======リードオンリー化 検討======

=====Jessieでのpivot root問題=====
- ディレクトリでなければならない。 
- new_root と put_old は現在の root と同じファイルシステムにあってはならない。 
- put_old は new_root 以下になければならない。すなわち put_old を差す文字列に 1 個以上の ../ を付けることによって new_root と同じディレクトリが得られなければならない。 
- 他のファイルシステムが put_old にマウントされていてはならない。 
https://linuxjm.osdn.jp/html/LDP_man-pages/man2/pivot_root.2.html

rpiでunionfsができない場合のoverlayfs対応
http://hmm.dip.jp/weblog/index.php?e=1860

=====unionfs-fuse (再び)=====
http://lotuseater365.tumblr.com/post/97562640533/raspberry-pi-%E3%82%92-unionfs-fuse-%E3%81%A7%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%83%88%E3%81%99%E3%82%8B

＃vi unionfs-protect
<code bash unionfs-protect>
#!/bin/sh
### BEGIN INIT INFO
# Provides: a-unionfs-fuse-live-cd
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: UnionFS mode
# Descrition: Shutdown process will not be required
### END INIT INFO

FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty"
CHROOT_PATH="/tmp/unionfs"
UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768"

UBIN=/usr/bin/unionfs-fuse

cd /etc/fsprotect
file=noprotect
if [ -e ${file} ]; then
echo “filesystem protect: enable”
exit 0
fi
echo “filesystem protect: disable”
#mount -o remount,ro /dev/mmcblk0p1 /boot

#mount -t proc proc /proc
mount -t tmpfs tmpfs /tmp

mkdir -p $CHROOT_PATH/root
mkdir -p $CHROOT_PATH/rw
mkdir -p /tmp/union

mount --bind / $CHROOT_PATH/root

$UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO /tmp/union

mount -t proc proc /tmp/union/proc

cd /tmp/union
mkdir -p oldroot
pivot_root . oldroot

mount -o remount,ro -t ext4 /dev/root /oldroot
for d in dev run run/lock sys run/shm dev/pts boot
do
  mount --bind /oldroot/$d /$d
done

init q

/usr/local/sbin/a-unionfs-fuse-omit-pid.sh
exit 0
</code>

●参考URL - - - - - - - - - - - - - - - - - - - - -
http://lotuseater365.tumblr.com/post/97562640533/raspberry-pi-%E3%82%92-unionfs-fuse-%E3%81%A7%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%83%88%E3%81%99%E3%82%8B
http://typematic.blog.shinobi.jp/%E8%BB%8A/%E3%83%A9%E3%82%BA%E3%83%91%E3%82%A4%E3%81%AEjessie%E5%8C%96
http://hanposaki.blog.so-net.ne.jp/2013-01-08
http://www.ikko.k.hosei.ac.jp/robot/unionfs4BBB.pdf
http://manpages.ubuntu.com/manpages/trusty/man8/unionfs-fuse.8.html


=====overlayfs化=====
rpiでunionfsができない場合のoverlayfs対応
http://hmm.dip.jp/weblog/index.php?e=1860

# vi /etc/init.d/mount-overlay
<code bash mount-overlay>
#!/bin/sh

### BEGIN INIT INFO
# Provides: mount-overlay
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: overlay mode
# Descrition: Shutdown process will not be required
### END INIT INFO

cd /etc/overlay-protect
file=noprotect
if [ -e ${file} ]; then
echo "mount-overlay: disable (no protect)"
exit 0
fi
echo "mount-overlay: enable (protect)"

/bin/mount -t tmpfs tmpfs /fsprotect

# bin boot dev etc home lib lib64 lost+found media mnt net opt proc root run sbin srv sys tmp usr var
# bin boot etc home lib lib64 opt root sbin srv usr
# dev lost+found proc run tmp var sys
# media mnt net

# for d in etc home root var usr
for d in bin boot etc home lib lib64 opt root sbin srv usr
do
mkdir /fsprotect/${d}
mkdir /fsprotect/${d}_rw

OPTS="-o lowerdir=/${d},upperdir=/fsprotect/${d},workdir=/fsprotect/${d}_rw"
/bin/mount -t overlay ${OPTS} overlay /${d}
done

exit 0
</code>

=====union-fs化=====
(install)
# apt-get install unionfs-fuse

(ファイルコピー)
# cd /usr/share/doc/unionfs-fuse/examples
# cp S01a-unionfs-fuse-live-cd.sh /etc/init.d/unionfs-fuse-live-cd
# cp rc.local.omit-pid.sh /etc/init.d/unionfs-fuse-omit-pid
# /etc/init.d
# update-rc.d unionfs-fuse-live-cd defaults

# vi /etc/init.d/unionfs-fuse-live-cd
<code bash unionfs-fuse-live-cd>
#!/bin/sh
### BEGIN INIT INFO
# Provides: a-unionfs-fuse-live-cd
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: UnionFS mode
# Descrition: Shutdown process will not be required
### END INIT INFO

# Copyright: Bernd Schubert <bernd.schubert@fastmail.fm>
# BSD license, see LICENSE file for details

FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty"
CHROOT_PATH="/tmp/unionfs"
UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768"

UBIN=/usr/bin/unionfs-fuse

cd /etc/unionfs
file=noprotect
if [ -e ${file} ]; then
    echo "${file} exists"
    exit 0
fi
echo "unionfs-protect"

mount -t proc proc /proc
mount -t tmpfs tmpfs /tmp

mkdir -p $CHROOT_PATH/root
mkdir -p $CHROOT_PATH/rw
mkdir -p /tmp/union

mount --bind / $CHROOT_PATH/root

$UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO /tmp/union

mount -t proc proc /tmp/union/proc

cd /tmp/union
mkdir oldroot
pivot_root . oldroot

mount -o remount,ro /dev/vda /oldroot
for d in dev run run/lock sys run/shm dev/pts boot
do
  mount --bind /oldroot/$d /$d
done

init q

/usr/local/sbin/unionfs-fuse-omit-pid
exit 0
</code>

===== メモ =====
・chroot環境をJessie上に構築する
  http://niwatolli3.hatenablog.jp/entry/2015/07/07/223404
・debian-wheezy-arm-2010822c これでうまくいってそう
http://lotuseater365.tumblr.com/post/97562640533/raspberry-pi-%E3%82%92-unionfs-fuse-%E3%81%A7%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%83%88%E3%81%99%E3%82%8B

=====unionfsテスト=====
# touch /etc/init.d/protect-fs
# update-rc.d protect-fs defaults  (登録)
# vi protect-fs

<code sh protect-fs>
#!/bin/sh

### BEGIN INIT INFO
# Provides: protect-fs
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: UnionFS mode
# Descrition: Shutdown process will not be required
### END INIT INFO

# Copyright: Bernd Schubert <bernd.schubert@fastmail.fm>
# BSD license, see LICENSE file for details

FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty"
CHROOT_PATH="/tmp/unionfs"
UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768"

UBIN=/usr/bin/unionfs-fuse

cd /etc/protect-fs
file=noprotect
if [ -e ${file} ]; then
echo "protect-fs: disable"
exit 0
fi
echo "protect-fs: enable"

#mount -o remount,ro /dev/mmcblk0p1 /boot

#mount -t proc proc /proc
mount -t tmpfs tmpfs /tmp

mkdir -p $CHROOT_PATH/root
mkdir -p $CHROOT_PATH/rw
mkdir -p /tmp/union

mount --bind / $CHROOT_PATH/root

$UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO /tmp/union

mount -t proc proc /tmp/union/proc

cd /tmp/union
mkdir -p oldroot
pivot_root . oldroot

# exit 0

mount  -r -t ext4 -o remount /dev/root /oldroot
#for d in dev run run/lock sys run/shm dev/pts boot
for d in dev run run/lock sys run/shm dev/pts
do
  mount --bind /oldroot/$d /$d
done

init q

#/usr/local/sbin/a-unionfs-fuse-omit-pid.sh
exit 0
</code>