overlayfs

overlayfsによるリードオンリー化

参考

• http://seasky.blue/weblog/index.php?e=1860
• https://www.indetail.co.jp/blog/11421/

ルートフォルダの整理

# rm /restoresymtable
# rm /null
# mkdir /fsprotect

init.dスクリプトの追加

# vi /etc/init.d/mount-overlay
----
#!/bin/sh
  
### BEGIN INIT INFO
# Provides: mount-overlay
# Required-Start: mountall-bootclean
# Required-Stop:
# Default-Start: S
# Default-Stop:
# X-Start-Before: procps udev-mtab urandom
# Short-Description: overlay mode
# Descrition: Shutdown process will not be required
### END INIT INFO

/bin/mount /boot
cd /boot
file=nofsprotect
if [ -e ${file} ]; then
exit 0
fi
/bin/mount -t tmpfs tmpfs /fsprotect
for d in etc home root var usr opt
do
mkdir /fsprotect/${d}
mkdir /fsprotect/${d}_rw
OPTS="-o lowerdir=/${d},upperdir=/fsprotect/${d},workdir=/fsprotect/${d}_rw"
/bin/mount -t overlay ${OPTS} overlay /${d}
done
exit 0

# chmod 755 mount-overlay
# update-rc.d mount-overlay defaults 01 10

rc.localへ追加

# vi /etc/rc.local
----
(最初の方が望ましい)
# overlayfs
cd /boot
file=nofsprotect
if [ -e ${file} ]; then
mount -o rw,remount /
mount -o rw,remount /boot
fi

fstab修正

# vi /etc/fstab
----
proc            /proc           proc    defaults             0       0
/dev/mmcblk0p1  /boot           vfat    ro,defaults          0       2
/dev/mmcblk0p2  /               ext4    ro,defaults,noatime  0       1
tmpfs           /tmp            tmpfs   defaults             0       0

nofsprotectスクリプト

# vi nofsprotect
----
#!/bin/sh
mount -o rw,remount /boot
file=nofsprotect
cd /boot
if [ ! -e ${file} ]; then
  # rm ${file}
  touch ${file}
fi
if [ -e ${file} ]; then
  echo "nofsprotect mode"
else
  echo "fsprotect mode"
fi
mount -o ro,remount /boot
echo "reboot..."
sleep 5
sync; sync; sync;
reboot

# chmod a+x nofsprotect

fsprotectスクリプト

# vi fsprotect
----
#!/bin/sh
mount -o rw,remount /boot
file=nofsprotect
cd /boot
if [ -e ${file} ]; then
  rm ${file}
fi
if [ -e ${file} ]; then
  echo "nofsprotect mode"
else
  echo "fsprotect mode"
fi
mount -o ro,remount /boot
echo "reboot..."
sleep 5
sync; sync; sync;
reboot

# chmod a+x fsprotect

状況

devtmpfs       dev
proc	                proc
tmpfs		fsprotect
overlay		etc
overlay		home
overlay		opt
overlay		root
overlay		usr
overlay		var
tmpfs			run
tmpfs			tmp

RO			boot
RO			media
RO			mnt
  
RO			bin
RO			lib
RO			sys
RO			sbin
RO			man
RO			srv
RO			lost+found