add exposedroot option which exposes the root fs as ro

This option allows you to expose the root read only. Using this option a person could upgrade the root filesystem or add packages without requiring the user to reboot. The root filesystem could be kept on an nfs volume or some other persistent medium. Multiple clients could then be booted off the same root fs. I used LTSP as a template to determine which directories to make rw.
2007-10-23 16:56:43 -04:00 · 2007-10-23 16:56:43 -04:00 · 00aa1d0c28
parent acff181e63
commit 00aa1d0c28
7 changed files with 71 additions and 3 deletions
--- a/functions/defaults.sh
+++ b/functions/defaults.sh
@ -298,6 +298,9 @@ Set_defaults ()
 	# Setting chroot filesystem
 	LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM:-squashfs}"

+	# Setting whether to expose root filesystem as read only
+	LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT:-disabled}"
+
 	# Setting union filesystem
 	if [ -z "${LH_UNION_FILESYSTEM}" ]
 	then
--- a/helpers/lh_binary_grub
+++ b/helpers/lh_binary_grub
@ -178,6 +178,11 @@ then
 	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
 fi

+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
 LH_BOOTAPPEND_LIVE="$(echo ${LH_BOOTAPPEND_LIVE} | sed -e 's/  //')"

 # Parameters are listed at: linux/Documentation/kernel-parameters.txt
--- a/helpers/lh_binary_syslinux
+++ b/helpers/lh_binary_syslinux
@ -403,6 +403,11 @@ then
 	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
 fi

+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
 if [ "${LH_BINARY_IMAGES}" = "net" ]
 then
 	case "${LH_NET_FILESYSTEM}" in
--- a/helpers/lh_binary_yaboot
+++ b/helpers/lh_binary_yaboot
@ -186,6 +186,11 @@ then
 	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} union=${LH_UNION_FILESYSTEM}"
 fi

+if [ "${LH_EXPOSED_ROOT}" != "disabled" ]
+then
+	LH_BOOTAPPEND_LIVE="${LH_BOOTAPPEND_LIVE} exposedroot"
+fi
+
 LH_BOOTAPPEND_LIVE="$(echo ${LH_BOOTAPPEND_LIVE} | sed -e 's/  //')"

 # Parameters are listed at: linux/Documentation/kernel-parameters.txt
--- a/helpers/lh_chroot_hacks
+++ b/helpers/lh_chroot_hacks
@ -111,5 +111,44 @@ then
 	chown -R --quiet 999:999 chroot/home/${LH_USERNAME}
 fi

+if [ "${LH_EXPOSED_ROOT}" = "enabled" ]
+then
+	# Make sure RW dirs exist so that the initramfs script has
+	# a directory in which to bind the tmpfs filesystems
+	COW_DIRS='/tmp /var/tmp /var/lock /var/run /var/lib/live /var/log
+		/var/spool /home /live'
+	for DIR in ${COW_DIRS}; do
+		mkdir -p chroot${DIR}
+	done
+
+	# Config files which need to be RW
+	CONFIG_FILES='/etc/hostname /etc/hosts /etc/resolv.conf /etc/fstab
+		/etc/live.conf /etc/network/interfaces /etc/X11/xorg.conf
+		/etc/udev/rules.d/z25_persistent-net.rules
+		/etc/udev/rules.d/z25_persistent-cd.rules'
+
+	# Where we will store RW config files
+	RW_DIR='/var/lib/live'
+
+	for FILE_PATH in ${CONFIG_FILES}
+	do
+		# Touch files in case they don't yet exist
+		FILE_DIR=$(dirname ${FILE_PATH})
+		mkdir -p chroot${FILE_DIR}
+		touch chroot${FILE_PATH}
+		FILE_NAME=$(basename ${FILE_PATH})
+		mkdir -p chroot${RW_DIR}${FILE_DIR}
+		mv chroot${FILE_PATH} chroot${RW_DIR}${FILE_DIR}
+		# Create a symbolic link to RW config file
+		RELATIVE_PATH=$(echo ${FILE_DIR}|sed 's/[^\/]\+/../g; s/^\///g')
+		ln -s ${RELATIVE_PATH}${RW_DIR}${FILE_PATH} chroot${FILE_PATH}
+	done
+
+	# Mount doesn't write to a symlink so use /proc/mounts instead,
+	# see debian bug #154438 for more info
+	rm chroot/etc/mtab
+	ln -s /proc/mounts chroot/etc/mtab
+fi
+
 # Creating stage file
 Create_stagefile .stage/chroot_hacks
--- a/helpers/lh_chroot_hosts
+++ b/helpers/lh_chroot_hosts
@ -87,8 +87,9 @@ EOF
 			# Restore hosts file
 			mv chroot/etc/hosts.orig chroot/etc/hosts
 		else
-			# Remove hosts file
-			rm -f chroot/etc/hosts
+			# Blank out hosts file, don't remove in case
+			# its a symlink, as in the case of exposedroot mode
+			cat /dev/null > chroot/etc/hosts
 		fi

 		# Removing stage file
--- a/helpers/lh_config
+++ b/helpers/lh_config
@ -96,12 +96,13 @@ USAGE="${PROGRAM} [--apt apt|aptitude]\n\
 \t    [--tasks TASK]\n\
 \t    [--templates PATH]\n\
 \t    [--union-filesystem aufs|unionfs]\n\
+\t    [--exposed-root enabled|disabled]\n\
 \t    [--username NAME]\n\
 \t    [--verbose]"

 Local_arguments ()
 {
-	ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")"
+	ARGUMENTS="$(getopt --longoptions apt:,apt-ftp-proxy:,apt-http-proxy:,apt-pdiffs:,apt-pipeline:,apt-recommends:,apt-secure:,bootstrap:,cache:,cache-indices:,cache-packages:,cache-stages:,debconf-frontend:,debconf-nowarnings:,debconf-priority:,genisoimage:,initramfs:,losetup:,mode:,root-command:,tasksel:,includes:,templates:,architecture:,bootstrap-config:,bootstrap-flavour:,bootstrap-keyring:,distribution:,mirror-bootstrap:,mirror-bootstrap-security:,mirror-binary:,mirror-binary-security:,sections:,chroot-filesystem:,union-filesystem:,exposed-root:,hooks:,interactive:,keyring-packages:,language:,linux-flavours:,linux-packages:,packages:,packages-lists:,tasks:,security:,symlinks:,sysvinit:,binary-images:,binary-indices:,bootappend-install:,bootappend-live:,bootloader:,chroot-build:,debian-installer:,debian-installer-daily:,encryption:,grub-splash:,hostname:,iso-application:,iso-preparer:,iso-publisher:,iso-volume:,memtest:,net-filesystem:,net-mountoptions:,net-path:,net-server:,syslinux-splash:,syslinux-timeout:,username:,source:,source-images:,breakpoints,conffile:,debug,force,help,quiet,usage,verbose,version --name=${PROGRAM} --options a:f:d:m:l:k:p:b:e:s:c:huv --shell sh -- "${@}")"

 	if [ "${?}" != "0" ]
 	then
@ -317,6 +318,11 @@ Local_arguments ()
 				shift 2
 				;;

+			--exposed-root)
+				LH_EXPOSED_ROOT="${2}"
+				shift 2
+				;;
+
 			--hooks)
 				LH_HOOKS="${2}"
 				shift 2
@ -773,6 +779,10 @@ LH_CHROOT_FILESYSTEM="${LH_CHROOT_FILESYSTEM}"
 # (Default: ${LH_UNION_FILESYSTEM}
 LH_UNION_FILESYSTEM="${LH_UNION_FILESYSTEM}"

+# \$LH_EXPOSED_ROOT: expose root as read only
+# (Default: ${LH_EXPOSED_ROOT})
+LH_EXPOSED_ROOT="${LH_EXPOSED_ROOT}"
+
 # \$LH_HOOKS: set hook commands
 # (Default: empty)
 LH_HOOKS="${LH_HOOKS}"