You need to make your target device able to survive unexpected events including file corruption, and still be able to boot and achieve at least a minimum level of function. Making the root filesystem read-only is a key part of achieving this ambition because it eliminates accidental over-writes. Making it read-only is easy: replace rw with ro on the kernel command line or use an inherently read-only filesystem such as squashfs. However, you will find that there are a few files and directories that are traditionally writable:
/etc/resolv.conf: This file is written by network configuration scripts to record the addresses of DNS name servers. The information is volatile, so you simply have to make it a symlink to a temporary directory, for example,/etc/resolv.conf -> /var/run/resolv.conf./etc/passwd: This file, along with/etc/group,/etc/shadow, and/etc/gshadow, stores user and group names and passwords. They need to be symbolically linked to an area of persistent storage in the same way asresolv.conf./var/lib: Many applications expect to be able to write to this directory and to keep permanent data here as well. One solution is to copy a base set of files to atmpfsfilesystem at boot time and then bind mount/var/libto the new location by putting a sequence of commands such as these into one of the boot scripts:mkdir -p /var/volatile/lib cp -a /var/lib/* /var/volatile/lib mount --bind /var/volatile/lib /var/lib
/var/log: This is the place where syslog and other daemons keep their logs. Generally, logging to flash memory is not desirable because of the many small write cycles it generates. A simple solution is to mount/var/logusingtmpfs, making all log messages volatile. In the case ofsyslogd, BusyBox has a version that can log to a circular ring buffer.
If you are using the Yocto Project, you can create a read-only root filesystem by adding IMAGE_FEATURES = "read-only-rootfs" to conf/local.conf or to your image recipe.
..................Content has been hidden....................
You can't read the all page of ebook, please click here login for view all page.