chmod: /dev/ttypJ: Read-only file system
> chmod: /dev/ttypK: Read-only file system
> chmod: /dev/ttypL: Read-only file system
> chmod: /dev/ttypM: Read-only file system
> chmod: /dev/ttypN: Read-only file system
> chmod: /dev/ttypO: Read-only file system
> chmod: /dev/ttypP: Read-only file system
> chmod: /dev/ttypQ: Read-only file system
> chmod: /dev/ttypR: Read-only file system
> chmod: /dev/ttypS: Read-only file system
> chmod: /dev/ttypT: Read-only file system
> chmod: /dev/ttypU: Read-only file system
> chmod: /dev/ttypV: Read-only file system
> chmod: /dev/ttypW: Read-only file system
> chmod: /dev/ttypX: Read-only file system
> chmod: /dev/ttypY: Read-only file system
> chmod: /dev/ttypZ: Read-only file system
> chmod: /dev/ttypa: Read-only file system
> chmod: /dev/ttypb: Read-only file system
> chmod: /dev/ttypc: Read-only file system
> chmod: /dev/ttypd: Read-only file system
> chmod: /dev/ttype: Read-only file system
> chmod: /dev/ttypf: Read-only file system
> chmod: /dev/ttypg: Read-only file system
> chmod: /dev/ttyph: Read-only file system
> chmod: /dev/ttypi: Read-only file system
> chmod: /dev/ttypj: Read-only file system
> chmod: /dev/ttypk: Read-only file system
> chmod: /dev/ttypl: Read-only file system
> chmod: /dev/ttypm: Read-only file system
> chmod: /dev/ttypn: Read-only file system
> chmod: /dev/ttypo: Read-only file system
> chmod: /dev/ttypp: Read-only file system
> chmod: /dev/ttypq: Read-only file system
> chmod: /dev/ttypr: Read-only file system
> chmod: /dev/ttyps: Read-only file system
> chmod: /dev/ttypt: Read-only file system
> chmod: /dev/ttypu: Read-only file system
> chmod: /dev/ttypv: Read-only file system
> chmod: /dev/ttypw: Read-only file system
> chmod: /dev/ttypx: Read-only file system
> chmod: /dev/ttypy: Read-only file system
> chmod: /dev/ttypz: Read-only file system
> chown: /dev/ttyp0: Read-only file system
> chown: /dev/ttyp1: Read-only file system
> chown: /dev/ttyp2: Read-only file system
> chown: /dev/ttyp3: Read-only file system
> chown: /dev/ttyp4: Read-only file system
> chown: /dev/ttyp5: Read-only file system
> chown: /dev/ttyp6: Read-only file system
> chown: /dev/ttyp7: Read-only file system
> chown: /dev/ttyp8: Read-only file system
> chown: /dev/ttyp9: Read-only file system
> chown: /dev/ttypA: Read-only file system
> chown: /dev/ttypB: Read-only file system
> chown: /dev/ttypC: Read-only file system
> chown: /dev/ttypD: Read-only file system
> chown: /dev/ttypE: Read-only file system
> chown: /dev/ttypF: Read-only file system
> chown: /dev/ttypG: Read-only file system
> chown: /dev/ttypH: Read-only file system
> chown: /dev/ttypI: Read-only file system
> chown: /dev/ttypJ: Read-only file system
> chown: /dev/ttypK: Read-only file system
> chown: /dev/ttypL: Read-only file system
> chown: /dev/ttypM: Read-only file system
> chown: /dev/ttypN: Read-only file system
> chown: /dev/ttypO: Read-only file system
> chown: /dev/ttypP: Read-only file system
> chown: /dev/ttypQ: Read-only file system
> chown: /dev/ttypR: Read-only file system
> chown: /dev/ttypS: Read-only file system
> chown: /dev/ttypT: Read-only file system
> chown: /dev/ttypU: Read-only file system
> chown: /dev/ttypV: Read-only file system
> chown: /dev/ttypW: Read-only file system
> chown: /dev/ttypX: Read-only file system
> chown: /dev/ttypY: Read-only file system
> chown: /dev/ttypZ: Read-only file system
> chown: /dev/ttypa: Read-only file system
> chown: /dev/ttypb: Read-only file system
> chown: /dev/ttypc: Read-only file system
> chown: /dev/ttypd: Read-only file system
> chown: /dev/ttype: Read-only file system
> chown: /dev/ttypf: Read-only file system
> chown: /dev/ttypg: Read-only file system
> chown: /dev/ttyph: Read-only file system
> chown: /dev/ttypi: Read-only file system
> chown: /dev/ttypj: Read-only file system
> chown: /dev/ttypk: Read-only file system
> chown: /dev/ttypl: Read-only file system
> chown: /dev/ttypm: Read-only file system
> chown: /dev/ttypn: Read-only file system
> chown: /dev/ttypo: Read-only file system
> chown: /dev/ttypp: Read-only file system
> chown: /dev/ttypq: Read-only file system
> chown: /dev/ttypr: Read-only file system
> chown: /dev/ttyps: Read-only file system
> chown: /dev/ttypt: Read-only file system
> chown: /dev/ttypu: Read-only file system
> chown: /dev/ttypv: Read-only file system
> chown: /dev/ttypw: Read-only file system
> chown: /dev/ttypx: Read-only file system
> chown: /dev/ttypy: Read-only file system
> chown: /dev/ttypz: Read-only file system clearing /tmp
> kern.securelevel: 0 -> 1
> /etc/rc[557]: cannot create /etc/motd: Read-only file system
> /etc/rc[558]: cannot create /etc/motd: Read-only file system
> /etc/rc[559]: cannot create /etc/motd: Read-only file system
> /etc/rc[560]: cannot create /etc/motd: Read-only file system
> /etc/rc[561]: cannot create /etc/motd: Read-only file system
> /etc/rc[562]: cannot create /etc/motd: Read-only file system
> /etc/rc[563]: cannot create /etc/motd: Read-only file system
> /etc/rc[564]: cannot create /etc/motd: Read-only file system
> /etc/rc[565]: cannot create /etc/motd: Read-only file system creating
> runtime link editor directory cache.
> preserving editor files.
> starting network daemons: sshd.
> starting local daemons: cron.
> Tue Jun  9 10:02:51 +03 2020

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Strahil Nikolov
I always thought that 'sync' mount option  is enough  to avoid  corruption of the FS.
Am I just "fooling" myself  ?

Best  Regards,
Strahil Nikolov

На 10 юни 2020 г. 7:46:48 GMT+03:00, Dirk Coetzee <[hidden email]> написа:

>I have been in a similar situation of power being unreliable and no
>UPS, so I sympathize.
>
>This is how I have achieved RO filesystem (default partitions)
>
>1. Add to /etc/fstab
> swap /dev mfs rw,-P=/dev,-s=32m 0 0
>
>2. Create RO Script
> #!/bin/sh
>
> UP=$(( $(date +%s) - $(sysctl -n kern.boottime) ))          ## Date in
>Seconds subtracted from OS boot time
>
> if [ $UP -lt 3600 ]; then           ## If less than 1 hour -
>leave system as is. No modification of FS. You can add crontab for this
>script to run every hour.
>   exit 1
> else
>   mount -uvr /
>   mount -uvr /usr
>   mount -uvr /usr/X11R6
>   mount -uvr /usr/local
>   mount -uvr /usr/obj
>   mount -uvr /usr/src
> fi
>
> exit 1
>
>
>Obviously this is a last resort. Default partitions, etc should remain
>as devs intended. The Developers also assume a work (RW) filesystem.
>
>I have a RW script that I run before doing  sysupgrade / syspatch etc.
>Also make the Filesystems RW before rebooting.
>
>
>
>
>-----Original Message-----
>From: [hidden email] <[hidden email]> On Behalf Of Joe
>Barnett
>Sent: Wednesday, 10 June 2020 8:02 AM
>To: Vertigo Altair <[hidden email]>
>Cc: Misc <[hidden email]>
>Subject: Re: OpenBSD Readonly File System
>
>On 2020-06-09 00:59, Vertigo Altair wrote:
>> Hi Misc,
>> I have a firewall device and I'm using OpenBSD on it. There is an
>> electricity problem where the device runs. Therefore, I have to run
>> the "fsck -y" command regularly at startup due to the electricity
>problem.
>> To
>> overcome this, I want to use readonly file system.
>>  I know there are some projects like "resflash", but I want to do
>that
>> manually.
>
>I have hacked and slashed my way to this kind of configuration for my
>firewall/gateway and a few other machines -- and with what appears to
>be good results.  Please understand this is almost certainly not
>supported by the project.  I have outlined this at the following URL:
>
>https://www.mr72.com/readonlyfs.html
>
>I hope this helps.  Any feedback will be greatly appreciated.
>
>Good luck!
>
>Joe
>
>> My partitions like this;
>>
>> vertigo# df -h
>> Filesystem     Size    Used   Avail Capacity  Mounted on
>> /dev/sd0a      3.9G    489M    3.2G    13%    /
>> /dev/sd0g     91.8G    1.0G   86.2G     1%    /mypartition
>> /dev/sd0d      989M   12.0K    940M     0%    /tmp
>> /dev/sd0f      3.9G    1.7G    2.0G    46%    /usr
>> /dev/sd0e      3.9G   46.9M    3.6G     1%    /var
>>
>> I want to / and /usr as readonly, I updated /etc/fstab and I made /
>> and /usr readonly;
>>
>> vertigo# cat /etc/fstab
>> ec347fefe8d05509.b none swap sw
>> ec347fefe8d05509.a / ffs ro 1 1
>> ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2
>> ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2 ec347fefe8d05509.f
>> /usr ffs ro,wxallowed,nodev 1 2 ec347fefe8d05509.e /var ffs
>> rw,nodev,nosuid 1 2
>>
>>
>> On startup following errors comming from /etc/rc; I think errors
>about
>> /etc/motd are not so important, but are the errors coming from
>> /etc/tty*
>> can cause any problems? If my method is not correct, what is the best
>
>> way to do this?
>>
>>>> OpenBSD/amd64 BOOTX64 3.50
>> boot>
>> booting hd0a:/bsd: 12957000+2753552+327712+0+708608
>> [807408+128+1024872+749630]=0x1271a18
>> entry point at 0x1001000
>> [ using 2583064 bytes of bsd ELF symbol table ] Copyright (c) 1982,
>> 1986, 1989, 1991, 1993
>>         The Regents of the University of California.  All rights
>> reserved.
>> Copyright (c) 1995-2020 OpenBSD. All rights reserved.  
>> https://www.OpenBSD.org
>>
>> OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020
>>
>>
>[hidden email]:/usr/src/sys/arch/amd64/compile/GEN
>> ERIC.MP
>> real mem = 4151607296 (3959MB)
>> avail mem = 4013170688 (3827MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries)
>> bios0: vendor American Megatrends Inc. version "BAR3NA05" date
>> 07/23/2018
>> bios0: NF533 NF533
>> acpi0 at bios0: ACPI 5.0
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT
>> UEFI
>> acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.37 MHz, 06-37-09
>> cpu0:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu0: 1MB 64b/line 16-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 83MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
>> cpu1:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu1: 1MB 64b/line 16-way L2 cache
>> cpu1: smt 0, core 1, package 0
>> cpu2 at mainbus0: apid 4 (application processor)
>> cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.03 MHz, 06-37-09
>> cpu2:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu2: 1MB 64b/line 16-way L2 cache
>> cpu2: smt 0, core 2, package 0
>> cpu3 at mainbus0: apid 6 (application processor)
>> cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
>> cpu3:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu3: 1MB 64b/line 16-way L2 cache
>> cpu3: smt 0, core 3, package 0
>> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
>> acpimcfg0 at acpi0
>> acpimcfg0: addr 0xe0000000, bus 0-255
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus 1 (RP01)
>> acpiprt2 at acpi0: bus 7 (RP02)
>> acpiprt3 at acpi0: bus 8 (RP03)
>> acpiprt4 at acpi0: bus 9 (RP04)
>> acpiec0 at acpi0: not present
>> acpicpu0 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpicpu1 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpicpu2 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpicpu3 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpipwrres0 at acpi0: PLPE
>> acpipwrres1 at acpi0: PLPE
>> acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
>> acpitz0 at acpi0: critical temperature is 127 degC
>> acpicmos0 at acpi0
>> acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000 "DMA0F28" at
>
>> acpi0 not configured
>> acpibtn0 at acpi0: PWRB
>> acpibtn1 at acpi0: SLPB
>> acpivideo0 at acpi0: GFX0
>> cpu0: using VERW MDS workaround
>> cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826,
>> 1743, 1660, 1577, 1494, 1411, 1328 MHz
>> pci0 at mainbus0 bus 0
>> pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x11
>> inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x11
>> drm0 at inteldrm0
>> inteldrm0: msi, VALLEYVIEW, gen 7
>> ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x11: msi,
>
>> AHCI 1.3
>> ahci0: port 0: 3.0Gb/s
>> scsibus1 at ahci0: 32 targets
>> sd0 at scsibus1 targ 0 lun 0: <ATA, KINGSTON SA400S3, SBFK>
>> naa.50026b7782d3a666
>> sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
>> xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x11: msi,
>
>> xHCI 1.0
>> usb0 at xhci0: USB revision 3.0
>> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
>> 3.00/1.00 addr 1
>> "Intel Bay Trail TXE" rev 0x11 at pci0 dev 26 function 0 not
>> configured
>> ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci1 at ppb0 bus 1
>> ppb1 at pci1 dev 0 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00
>> pci2 at ppb1 bus 2
>> ppb2 at pci2 dev 1 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci3 at ppb2 bus 3
>> ppb3 at pci2 dev 2 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci4 at ppb3 bus 4
>> em0 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0f
>> ppb4 at pci2 dev 3 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci5 at ppb4 bus 5
>> ppb5 at pci2 dev 4 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci6 at ppb5 bus 6
>> ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci7 at ppb6 bus 7
>> em1 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0c
>> ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci8 at ppb7 bus 8
>> em2 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0d
>> ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci9 at ppb8 bus 9
>> em3 at pci9 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0e
>> pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x11
>> ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x11:
>> apic 1 int 18
>> iic0 at ichiic0
>> "eeprom" at iic0 addr 0x50 not configured
>> isa0 at pcib0
>> isadma0 at isa0
>> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>> com0: console
>> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>> pckbd0 at pckbc0 (kbd slot)
>> wskbd0 at pckbd0 mux 1
>> pcppi0 at isa0 port 0x61
>> spkr0 at pcppi0
>> vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation) efifb at
>> mainbus0 not configured
>> uhub0: device problem, disabling port 1
>> uhidev0 at uhub0 port 2 configuration 1 interface 0 " USB Keyboard"
>> rev 1.10/2.50 addr 2
>> uhidev0: iclass 3/1
>> ukbd0 at uhidev0: 8 variable keys, 6 key codes
>> wskbd1 at ukbd0 mux 1
>> uhidev1 at uhub0 port 2 configuration 1 interface 1 " USB Keyboard"
>> rev 1.10/2.50 addr 2
>> uhidev1: iclass 3/0, 2 report ids
>> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
>> uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
>> uhub1 at uhub0 port 4 configuration 1 interface 0 "Genesys Logic
>> USB2.0 Hub" rev 2.00/88.32 addr 3
>> vscsi0 at root
>> scsibus2 at vscsi0: 256 targets
>> softraid0 at root
>> scsibus3 at softraid0: 256 targets
>> root on sd0a (ec347fefe8d05509.a) swap on sd0b dump on sd0b
>> inteldrm0: 1600x900, 32bpp
>> wsdisplay0 at inteldrm0 mux 1
>> pckbd_enable: command error
>> wskbd1: connecting to wsdisplay0
>> wsdisplay0: screen 0-5 added (std, vt100 emulation) Automatic boot in
>
>> progress: starting file system checks.
>> /dev/sd0a (ec347fefe8d05509.a): file system is clean; not checking
>> /dev/sd0g (ec347fefe8d05509.g): file system is clean; not checking
>> /dev/sd0d (ec347fefe8d05509.d): file system is clean; not checking
>> /dev/sd0f (ec347fefe8d05509.f): file system is clean; not checking
>> /dev/sd0e (ec347fefe8d05509.e): file system is clean; not checking
>> kbd: keyboard mapping set to tr
>> net.inet.udp.recvspace: 41600 -> 262144
>> net.inet.udp.sendspace: 9216 -> 262144
>> kern.maxfiles: 7030 -> 2048000
>> kern.maxclusters: 262144 -> 1280000
>> kern.somaxconn: 128 -> 10240
>> kern.seminfo.semmni: 10 -> 1024
>> kern.seminfo.semmns: 60 -> 4096
>> kern.shminfo.shmmax: 33554432 -> 805306368
>> kern.shminfo.shmall: 196608 -> 196608
>> kern.maxvnodes: 5926 -> 200000
>> net.inet.icmp.errppslimit: 100 -> 1000
>> ddb.panic: 1 -> 0
>> net.inet.ip.forwarding: 0 -> 1
>> kern.maxproc: 1310 -> 200000
>> kern.bufcachepercent: 20 -> 70
>> net.inet.ip.mforwarding: 0 -> 1
>> net.inet.gre.allow: 0 -> 1
>> net.inet.esp.enable: 1 -> 1
>> net.pipex.enable: 0 -> 1
>> machdep.kbdreset: 0 -> 1
>> kern.pool_debug: 0 -> 0
>> net.inet.ip.multipath: 0 -> 1
>> net.inet6.ip6.multipath: 0 -> 1
>> net.inet.divert.recvspace: 65636 -> 1048576
>> net.inet.divert.sendspace: 65636 -> 1048576
>> net.inet6.divert.recvspace: 65636 -> 1048576
>> net.inet6.divert.sendspace: 65636 -> 1048576
>> hw.smt: 0 -> 1
>> starting network
>> reordering libraries: done.
>> starting early daemons: syslogd ntpd.
>> starting RPC daemons:.
>> savecore: no core dump
>> checking quotas: done.
>> chmod: /dev/ttyp0: Read-only file system
>> chmod: /dev/ttyp1: Read-only file system
>> chmod: /dev/ttyp2: Read-only file system
>> chmod: /dev/ttyp3: Read-only file system
>> chmod: /dev/ttyp4: Read-only file system
>> chmod: /dev/ttyp5: Read-only file system
>> chmod: /dev/ttyp6: Read-only file system
>> chmod: /dev/ttyp7: Read-only file system
>> chmod: /dev/ttyp8: Read-only file system
>> chmod: /dev/ttyp9: Read-only file system
>> chmod: /dev/ttypA: Read-only file system
>> chmod: /dev/ttypB: Read-only file system
>> chmod: /dev/ttypC: Read-only file system
>> chmod: /dev/ttypD: Read-only file system
>> chmod: /dev/ttypE: Read-only file system
>> chmod: /dev/ttypF: Read-only file system
>> chmod: /dev/ttypG: Read-only file system
>> chmod: /dev/ttypH: Read-only file system
>> chmod: /dev/ttypI: Read-only file system
>> chmod: /dev/ttypJ: Read-only file system
>> chmod: /dev/ttypK: Read-only file system
>> chmod: /dev/ttypL: Read-only file system
>> chmod: /dev/ttypM: Read-only file system
>> chmod: /dev/ttypN: Read-only file system
>> chmod: /dev/ttypO: Read-only file system
>> chmod: /dev/ttypP: Read-only file system
>> chmod: /dev/ttypQ: Read-only file system
>> chmod: /dev/ttypR: Read-only file system
>> chmod: /dev/ttypS: Read-only file system
>> chmod: /dev/ttypT: Read-only file system
>> chmod: /dev/ttypU: Read-only file system
>> chmod: /dev/ttypV: Read-only file system
>> chmod: /dev/ttypW: Read-only file system
>> chmod: /dev/ttypX: Read-only file system
>> chmod: /dev/ttypY: Read-only file system
>> chmod: /dev/ttypZ: Read-only file system
>> chmod: /dev/ttypa: Read-only file system
>> chmod: /dev/ttypb: Read-only file system
>> chmod: /dev/ttypc: Read-only file system
>> chmod: /dev/ttypd: Read-only file system
>> chmod: /dev/ttype: Read-only file system
>> chmod: /dev/ttypf: Read-only file system
>> chmod: /dev/ttypg: Read-only file system
>> chmod: /dev/ttyph: Read-only file system
>> chmod: /dev/ttypi: Read-only file system
>> chmod: /dev/ttypj: Read-only file system
>> chmod: /dev/ttypk: Read-only file system
>> chmod: /dev/ttypl: Read-only file system
>> chmod: /dev/ttypm: Read-only file system
>> chmod: /dev/ttypn: Read-only file system
>> chmod: /dev/ttypo: Read-only file system
>> chmod: /dev/ttypp: Read-only file system
>> chmod: /dev/ttypq: Read-only file system
>> chmod: /dev/ttypr: Read-only file system
>> chmod: /dev/ttyps: Read-only file system
>> chmod: /dev/ttypt: Read-only file system
>> chmod: /dev/ttypu: Read-only file system
>> chmod: /dev/ttypv: Read-only file system
>> chmod: /dev/ttypw: Read-only file system
>> chmod: /dev/ttypx: Read-only file system
>> chmod: /dev/ttypy: Read-only file system
>> chmod: /dev/ttypz: Read-only file system
>> chown: /dev/ttyp0: Read-only file system
>> chown: /dev/ttyp1: Read-only file system
>> chown: /dev/ttyp2: Read-only file system
>> chown: /dev/ttyp3: Read-only file system
>> chown: /dev/ttyp4: Read-only file system
>> chown: /dev/ttyp5: Read-only file system
>> chown: /dev/ttyp6: Read-only file system
>> chown: /dev/ttyp7: Read-only file system
>> chown: /dev/ttyp8: Read-only file system
>> chown: /dev/ttyp9: Read-only file system
>> chown: /dev/ttypA: Read-only file system
>> chown: /dev/ttypB: Read-only file system
>> chown: /dev/ttypC: Read-only file system
>> chown: /dev/ttypD: Read-only file system
>> chown: /dev/ttypE: Read-only file system
>> chown: /dev/ttypF: Read-only file system
>> chown: /dev/ttypG: Read-only file system
>> chown: /dev/ttypH: Read-only file system
>> chown: /dev/ttypI: Read-only file system
>> chown: /dev/ttypJ: Read-only file system
>> chown: /dev/ttypK: Read-only file system
>> chown: /dev/ttypL: Read-only file system
>> chown: /dev/ttypM: Read-only file system
>> chown: /dev/ttypN: Read-only file system
>> chown: /dev/ttypO: Read-only file system
>> chown: /dev/ttypP: Read-only file system
>> chown: /dev/ttypQ: Read-only file system
>> chown: /dev/ttypR: Read-only file system
>> chown: /dev/ttypS: Read-only file system
>> chown: /dev/ttypT: Read-only file system
>> chown: /dev/ttypU: Read-only file system
>> chown: /dev/ttypV: Read-only file system
>> chown: /dev/ttypW: Read-only file system
>> chown: /dev/ttypX: Read-only file system
>> chown: /dev/ttypY: Read-only file system
>> chown: /dev/ttypZ: Read-only file system
>> chown: /dev/ttypa: Read-only file system
>> chown: /dev/ttypb: Read-only file system
>> chown: /dev/ttypc: Read-only file system
>> chown: /dev/ttypd: Read-only file system
>> chown: /dev/ttype: Read-only file system
>> chown: /dev/ttypf: Read-only file system
>> chown: /dev/ttypg: Read-only file system
>> chown: /dev/ttyph: Read-only file system
>> chown: /dev/ttypi: Read-only file system
>> chown: /dev/ttypj: Read-only file system
>> chown: /dev/ttypk: Read-only file system
>> chown: /dev/ttypl: Read-only file system
>> chown: /dev/ttypm: Read-only file system
>> chown: /dev/ttypn: Read-only file system
>> chown: /dev/ttypo: Read-only file system
>> chown: /dev/ttypp: Read-only file system
>> chown: /dev/ttypq: Read-only file system
>> chown: /dev/ttypr: Read-only file system
>> chown: /dev/ttyps: Read-only file system
>> chown: /dev/ttypt: Read-only file system
>> chown: /dev/ttypu: Read-only file system
>> chown: /dev/ttypv: Read-only file system
>> chown: /dev/ttypw: Read-only file system
>> chown: /dev/ttypx: Read-only file system
>> chown: /dev/ttypy: Read-only file system
>> chown: /dev/ttypz: Read-only file system clearing /tmp
>> kern.securelevel: 0 -> 1
>> /etc/rc[557]: cannot create /etc/motd: Read-only file system
>> /etc/rc[558]: cannot create /etc/motd: Read-only file system
>> /etc/rc[559]: cannot create /etc/motd: Read-only file system
>> /etc/rc[560]: cannot create /etc/motd: Read-only file system
>> /etc/rc[561]: cannot create /etc/motd: Read-only file system
>> /etc/rc[562]: cannot create /etc/motd: Read-only file system
>> /etc/rc[563]: cannot create /etc/motd: Read-only file system
>> /etc/rc[564]: cannot create /etc/motd: Read-only file system
>> /etc/rc[565]: cannot create /etc/motd: Read-only file system creating
>
>> runtime link editor directory cache.
>> preserving editor files.
>> starting network daemons: sshd.
>> starting local daemons: cron.
>> Tue Jun  9 10:02:51 +03 2020

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Dirk Coetzee
I guess it boils down to a matter of preference and business requirements.

"slow writes" vs "no writes".

-----Original Message-----
From: Strahil Nikolov <[hidden email]>
Sent: Friday, 12 June 2020 12:08 AM
To: Dirk Coetzee <[hidden email]>; Joe Barnett <[hidden email]>; Vertigo Altair <[hidden email]>
Cc: Misc <[hidden email]>
Subject: Re: OpenBSD Readonly File System

I always thought that 'sync' mount option  is enough  to avoid  corruption of the FS.
Am I just "fooling" myself  ?

Best  Regards,
Strahil Nikolov

На 10 юни 2020 г. 7:46:48 GMT+03:00, Dirk Coetzee <[hidden email]> написа:

>I have been in a similar situation of power being unreliable and no
>UPS, so I sympathize.
>
>This is how I have achieved RO filesystem (default partitions)
>
>1. Add to /etc/fstab
> swap /dev mfs rw,-P=/dev,-s=32m 0 0
>
>2. Create RO Script
> #!/bin/sh
>
> UP=$(( $(date +%s) - $(sysctl -n kern.boottime) ))          ## Date in
>Seconds subtracted from OS boot time
>
> if [ $UP -lt 3600 ]; then           ## If less than 1 hour -
>leave system as is. No modification of FS. You can add crontab for this
>script to run every hour.
>   exit 1
> else
>   mount -uvr /
>   mount -uvr /usr
>   mount -uvr /usr/X11R6
>   mount -uvr /usr/local
>   mount -uvr /usr/obj
>   mount -uvr /usr/src
> fi
>
> exit 1
>
>
>Obviously this is a last resort. Default partitions, etc should remain
>as devs intended. The Developers also assume a work (RW) filesystem.
>
>I have a RW script that I run before doing  sysupgrade / syspatch etc.
>Also make the Filesystems RW before rebooting.
>
>
>
>
>-----Original Message-----
>From: [hidden email] <[hidden email]> On Behalf Of Joe
>Barnett
>Sent: Wednesday, 10 June 2020 8:02 AM
>To: Vertigo Altair <[hidden email]>
>Cc: Misc <[hidden email]>
>Subject: Re: OpenBSD Readonly File System
>
>On 2020-06-09 00:59, Vertigo Altair wrote:
>> Hi Misc,
>> I have a firewall device and I'm using OpenBSD on it. There is an
>> electricity problem where the device runs. Therefore, I have to run
>> the "fsck -y" command regularly at startup due to the electricity
>problem.
>> To
>> overcome this, I want to use readonly file system.
>>  I know there are some projects like "resflash", but I want to do
>that
>> manually.
>
>I have hacked and slashed my way to this kind of configuration for my
>firewall/gateway and a few other machines -- and with what appears to
>be good results.  Please understand this is almost certainly not
>supported by the project.  I have outlined this at the following URL:
>
>https://www.mr72.com/readonlyfs.html
>
>I hope this helps.  Any feedback will be greatly appreciated.
>
>Good luck!
>
>Joe
>
>> My partitions like this;
>>
>> vertigo# df -h
>> Filesystem     Size    Used   Avail Capacity  Mounted on
>> /dev/sd0a      3.9G    489M    3.2G    13%    /
>> /dev/sd0g     91.8G    1.0G   86.2G     1%    /mypartition
>> /dev/sd0d      989M   12.0K    940M     0%    /tmp
>> /dev/sd0f      3.9G    1.7G    2.0G    46%    /usr
>> /dev/sd0e      3.9G   46.9M    3.6G     1%    /var
>>
>> I want to / and /usr as readonly, I updated /etc/fstab and I made /
>> and /usr readonly;
>>
>> vertigo# cat /etc/fstab
>> ec347fefe8d05509.b none swap sw
>> ec347fefe8d05509.a / ffs ro 1 1
>> ec347fefe8d05509.g /mypartition ffs rw,nodev,nosuid 1 2
>> ec347fefe8d05509.d /tmp ffs rw,nodev,nosuid 1 2 ec347fefe8d05509.f
>> /usr ffs ro,wxallowed,nodev 1 2 ec347fefe8d05509.e /var ffs
>> rw,nodev,nosuid 1 2
>>
>>
>> On startup following errors comming from /etc/rc; I think errors
>about
>> /etc/motd are not so important, but are the errors coming from
>> /etc/tty*
>> can cause any problems? If my method is not correct, what is the best
>
>> way to do this?
>>
>>>> OpenBSD/amd64 BOOTX64 3.50
>> boot>
>> booting hd0a:/bsd: 12957000+2753552+327712+0+708608
>> [807408+128+1024872+749630]=0x1271a18
>> entry point at 0x1001000
>> [ using 2583064 bytes of bsd ELF symbol table ] Copyright (c) 1982,
>> 1986, 1989, 1991, 1993
>>         The Regents of the University of California.  All rights
>> reserved.
>> Copyright (c) 1995-2020 OpenBSD. All rights reserved.  
>> https://www.OpenBSD.org
>>
>> OpenBSD 6.7 (GENERIC.MP) #2: Thu Jun  4 09:55:08 MDT 2020
>>
>>
>[hidden email]:/usr/src/sys/arch/amd64/compile/GEN
>> ERIC.MP
>> real mem = 4151607296 (3959MB)
>> avail mem = 4013170688 (3827MB)
>> mpath0 at root
>> scsibus0 at mpath0: 256 targets
>> mainbus0 at root
>> bios0 at mainbus0: SMBIOS rev. 2.8 @ 0xebf10 (14 entries)
>> bios0: vendor American Megatrends Inc. version "BAR3NA05" date
>> 07/23/2018
>> bios0: NF533 NF533
>> acpi0 at bios0: ACPI 5.0
>> acpi0: sleep states S0 S3 S4 S5
>> acpi0: tables DSDT FACP APIC FPDT FIDT MCFG LPIT HPET SSDT SSDT SSDT
>> UEFI
>> acpi0: wakeup devices XHC1(S4) PXSX(S4) PXSX(S4) PXSX(S4) PXSX(S4)
>> acpitimer0 at acpi0: 3579545 Hz, 24 bits
>> acpimadt0 at acpi0 addr 0xfee00000: PC-AT compat
>> cpu0 at mainbus0: apid 0 (boot processor)
>> cpu0: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.37 MHz, 06-37-09
>> cpu0:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu0: 1MB 64b/line 16-way L2 cache
>> cpu0: smt 0, core 0, package 0
>> mtrr: Pentium Pro MTRR support, 8 var ranges, 88 fixed ranges
>> cpu0: apic clock running at 83MHz
>> cpu0: mwait min=64, max=64, C-substates=0.2.0.0.0.0.3.3, IBE
>> cpu1 at mainbus0: apid 2 (application processor)
>> cpu1: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
>> cpu1:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu1: 1MB 64b/line 16-way L2 cache
>> cpu1: smt 0, core 1, package 0
>> cpu2 at mainbus0: apid 4 (application processor)
>> cpu2: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.03 MHz, 06-37-09
>> cpu2:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu2: 1MB 64b/line 16-way L2 cache
>> cpu2: smt 0, core 2, package 0
>> cpu3 at mainbus0: apid 6 (application processor)
>> cpu3: Intel(R) Celeron(R) CPU J1900 @ 1.99GHz, 2000.01 MHz, 06-37-09
>> cpu3:
>>
>FPU,VME,DE,PSE,TSC,MSR,PAE,MCE,CX8,APIC,SEP,MTRR,PGE,MCA,CMOV,PAT,PSE3
>>
>6,CFLUSH,DS,ACPI,MMX,FXSR,SSE,SSE2,SS,HTT,TM,PBE,SSE3,PCLMUL,DTES64,MW
>>
>AIT,DS-CPL,VMX,EST,TM2,SSSE3,CX16,xTPR,PDCM,SSE4.1,SSE4.2,MOVBE,POPCNT
>>
>,DEADLINE,RDRAND,NXE,RDTSCP,LONG,LAHF,3DNOWP,PERF,ITSC,TSC_ADJUST,SMEP
>> ,ERMS,MD_CLEAR,IBRS,IBPB,STIBP,SENSOR,ARAT,MELTDOWN
>> cpu3: 1MB 64b/line 16-way L2 cache
>> cpu3: smt 0, core 3, package 0
>> ioapic0 at mainbus0: apid 1 pa 0xfec00000, version 20, 87 pins
>> acpimcfg0 at acpi0
>> acpimcfg0: addr 0xe0000000, bus 0-255
>> acpihpet0 at acpi0: 14318179 Hz
>> acpiprt0 at acpi0: bus 0 (PCI0)
>> acpiprt1 at acpi0: bus 1 (RP01)
>> acpiprt2 at acpi0: bus 7 (RP02)
>> acpiprt3 at acpi0: bus 8 (RP03)
>> acpiprt4 at acpi0: bus 9 (RP04)
>> acpiec0 at acpi0: not present
>> acpicpu0 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpicpu1 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpicpu2 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpicpu3 at acpi0: C2(10@500 mwait.1@0x58), C1(1000@1 mwait.1), PSS
>> acpipwrres0 at acpi0: PLPE
>> acpipwrres1 at acpi0: PLPE
>> acpipwrres2 at acpi0: USBC, resource for EHC1, OTG1
>> acpitz0 at acpi0: critical temperature is 127 degC
>> acpicmos0 at acpi0
>> acpipci0 at acpi0 PCI0: 0x00000010 0x00000011 0x00000000 "DMA0F28" at
>
>> acpi0 not configured
>> acpibtn0 at acpi0: PWRB
>> acpibtn1 at acpi0: SLPB
>> acpivideo0 at acpi0: GFX0
>> cpu0: using VERW MDS workaround
>> cpu0: Enhanced SpeedStep 2000 MHz: speeds: 1993, 1992, 1909, 1826,
>> 1743, 1660, 1577, 1494, 1411, 1328 MHz
>> pci0 at mainbus0 bus 0
>> pchb0 at pci0 dev 0 function 0 "Intel Bay Trail Host" rev 0x11
>> inteldrm0 at pci0 dev 2 function 0 "Intel Bay Trail Video" rev 0x11
>> drm0 at inteldrm0
>> inteldrm0: msi, VALLEYVIEW, gen 7
>> ahci0 at pci0 dev 19 function 0 "Intel Bay Trail AHCI" rev 0x11: msi,
>
>> AHCI 1.3
>> ahci0: port 0: 3.0Gb/s
>> scsibus1 at ahci0: 32 targets
>> sd0 at scsibus1 targ 0 lun 0: <ATA, KINGSTON SA400S3, SBFK>
>> naa.50026b7782d3a666
>> sd0: 114473MB, 512 bytes/sector, 234441648 sectors, thin
>> xhci0 at pci0 dev 20 function 0 "Intel Bay Trail xHCI" rev 0x11: msi,
>
>> xHCI 1.0
>> usb0 at xhci0: USB revision 3.0
>> uhub0 at usb0 configuration 1 interface 0 "Intel xHCI root hub" rev
>> 3.00/1.00 addr 1
>> "Intel Bay Trail TXE" rev 0x11 at pci0 dev 26 function 0 not
>> configured
>> ppb0 at pci0 dev 28 function 0 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci1 at ppb0 bus 1
>> ppb1 at pci1 dev 0 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00
>> pci2 at ppb1 bus 2
>> ppb2 at pci2 dev 1 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci3 at ppb2 bus 3
>> ppb3 at pci2 dev 2 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci4 at ppb3 bus 4
>> em0 at pci4 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0f
>> ppb4 at pci2 dev 3 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci5 at ppb4 bus 5
>> ppb5 at pci2 dev 4 function 0 "Pericom PI7C9X2G608GP PCIE" rev 0x00:
>> msi
>> pci6 at ppb5 bus 6
>> ppb6 at pci0 dev 28 function 1 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci7 at ppb6 bus 7
>> em1 at pci7 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0c
>> ppb7 at pci0 dev 28 function 2 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci8 at ppb7 bus 8
>> em2 at pci8 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0d
>> ppb8 at pci0 dev 28 function 3 "Intel Bay Trail PCIE" rev 0x11: msi
>> pci9 at ppb8 bus 9
>> em3 at pci9 dev 0 function 0 "Intel I211" rev 0x03: msi, address
>> 00:30:18:00:05:0e
>> pcib0 at pci0 dev 31 function 0 "Intel Bay Trail LPC" rev 0x11
>> ichiic0 at pci0 dev 31 function 3 "Intel Bay Trail SMBus" rev 0x11:
>> apic 1 int 18
>> iic0 at ichiic0
>> "eeprom" at iic0 addr 0x50 not configured
>> isa0 at pcib0
>> isadma0 at isa0
>> com0 at isa0 port 0x3f8/8 irq 4: ns16550a, 16 byte fifo
>> com0: console
>> com1 at isa0 port 0x2f8/8 irq 3: ns16550a, 16 byte fifo
>> pckbc0 at isa0 port 0x60/5 irq 1 irq 12
>> pckbd0 at pckbc0 (kbd slot)
>> wskbd0 at pckbd0 mux 1
>> pcppi0 at isa0 port 0x61
>> spkr0 at pcppi0
>> vmm0 at mainbus0: VMX/EPT (using slow L1TF mitigation) efifb at
>> mainbus0 not configured
>> uhub0: device problem, disabling port 1
>> uhidev0 at uhub0 port 2 configuration 1 interface 0 " USB Keyboard"
>> rev 1.10/2.50 addr 2
>> uhidev0: iclass 3/1
>> ukbd0 at uhidev0: 8 variable keys, 6 key codes
>> wskbd1 at ukbd0 mux 1
>> uhidev1 at uhub0 port 2 configuration 1 interface 1 " USB Keyboard"
>> rev 1.10/2.50 addr 2
>> uhidev1: iclass 3/0, 2 report ids
>> uhid0 at uhidev1 reportid 1: input=1, output=0, feature=0
>> uhid1 at uhidev1 reportid 2: input=3, output=0, feature=0
>> uhub1 at uhub0 port 4 configuration 1 interface 0 "Genesys Logic
>> USB2.0 Hub" rev 2.00/88.32 addr 3
>> vscsi0 at root
>> scsibus2 at vscsi0: 256 targets
>> softraid0 at root
>> scsibus3 at softraid0: 256 targets
>> root on sd0a (ec347fefe8d05509.a) swap on sd0b dump on sd0b
>> inteldrm0: 1600x900, 32bpp
>> wsdisplay0 at inteldrm0 mux 1
>> pckbd_enable: command error
>> wskbd1: connecting to wsdisplay0
>> wsdisplay0: screen 0-5 added (std, vt100 emulation) Automatic boot in
>
>> progress: starting file system checks.
>> /dev/sd0a (ec347fefe8d05509.a): file system is clean; not checking
>> /dev/sd0g (ec347fefe8d05509.g): file system is clean; not checking
>> /dev/sd0d (ec347fefe8d05509.d): file system is clean; not checking
>> /dev/sd0f (ec347fefe8d05509.f): file system is clean; not checking
>> /dev/sd0e (ec347fefe8d05509.e): file system is clean; not checking
>> kbd: keyboard mapping set to tr
>> net.inet.udp.recvspace: 41600 -> 262144
>> net.inet.udp.sendspace: 9216 -> 262144
>> kern.maxfiles: 7030 -> 2048000
>> kern.maxclusters: 262144 -> 1280000
>> kern.somaxconn: 128 -> 10240
>> kern.seminfo.semmni: 10 -> 1024
>> kern.seminfo.semmns: 60 -> 4096
>> kern.shminfo.shmmax: 33554432 -> 805306368
>> kern.shminfo.shmall: 196608 -> 196608
>> kern.maxvnodes: 5926 -> 200000
>> net.inet.icmp.errppslimit: 100 -> 1000
>> ddb.panic: 1 -> 0
>> net.inet.ip.forwarding: 0 -> 1
>> kern.maxproc: 1310 -> 200000
>> kern.bufcachepercent: 20 -> 70
>> net.inet.ip.mforwarding: 0 -> 1
>> net.inet.gre.allow: 0 -> 1
>> net.inet.esp.enable: 1 -> 1
>> net.pipex.enable: 0 -> 1
>> machdep.kbdreset: 0 -> 1
>> kern.pool_debug: 0 -> 0
>> net.inet.ip.multipath: 0 -> 1
>> net.inet6.ip6.multipath: 0 -> 1
>> net.inet.divert.recvspace: 65636 -> 1048576
>> net.inet.divert.sendspace: 65636 -> 1048576
>> net.inet6.divert.recvspace: 65636 -> 1048576
>> net.inet6.divert.sendspace: 65636 -> 1048576
>> hw.smt: 0 -> 1
>> starting network
>> reordering libraries: done.
>> starting early daemons: syslogd ntpd.
>> starting RPC daemons:.
>> savecore: no core dump
>> checking quotas: done.
>> chmod: /dev/ttyp0: Read-only file system
>> chmod: /dev/ttyp1: Read-only file system
>> chmod: /dev/ttyp2: Read-only file system
>> chmod: /dev/ttyp3: Read-only file system
>> chmod: /dev/ttyp4: Read-only file system
>> chmod: /dev/ttyp5: Read-only file system
>> chmod: /dev/ttyp6: Read-only file system
>> chmod: /dev/ttyp7: Read-only file system
>> chmod: /dev/ttyp8: Read-only file system
>> chmod: /dev/ttyp9: Read-only file system
>> chmod: /dev/ttypA: Read-only file system
>> chmod: /dev/ttypB: Read-only file system
>> chmod: /dev/ttypC: Read-only file system
>> chmod: /dev/ttypD: Read-only file system
>> chmod: /dev/ttypE: Read-only file system
>> chmod: /dev/ttypF: Read-only file system
>> chmod: /dev/ttypG: Read-only file system
>> chmod: /dev/ttypH: Read-only file system
>> chmod: /dev/ttypI: Read-only file system
>> chmod: /dev/ttypJ: Read-only file system
>> chmod: /dev/ttypK: Read-only file system
>> chmod: /dev/ttypL: Read-only file system
>> chmod: /dev/ttypM: Read-only file system
>> chmod: /dev/ttypN: Read-only file system
>> chmod: /dev/ttypO: Read-only file system
>> chmod: /dev/ttypP: Read-only file system
>> chmod: /dev/ttypQ: Read-only file system
>> chmod: /dev/ttypR: Read-only file system
>> chmod: /dev/ttypS: Read-only file system
>> chmod: /dev/ttypT: Read-only file system
>> chmod: /dev/ttypU: Read-only file system
>> chmod: /dev/ttypV: Read-only file system
>> chmod: /dev/ttypW: Read-only file system
>> chmod: /dev/ttypX: Read-only file system
>> chmod: /dev/ttypY: Read-only file system
>> chmod: /dev/ttypZ: Read-only file system
>> chmod: /dev/ttypa: Read-only file system
>> chmod: /dev/ttypb: Read-only file system
>> chmod: /dev/ttypc: Read-only file system
>> chmod: /dev/ttypd: Read-only file system
>> chmod: /dev/ttype: Read-only file system
>> chmod: /dev/ttypf: Read-only file system
>> chmod: /dev/ttypg: Read-only file system
>> chmod: /dev/ttyph: Read-only file system
>> chmod: /dev/ttypi: Read-only file system
>> chmod: /dev/ttypj: Read-only file system
>> chmod: /dev/ttypk: Read-only file system
>> chmod: /dev/ttypl: Read-only file system
>> chmod: /dev/ttypm: Read-only file system
>> chmod: /dev/ttypn: Read-only file system
>> chmod: /dev/ttypo: Read-only file system
>> chmod: /dev/ttypp: Read-only file system
>> chmod: /dev/ttypq: Read-only file system
>> chmod: /dev/ttypr: Read-only file system
>> chmod: /dev/ttyps: Read-only file system
>> chmod: /dev/ttypt: Read-only file system
>> chmod: /dev/ttypu: Read-only file system
>> chmod: /dev/ttypv: Read-only file system
>> chmod: /dev/ttypw: Read-only file system
>> chmod: /dev/ttypx: Read-only file system
>> chmod: /dev/ttypy: Read-only file system
>> chmod: /dev/ttypz: Read-only file system
>> chown: /dev/ttyp0: Read-only file system
>> chown: /dev/ttyp1: Read-only file system
>> chown: /dev/ttyp2: Read-only file system
>> chown: /dev/ttyp3: Read-only file system
>> chown: /dev/ttyp4: Read-only file system
>> chown: /dev/ttyp5: Read-only file system
>> chown: /dev/ttyp6: Read-only file system
>> chown: /dev/ttyp7: Read-only file system
>> chown: /dev/ttyp8: Read-only file system
>> chown: /dev/ttyp9: Read-only file system
>> chown: /dev/ttypA: Read-only file system
>> chown: /dev/ttypB: Read-only file system
>> chown: /dev/ttypC: Read-only file system
>> chown: /dev/ttypD: Read-only file system
>> chown: /dev/ttypE: Read-only file system
>> chown: /dev/ttypF: Read-only file system
>> chown: /dev/ttypG: Read-only file system
>> chown: /dev/ttypH: Read-only file system
>> chown: /dev/ttypI: Read-only file system
>> chown: /dev/ttypJ: Read-only file system
>> chown: /dev/ttypK: Read-only file system
>> chown: /dev/ttypL: Read-only file system
>> chown: /dev/ttypM: Read-only file system
>> chown: /dev/ttypN: Read-only file system
>> chown: /dev/ttypO: Read-only file system
>> chown: /dev/ttypP: Read-only file system
>> chown: /dev/ttypQ: Read-only file system
>> chown: /dev/ttypR: Read-only file system
>> chown: /dev/ttypS: Read-only file system
>> chown: /dev/ttypT: Read-only file system
>> chown: /dev/ttypU: Read-only file system
>> chown: /dev/ttypV: Read-only file system
>> chown: /dev/ttypW: Read-only file system
>> chown: /dev/ttypX: Read-only file system
>> chown: /dev/ttypY: Read-only file system
>> chown: /dev/ttypZ: Read-only file system
>> chown: /dev/ttypa: Read-only file system
>> chown: /dev/ttypb: Read-only file system
>> chown: /dev/ttypc: Read-only file system
>> chown: /dev/ttypd: Read-only file system
>> chown: /dev/ttype: Read-only file system
>> chown: /dev/ttypf: Read-only file system
>> chown: /dev/ttypg: Read-only file system
>> chown: /dev/ttyph: Read-only file system
>> chown: /dev/ttypi: Read-only file system
>> chown: /dev/ttypj: Read-only file system
>> chown: /dev/ttypk: Read-only file system
>> chown: /dev/ttypl: Read-only file system
>> chown: /dev/ttypm: Read-only file system
>> chown: /dev/ttypn: Read-only file system
>> chown: /dev/ttypo: Read-only file system
>> chown: /dev/ttypp: Read-only file system
>> chown: /dev/ttypq: Read-only file system
>> chown: /dev/ttypr: Read-only file system
>> chown: /dev/ttyps: Read-only file system
>> chown: /dev/ttypt: Read-only file system
>> chown: /dev/ttypu: Read-only file system
>> chown: /dev/ttypv: Read-only file system
>> chown: /dev/ttypw: Read-only file system
>> chown: /dev/ttypx: Read-only file system
>> chown: /dev/ttypy: Read-only file system
>> chown: /dev/ttypz: Read-only file system clearing /tmp
>> kern.securelevel: 0 -> 1
>> /etc/rc[557]: cannot create /etc/motd: Read-only file system
>> /etc/rc[558]: cannot create /etc/motd: Read-only file system
>> /etc/rc[559]: cannot create /etc/motd: Read-only file system
>> /etc/rc[560]: cannot create /etc/motd: Read-only file system
>> /etc/rc[561]: cannot create /etc/motd: Read-only file system
>> /etc/rc[562]: cannot create /etc/motd: Read-only file system
>> /etc/rc[563]: cannot create /etc/motd: Read-only file system
>> /etc/rc[564]: cannot create /etc/motd: Read-only file system
>> /etc/rc[565]: cannot create /etc/motd: Read-only file system creating
>
>> runtime link editor directory cache.
>> preserving editor files.
>> starting network daemons: sshd.
>> starting local daemons: cron.
>> Tue Jun  9 10:02:51 +03 2020

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Kevin Chadwick-4
On 2020-06-11 23:47, Dirk Coetzee wrote:

> I always thought that 'sync' mount option  is enough  to avoid  corruption of
the FS.

> Am I just "fooling" myself  ?

> I guess it boils down to a matter of preference and business requirements.
>
> "slow writes" vs "no writes".

It's a good point, perhaps? Comments anyone?

I think many went the RO route to avoid fsck and add an extra layer of security.

Now that there is KARL and ffs2 means fsck is faster. The argument for RO being
more of a problem than anything else, has gotten stronger, whilst ironically
there seems to be more frequent reports of people using RO.

Batteries/UPS are certainly still, the best answer. Database corruption for example.

I also wonder how sync might affect disk churn during KARL. I'm not sure I care
at all, about a one-off at boot though.

Is there any mileage for root to be mounted sync in any case with so few writes,
but maybe a problem for bsd.rd and live upgrades may want to re-mount? Though
perhaps safety is more important, in any case?

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Nick Holland
In reply to this post by Strahil Nikolov
On 2020-06-11 12:07, Strahil Nikolov wrote:
> I always thought that 'sync' mount option  is enough  to avoid
> corruption of the FS. Am I just "fooling" myself  ?

As "sync" is the default...yes, I think you are.

File systems are complicated.  Making them work robustly is even
more complicated.  And the ways hardware (including power) fails
is often difficult to comprehend from a high-level language
standpoint ("I just wrote fifty bytes to the end of the file,
what's the big deal?").  All things considered, FFS works
amazingly well.


Back to the OP's question -- I'm curious why he's having trouble
I just don't have.  The vast majority of the time, my firewalls
and other OpenBSD systems just come back on their own without
intervention.  When I'm moving or otherwise maintaining an
OpenBSD system, I often just yank the power cord and let the
thing fsck itself on reboot.  I'm not going to say it ALWAYS
comes back without intervention, but I'd guess well over 90%
of the time, they just come up without help.)

So...  I'd look at what's going on more than try to change the
basic operation of OpenBSD.  Why are you writing to disk so much
that your file systems end up being trashed?

Some ideas I'd try before making a Franken-system:
* Log to another system over the network via syslog so less
writing happens locally.
* use the noatime mount option -- that reduces a lot of
unneeded writes.  
* Faster disks -- How about a small SSD?  They spend less
time writing, and often have enough on-board capacitance to
complete writes after a power interruption.
* experiment with softdeps.  Supposedly, it helps keep the
/FILE SYSTEM/ consistent.  My experience is it tends to
truncate files on unexpected power-downs, but in MOST cases,
I'd rather have a zero byte file that has obviously been
mangled than one that looks ok.  I almost always use softdeps,
maybe that's why my systems almost always come back after a
power interruption?

I have no hard facts to back up any of those helping a
system come up on its own after a impolite powerdown, but
they all seem like they might.  And I do most of them, and
my results seem to be better than the OP's, so maybe?

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Todd C. Miller-3
On Sat, 13 Jun 2020 12:12:05 -0400, Nick Holland wrote:

> On 2020-06-11 12:07, Strahil Nikolov wrote:
> > I always thought that 'sync' mount option  is enough  to avoid
> > corruption of the FS. Am I just "fooling" myself  ?
>
> As "sync" is the default...yes, I think you are.

Actually, by default only metadata is written synchronously.  The
"sync" mount option causes data to be written synchronously too.
Of course, the disk *itself* has a cache so even with synchronous
writes you can't be sure the data has actually made it to the platter.

So yes, I agree that sync mounts are not really enough to help here.
You are probably correct that softdep is better for this kind of
thing since it does a better job of keeping the filesystem in a
consistent state, at the cost of missing data when there is an
unclean shutdown.  In theory, the on-device cache can still cause
issues when you lose power though.

 - todd

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Marko Cupać
In reply to this post by Vertigo Altair
On 2020-06-09 09:59, Vertigo Altair wrote:

> Hi Misc,
> I have a firewall device and I'm using OpenBSD on it. There is an
> electricity problem where the device runs. Therefore, I have to run the
> "fsck -y" command regularly at startup due to the electricity problem.
> To
> overcome this, I want to use readonly file system.
>  I know there are some projects like "resflash", but I want to do that
> manually.
> ...
> On startup following errors comming from /etc/rc; I think errors about
> /etc/motd are not so important, but are the errors coming from
> /etc/tty*
> can cause any problems? If my method is not correct, what is the best
> way
> to do this?

AFAIK, OpenBSD officially does not support read-only root file system.

But I have a similar problem, and I have described my solution here:

https://www.mimar.rs/blog/how-to-increase-openbsds-resilience-to-power-outages

HTH,
--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Strahil Nikolov
In reply to this post by Todd C. Miller-3
In Linux,  the kernel can force flushing the disk cache (which also can be disabled )  via fsync()  call . That feature  is called  'write barrier'. As I'm not a developer, I never read that portion of the source of openBSD , so I got no idea if similar logic can be used in openBSD.

Does  'softdep'  represents  the behaviour of 'write barriers' in Linux ?

Best Regards,
Strahil Nikolov

На 13 юни 2020 г. 19:56:18 GMT+03:00, "Todd C. Miller" <[hidden email]> написа:

>On Sat, 13 Jun 2020 12:12:05 -0400, Nick Holland wrote:
>
>> On 2020-06-11 12:07, Strahil Nikolov wrote:
>> > I always thought that 'sync' mount option  is enough  to avoid
>> > corruption of the FS. Am I just "fooling" myself  ?
>>
>> As "sync" is the default...yes, I think you are.
>
>Actually, by default only metadata is written synchronously.  The
>"sync" mount option causes data to be written synchronously too.
>Of course, the disk *itself* has a cache so even with synchronous
>writes you can't be sure the data has actually made it to the platter.
>
>So yes, I agree that sync mounts are not really enough to help here.
>You are probably correct that softdep is better for this kind of
>thing since it does a better job of keeping the filesystem in a
>consistent state, at the cost of missing data when there is an
>unclean shutdown.  In theory, the on-device cache can still cause
>issues when you lose power though.
>
> - todd

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Nick Holland
In reply to this post by Todd C. Miller-3
On 2020-06-13 12:56, Todd C. Miller wrote:

> On Sat, 13 Jun 2020 12:12:05 -0400, Nick Holland wrote:
>
>> On 2020-06-11 12:07, Strahil Nikolov wrote:
>> > I always thought that 'sync' mount option  is enough  to avoid
>> > corruption of the FS. Am I just "fooling" myself  ?
>>
>> As "sync" is the default...yes, I think you are.
>
> Actually, by default only metadata is written synchronously.  The
> "sync" mount option causes data to be written synchronously too.
> Of course, the disk *itself* has a cache so even with synchronous
> writes you can't be sure the data has actually made it to the platter.
>
> So yes, I agree that sync mounts are not really enough to help here.
> You are probably correct that softdep is better for this kind of
> thing since it does a better job of keeping the filesystem in a
> consistent state, at the cost of missing data when there is an
> unclean shutdown.  In theory, the on-device cache can still cause
> issues when you lose power though.

Thanks for the correction!  The really embarrassing thing is I even
checked the man page, but started from the incorrect assumption that
"async" and "sync" were the only two choices and read what I expected,
not what is actually on the page.

Nick.

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Mogens Jensen
In reply to this post by Vertigo Altair
Tuesday, June 9, 2020 7:59 AM, Vertigo Altair <[hidden email]> wrote:

> Hi Misc,
> I have a firewall device and I'm using OpenBSD on it.

Last year I had to configure an OpenBSD 6.5 firewall for use in a
remote location, and was concerned about power loss corrupting the
filesystem and making the system unbootable without manual
intervention. As I did not want to modify OpenBSD in unsupported ways,
I decided to test what kind of damage power loss could do, by
randomly removing and applying power to the firewall, many many times.

What I found was that 99% of the time, the system would just repair the
filesystem and boot without problems, but if by chance the power was
removed at a short time window during kernel relinking, the kernel
would become corrupt and leave the system completely unbootable and
not easy to repair. It was suggested to me that I tried to mount root
partition with the sync option, so I arranged the partition layout in a
way that would make it feasible and added the option to fstab.

Only other problem I found, was that a few times after removing power
when writing a large file, the system would require me to run fsck -y
manually, this is by design, but I decided it was more important to me
that the system could boot unattended, with a minuscule risk of
completely ruining the filesystem, so I wrote a small unsupported patch
for the rc script (sorry if the formatting gets messed up by posting):

The patch has only been tested on OpenBSD 6.5.

---
Index: src/etc/rc
===================================================================
RCS file: /cvs/src/etc/rc,v
retrieving revision 1.536
diff -u -p -u -p -r1.536 rc
--- src/etc/rc 1 Apr 2019 11:39:46 -0000 1.536
+++ src/etc/rc 20 Aug 2019 22:47:49 -0000
@@ -1,5 +1,8 @@
 # $OpenBSD: rc,v 1.536 2019/04/01 11:39:46 tedu Exp $

+# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an
+# automatic file system check fails with exit code 8.
+
 # System startup script run by init on autoboot or after single-user.
 # Output and error are redirected to console by init, and the console is the
 # controlling terminal.
@@ -271,8 +274,14 @@ do_fsck() {
  echo "Reboot failed; help!"
  exit 1
  ;;
- 8) echo "Automatic file system check failed; help!"
- exit 1
+ 8) echo "Automatic file system check failed; trying fsck -y"
+ fsck -y
+ case $? in
+ 0) ;;
+ *) echo "Could not repair file system unattended; help!"
+ exit 1
+ ;;
+ esac
  ;;
  12) echo "Boot interrupted."
  exit 1
---

After mounting root filesystem with sync option and applying the patch,
I was no longer able to make the system unbootable by power loss in my
test setup. It may be possible, but the risk is now so small that it is
not a concern for me and the risk of something else breaking is
probably bigger. During operation in remote location, the system has
always been able to completely boot after a power loss so far.

So while it was not possible for me to not make any unsupported
modifications at all, I think it is a very small change compared to
have read only filesystems. Anyone who knows OpenBSD, will be able to
manage the firewall without special instructions.


Regards,
Mogens Jensen

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Aaron Mason
On Mon, Jun 22, 2020 at 4:24 PM Mogens Jensen
<[hidden email]> wrote:

>
> Tuesday, June 9, 2020 7:59 AM, Vertigo Altair <[hidden email]> wrote:
>
> > Hi Misc,
> > I have a firewall device and I'm using OpenBSD on it.
>
> Last year I had to configure an OpenBSD 6.5 firewall for use in a
> remote location, and was concerned about power loss corrupting the
> filesystem and making the system unbootable without manual
> intervention. As I did not want to modify OpenBSD in unsupported ways,
> I decided to test what kind of damage power loss could do, by
> randomly removing and applying power to the firewall, many many times.
>
> What I found was that 99% of the time, the system would just repair the
> filesystem and boot without problems, but if by chance the power was
> removed at a short time window during kernel relinking, the kernel
> would become corrupt and leave the system completely unbootable and
> not easy to repair. It was suggested to me that I tried to mount root
> partition with the sync option, so I arranged the partition layout in a
> way that would make it feasible and added the option to fstab.
>
> Only other problem I found, was that a few times after removing power
> when writing a large file, the system would require me to run fsck -y
> manually, this is by design, but I decided it was more important to me
> that the system could boot unattended, with a minuscule risk of
> completely ruining the filesystem, so I wrote a small unsupported patch
> for the rc script (sorry if the formatting gets messed up by posting):
>
> The patch has only been tested on OpenBSD 6.5.
>
> ---
> Index: src/etc/rc
> ===================================================================
> RCS file: /cvs/src/etc/rc,v
> retrieving revision 1.536
> diff -u -p -u -p -r1.536 rc
> --- src/etc/rc  1 Apr 2019 11:39:46 -0000       1.536
> +++ src/etc/rc  20 Aug 2019 22:47:49 -0000
> @@ -1,5 +1,8 @@
>  #      $OpenBSD: rc,v 1.536 2019/04/01 11:39:46 tedu Exp $
>
> +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an
> +#      automatic file system check fails with exit code 8.
> +
>  # System startup script run by init on autoboot or after single-user.
>  # Output and error are redirected to console by init, and the console is the
>  # controlling terminal.
> @@ -271,8 +274,14 @@ do_fsck() {
>                 echo "Reboot failed; help!"
>                 exit 1
>                 ;;
> -       8)      echo "Automatic file system check failed; help!"
> -               exit 1
> +       8)      echo "Automatic file system check failed; trying fsck -y"
> +               fsck -y
> +               case $? in
> +               0)      ;;
> +               *)      echo "Could not repair file system unattended; help!"
> +                       exit 1
> +                       ;;
> +               esac
>                 ;;
>         12)     echo "Boot interrupted."
>                 exit 1
> ---
>
> After mounting root filesystem with sync option and applying the patch,
> I was no longer able to make the system unbootable by power loss in my
> test setup. It may be possible, but the risk is now so small that it is
> not a concern for me and the risk of something else breaking is
> probably bigger. During operation in remote location, the system has
> always been able to completely boot after a power loss so far.
>
> So while it was not possible for me to not make any unsupported
> modifications at all, I think it is a very small change compared to
> have read only filesystems. Anyone who knows OpenBSD, will be able to
> manage the firewall without special instructions.
>
>
> Regards,
> Mogens Jensen
>

Auto filesystem repair is bad juju.

--
Aaron Mason - Programmer, open source addict
I've taken my software vows - for beta or for worse

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Mogens Jensen
On Wednesday, June 24, 2020 10:58 PM, Aaron Mason <[hidden email]> wrote:

> Auto filesystem repair is bad juju.

Indeed, but an unbootable network appliance thousands of miles away,
is much much worse.


Regards,
Mogens Jensen



Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Stuart Henderson
In reply to this post by Aaron Mason
> On Mon, Jun 22, 2020 at 4:24 PM Mogens Jensen
><[hidden email]> wrote:
>> +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an
>> +#      automatic file system check fails with exit code 8.

I have quite a few machines patched like this.

On 2020-06-24, Aaron Mason <[hidden email]> wrote:
> Auto filesystem repair is bad juju.

Nonsense. For many, the possible downsides of automatically running
fsck -y are much less a problem than the downsides of *not* running it.

Even if there is corruption, there's still a fair chance the machine
will come up far enough to fix things.

What else is someone going to do other than OOB/drive/fly/whatever
to the machine, press enter and type "fsck -y"? They're not going to
suddenly try to backup a dirty fs where they wouldn't already have
backups. Someone who cares about the data will already have a way
to rebuild or restore from backups.


Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Vertigo Altair
Hi,

Thanks to Stuart's recommendations, I made progress but got stuck at
another point:
When i mount /dev on fstab as this:
swap /dev mfs rw,async,noatime,nosuid,-s2M,-i8,-P/dev_src 0 0
Freeradius doesn't work. Here error message:
Error opening /dev/null: Permission denied

I've changed /dev/null permissions to _freeradius even made it 777.
But nothing changed.

Any thoughts?

On Thu, 25 Jun 2020 at 12:19, Stuart Henderson <[hidden email]> wrote:

> > On Mon, Jun 22, 2020 at 4:24 PM Mogens Jensen
> ><[hidden email]> wrote:
> >> +# NOTE: The do_fsck() function has been patched to run 'fsck -y' if an
> >> +#      automatic file system check fails with exit code 8.
>
> I have quite a few machines patched like this.
>
> On 2020-06-24, Aaron Mason <[hidden email]> wrote:
> > Auto filesystem repair is bad juju.
>
> Nonsense. For many, the possible downsides of automatically running
> fsck -y are much less a problem than the downsides of *not* running it.
>
> Even if there is corruption, there's still a fair chance the machine
> will come up far enough to fix things.
>
> What else is someone going to do other than OOB/drive/fly/whatever
> to the machine, press enter and type "fsck -y"? They're not going to
> suddenly try to backup a dirty fs where they wouldn't already have
> backups. Someone who cares about the data will already have a way
> to rebuild or restore from backups.
>
>
>
Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Marko Cupać
In reply to this post by Stuart Henderson
>> On 2020-06-24, Aaron Mason <[hidden email]> wrote:
>> Auto filesystem repair is bad juju.

> On 2020-06-25 11:17, Stuart Henderson wrote:
> Nonsense. For many, the possible downsides of automatically running
> fsck -y are much less a problem than the downsides of *not* running it.

Some time ago I wrote here on misc@ about read-only setup, where I
intended to modify rc(8) in order to be able to relink kernel before
mounting filesystems read-only, and - if I remember correctly - I was
warned never to modify rc(8) directly as it's considered as part of base
system, and I should only affect it with rc.local, which I did.

Is there a way to run fsck -y automatically without modifying rc(8)? Is
modifying rc(8) now supported?

--
Before enlightenment - chop wood, draw water.
After  enlightenment - chop wood, draw water.

Marko Cupać
https://www.mimar.rs/

Reply | Threaded
Open this post in threaded view
|

Re: OpenBSD Readonly File System

Stuart Henderson
On 2020-06-26, Marko Cupać <[hidden email]> wrote:

>>> On 2020-06-24, Aaron Mason <[hidden email]> wrote:
>>> Auto filesystem repair is bad juju.
>
>> On 2020-06-25 11:17, Stuart Henderson wrote:
>> Nonsense. For many, the possible downsides of automatically running
>> fsck -y are much less a problem than the downsides of *not* running it.
>
> Some time ago I wrote here on misc@ about read-only setup, where I
> intended to modify rc(8) in order to be able to relink kernel before
> mounting filesystems read-only, and - if I remember correctly - I was
> warned never to modify rc(8) directly as it's considered as part of base
> system, and I should only affect it with rc.local, which I did.
>
> Is there a way to run fsck -y automatically without modifying rc(8)? Is
> modifying rc(8) now supported?

No, you still need to modify rc to do that, so you need to remember to
reinstate it after updating. It would be nice if that wasn't needed but
diffs to make it configurable have never been approved.


12