リードオンリー化 検討
Jessieでのpivot root問題
- ディレクトリでなければならない。
- new_root と put_old は現在の root と同じファイルシステムにあってはならない。
- put_old は new_root 以下になければならない。すなわち put_old を差す文字列に 1 個以上の ../ を付けることによって new_root と同じディレクトリが得られなければならない。
- 他のファイルシステムが put_old にマウントされていてはならない。
https://linuxjm.osdn.jp/html/LDP_man-pages/man2/pivot_root.2.html
rpiでunionfsができない場合のoverlayfs対応
http://hmm.dip.jp/weblog/index.php?e=1860
unionfs-fuse (再び)
#vi unionfs-protect
- unionfs-protect
#!/bin/sh ### BEGIN INIT INFO # Provides: a-unionfs-fuse-live-cd # Required-Start: mountall-bootclean # Required-Stop: # Default-Start: S # Default-Stop: # X-Start-Before: procps udev-mtab urandom # Short-Description: UnionFS mode # Descrition: Shutdown process will not be required ### END INIT INFO FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty" CHROOT_PATH="/tmp/unionfs" UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768" UBIN=/usr/bin/unionfs-fuse cd /etc/fsprotect file=noprotect if [ -e ${file} ]; then echo “filesystem protect: enable” exit 0 fi echo “filesystem protect: disable” #mount -o remount,ro /dev/mmcblk0p1 /boot #mount -t proc proc /proc mount -t tmpfs tmpfs /tmp mkdir -p $CHROOT_PATH/root mkdir -p $CHROOT_PATH/rw mkdir -p /tmp/union mount --bind / $CHROOT_PATH/root $UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO /tmp/union mount -t proc proc /tmp/union/proc cd /tmp/union mkdir -p oldroot pivot_root . oldroot mount -o remount,ro -t ext4 /dev/root /oldroot for d in dev run run/lock sys run/shm dev/pts boot do mount --bind /oldroot/$d /$d done init q /usr/local/sbin/a-unionfs-fuse-omit-pid.sh exit 0
●参考URL - - - - - - - - - - - - - - - - - - - - -
http://lotuseater365.tumblr.com/post/97562640533/raspberry-pi-%E3%82%92-unionfs-fuse-%E3%81%A7%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%83%88%E3%81%99%E3%82%8B
http://typematic.blog.shinobi.jp/%E8%BB%8A/%E3%83%A9%E3%82%BA%E3%83%91%E3%82%A4%E3%81%AEjessie%E5%8C%96
http://hanposaki.blog.so-net.ne.jp/2013-01-08
http://www.ikko.k.hosei.ac.jp/robot/unionfs4BBB.pdf
http://manpages.ubuntu.com/manpages/trusty/man8/unionfs-fuse.8.html
overlayfs化
rpiでunionfsができない場合のoverlayfs対応
http://hmm.dip.jp/weblog/index.php?e=1860
# vi /etc/init.d/mount-overlay
- mount-overlay
#!/bin/sh ### BEGIN INIT INFO # Provides: mount-overlay # Required-Start: mountall-bootclean # Required-Stop: # Default-Start: S # Default-Stop: # X-Start-Before: procps udev-mtab urandom # Short-Description: overlay mode # Descrition: Shutdown process will not be required ### END INIT INFO cd /etc/overlay-protect file=noprotect if [ -e ${file} ]; then echo "mount-overlay: disable (no protect)" exit 0 fi echo "mount-overlay: enable (protect)" /bin/mount -t tmpfs tmpfs /fsprotect # bin boot dev etc home lib lib64 lost+found media mnt net opt proc root run sbin srv sys tmp usr var # bin boot etc home lib lib64 opt root sbin srv usr # dev lost+found proc run tmp var sys # media mnt net # for d in etc home root var usr for d in bin boot etc home lib lib64 opt root sbin srv usr do mkdir /fsprotect/${d} mkdir /fsprotect/${d}_rw OPTS="-o lowerdir=/${d},upperdir=/fsprotect/${d},workdir=/fsprotect/${d}_rw" /bin/mount -t overlay ${OPTS} overlay /${d} done exit 0
union-fs化
(install)
# apt-get install unionfs-fuse
(ファイルコピー)
# cd /usr/share/doc/unionfs-fuse/examples
# cp S01a-unionfs-fuse-live-cd.sh /etc/init.d/unionfs-fuse-live-cd
# cp rc.local.omit-pid.sh /etc/init.d/unionfs-fuse-omit-pid
# /etc/init.d
# update-rc.d unionfs-fuse-live-cd defaults
# vi /etc/init.d/unionfs-fuse-live-cd
- unionfs-fuse-live-cd
#!/bin/sh ### BEGIN INIT INFO # Provides: a-unionfs-fuse-live-cd # Required-Start: mountall-bootclean # Required-Stop: # Default-Start: S # Default-Stop: # X-Start-Before: procps udev-mtab urandom # Short-Description: UnionFS mode # Descrition: Shutdown process will not be required ### END INIT INFO # Copyright: Bernd Schubert <bernd.schubert@fastmail.fm> # BSD license, see LICENSE file for details FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty" CHROOT_PATH="/tmp/unionfs" UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768" UBIN=/usr/bin/unionfs-fuse cd /etc/unionfs file=noprotect if [ -e ${file} ]; then echo "${file} exists" exit 0 fi echo "unionfs-protect" mount -t proc proc /proc mount -t tmpfs tmpfs /tmp mkdir -p $CHROOT_PATH/root mkdir -p $CHROOT_PATH/rw mkdir -p /tmp/union mount --bind / $CHROOT_PATH/root $UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO /tmp/union mount -t proc proc /tmp/union/proc cd /tmp/union mkdir oldroot pivot_root . oldroot mount -o remount,ro /dev/vda /oldroot for d in dev run run/lock sys run/shm dev/pts boot do mount --bind /oldroot/$d /$d done init q /usr/local/sbin/unionfs-fuse-omit-pid exit 0
メモ
・chroot環境をJessie上に構築する
http://niwatolli3.hatenablog.jp/entry/2015/07/07/223404
・debian-wheezy-arm-2010822c これでうまくいってそう
http://lotuseater365.tumblr.com/post/97562640533/raspberry-pi-%E3%82%92-unionfs-fuse-%E3%81%A7%E3%83%97%E3%83%AD%E3%83%86%E3%82%AF%E3%83%88%E3%81%99%E3%82%8B
unionfsテスト
# touch /etc/init.d/protect-fs
# update-rc.d protect-fs defaults (登録)
# vi protect-fs
- protect-fs
#!/bin/sh ### BEGIN INIT INFO # Provides: protect-fs # Required-Start: mountall-bootclean # Required-Stop: # Default-Start: S # Default-Stop: # X-Start-Before: procps udev-mtab urandom # Short-Description: UnionFS mode # Descrition: Shutdown process will not be required ### END INIT INFO # Copyright: Bernd Schubert <bernd.schubert@fastmail.fm> # BSD license, see LICENSE file for details FUSE_OPT="-o allow_other,use_ino,suid,dev,nonempty" CHROOT_PATH="/tmp/unionfs" UNION_OPT="-ocow,chroot=$CHROOT_PATH,max_files=32768" UBIN=/usr/bin/unionfs-fuse cd /etc/protect-fs file=noprotect if [ -e ${file} ]; then echo "protect-fs: disable" exit 0 fi echo "protect-fs: enable" #mount -o remount,ro /dev/mmcblk0p1 /boot #mount -t proc proc /proc mount -t tmpfs tmpfs /tmp mkdir -p $CHROOT_PATH/root mkdir -p $CHROOT_PATH/rw mkdir -p /tmp/union mount --bind / $CHROOT_PATH/root $UBIN $FUSE_OPT $UNION_OPT /rw=RW:/root=RO /tmp/union mount -t proc proc /tmp/union/proc cd /tmp/union mkdir -p oldroot pivot_root . oldroot # exit 0 mount -r -t ext4 -o remount /dev/root /oldroot #for d in dev run run/lock sys run/shm dev/pts boot for d in dev run run/lock sys run/shm dev/pts do mount --bind /oldroot/$d /$d done init q #/usr/local/sbin/a-unionfs-fuse-omit-pid.sh exit 0
