overlayfsによるリードオンリー化

参考

• http://seasky.blue/weblog/index.php?e=1860
• https://www.indetail.co.jp/blog/11421/

# rm /restoresymtable
# rm /null
# mkdir /fsprotect

# cd /etc/init.d/
# vi mount-overlay

mount-overlay

#! /bin/sh
### BEGIN INIT INFO
# Provides: mount-overlay
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: overlay mode
# Descrition: Shutdown process will not be required
### END INIT INFO
 
/bin/mount /boot
cd /boot
file=nofsprotect
if [ -e ${file} ]; then
exit 0
fi
/bin/mount -t tmpfs tmpfs /fsprotect
for d in etc home root var usr opt
do
mkdir /fsprotect/${d}
mkdir /fsprotect/${d}_rw
OPTS="-o lowerdir=/${d},upperdir=/fsprotect/${d},workdir=/fsprotect/${d}_rw"
/bin/mount -t overlay ${OPTS} overlay /${d}
done
exit 0

# chmod 755 mount-overlay
# update-rc.d mount-overlay defaults 01 10
# ls /etc/rc*.d/*mount-overlay

# vi /etc/rc.local

(最初の方が望ましい)

rc.local

# overlayfs
cd /boot
file=nofsprotect
if [ -e ${file} ]; then
mount -o rw,remount /
mount -o rw,remount /boot
fi

fstab修正
# vi /etc/fstab

fstab

proc            /proc           proc    defaults             0       0
/dev/mmcblk0p1  /boot           vfat    ro,defaults          0       2
/dev/mmcblk0p2  /               ext4    ro,defaults,noatime  0       1
tmpfs           /tmp            tmpfs   defaults             0       0

nofsprotectスクリプト
# vi nofsprotect

nofsprotect

#!/bin/sh
mount -o rw,remount /boot
file=nofsprotect
cd /boot
if [ ! -e ${file} ]; then
  # rm ${file}
  touch ${file}
fi
if [ -e ${file} ]; then
  echo "nofsprotect mode"
else
  echo "fsprotect mode"
fi
mount -o ro,remount /boot
echo "reboot..."
sleep 5
sync; sync; sync;
reboot

# chmod a+x nofsprotect

fsprotectスクリプト
# vi fsprotect

fsprotect

#!/bin/sh
mount -o rw,remount /boot
file=nofsprotect
cd /boot
if [ -e ${file} ]; then
  rm ${file}
fi
if [ -e ${file} ]; then
  echo "nofsprotect mode"
else
  echo "fsprotect mode"
fi
mount -o ro,remount /boot
echo "reboot..."
sleep 5
sync; sync; sync;
reboot

# chmod a+x fsprotect

状況

  devtmpfs       dev
  proc	                proc
  tmpfs		fsprotect
  overlay		etc
  overlay		home
  overlay		opt
  overlay		root
  overlay		usr
  overlay		var
  tmpfs			run
  tmpfs			tmp
  
  RO			boot
  RO			media
  RO			mnt
    
  RO			bin
  RO			lib
  RO			sys
  RO			sbin
  RO			man
  RO			srv
  RO			lost+found