=====リードオンリー化(2)=====
overlayfsによるリードオンリー化
参考
*http://seasky.blue/weblog/index.php?e=1860
*https://www.indetail.co.jp/blog/11421/
====ルートフォルダの整理====
# rm /restoresymtable
# rm /null
# mkdir /fsprotect
====init.dスクリプトの追加====
# cd /etc/init.d/
# vi mount-overlay
#! /bin/sh
### BEGIN INIT INFO
# Provides: mount-overlay
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: overlay mode
# Descrition: Shutdown process will not be required
### END INIT INFO
/bin/mount /boot
cd /boot
file=nofsprotect
if [ -e ${file} ]; then
exit 0
fi
/bin/mount -t tmpfs tmpfs /fsprotect
for d in etc home root var usr opt
do
mkdir /fsprotect/${d}
mkdir /fsprotect/${d}_rw
OPTS="-o lowerdir=/${d},upperdir=/fsprotect/${d},workdir=/fsprotect/${d}_rw"
/bin/mount -t overlay ${OPTS} overlay /${d}
done
exit 0
# chmod 755 mount-overlay
# update-rc.d mount-overlay defaults 01 10
# ls /etc/rc*.d/*mount-overlay
====rc.localへ追加====
# vi /etc/rc.local
(最初の方が望ましい)
# overlayfs
cd /boot
file=nofsprotect
if [ -e ${file} ]; then
mount -o rw,remount /
mount -o rw,remount /boot
fi
fstab修正
# vi /etc/fstab
proc /proc proc defaults 0 0
/dev/mmcblk0p1 /boot vfat ro,defaults 0 2
/dev/mmcblk0p2 / ext4 ro,defaults,noatime 0 1
tmpfs /tmp tmpfs defaults 0 0
nofsprotectスクリプト
# vi nofsprotect
#!/bin/sh
mount -o rw,remount /boot
file=nofsprotect
cd /boot
if [ ! -e ${file} ]; then
# rm ${file}
touch ${file}
fi
if [ -e ${file} ]; then
echo "nofsprotect mode"
else
echo "fsprotect mode"
fi
mount -o ro,remount /boot
echo "reboot..."
sleep 5
sync; sync; sync;
reboot
# chmod a+x nofsprotect
fsprotectスクリプト
# vi fsprotect
#!/bin/sh
mount -o rw,remount /boot
file=nofsprotect
cd /boot
if [ -e ${file} ]; then
rm ${file}
fi
if [ -e ${file} ]; then
echo "nofsprotect mode"
else
echo "fsprotect mode"
fi
mount -o ro,remount /boot
echo "reboot..."
sleep 5
sync; sync; sync;
reboot
# chmod a+x fsprotect
状況
devtmpfs dev
proc proc
tmpfs fsprotect
overlay etc
overlay home
overlay opt
overlay root
overlay usr
overlay var
tmpfs run
tmpfs tmp
RO boot
RO media
RO mnt
RO bin
RO lib
RO sys
RO sbin
RO man
RO srv
RO lost+found