Remounted "/" ro -- and now?

[HermannSW]

Hi,

I read about long running Pi problems with SD cards, about running Raspbian from ram, about readonly root filesystem.

At the end of this thread I found the command for remounting readonly, and the comment that all services need to be stopped.

I did exactly that and was able to remount Raspbian "/" filesystem on my Pi zero readonly:

Code: Select all

...
pi@raspberrypi01:~ $ mount | grep "on / "
/dev/mmcblk0p7 on / type ext4 (ro,noatime,data=ordered)
pi@raspberrypi01:~ $ 

Find below the exact steps I did. I have no idea why I had to stop the services with names starting with "d" in that order, but it works. I suspect that such a readonly Raspbian system is not a healthy thing. But even after minutes it seems responsive. Of course with no service running another "ssh" into the Pi Zero got refused. But after "sudo service ssh start" in active ssh session I did all the commands below in I can ssh into the Pi Zero without any issue. So what are possible issues with running a Raspbian this way with readonly root filesystem?

Even unmounting the two other "rw" filesystems seems not to hurt ...

Code: Select all

pi@raspberrypi01:~ $ mount | grep "^/dev"
/dev/mmcblk0p7 on / type ext4 (ro,noatime,data=ordered)
/dev/mmcblk0p6 on /boot type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)
/dev/mmcblk0p5 on /media/pi/SETTINGS1 type ext4 (rw,nosuid,nodev,relatime,data=ordered,uhelper=udisks2)
pi@raspberrypi01:~ $ sudo umount /boot
pi@raspberrypi01:~ $ sudo umount /media/pi/SETTINGS1 
pi@raspberrypi01:~ $ mount | grep "^/dev"
/dev/mmcblk0p7 on / type ext4 (ro,noatime,data=ordered)
pi@raspberrypi01:~ $ 

Hermann.

[HermannSW]

Forum did not like this code section as part of above posting, trying as separate posting now:

Code: Select all

$ ssh pi@10.42.43.11
pi@10.42.43.11's password: 

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
Last login: Thu Aug  4 10:59:08 2016
pi@raspberrypi01:~ $ sudo swapoff -a
pi@raspberrypi01:~ $ for s in `service --status-all | grep + | cut -b9- | grep -v "^d"`; do echo $s; sudo service $s stop; done
avahi-daemon
bluetooth
console-setup
cron
fake-hwclock
hdparm
kbd
keyboard-setup
kmod
lightdm
networking
Warning: Unit file of networking.service changed on disk, 'systemctl daemon-reload' recommended.
ntp
procps
raspi-config
rc.local
Warning: Unit file of rc.local.service changed on disk, 'systemctl daemon-reload' recommended.
rsyslog
ssh
triggerhappy
udev
Warning: Stopping udev.service, but it can still be activated by:
  systemd-udevd-control.socket
  systemd-udevd-kernel.socket
udev-finish
urandom
pi@raspberrypi01:~ $ service --status-all | grep +
 [ + ]  dbus
 [ + ]  dhcpcd
 [ + ]  dphys-swapfile
pi@raspberrypi01:~ $ sudo service dphys-swapfile stop
pi@raspberrypi01:~ $ sudo service dbus stop
pi@raspberrypi01:~ $ service --status-all | grep +
pi@raspberrypi01:~ $ mount | grep "on / "
/dev/mmcblk0p7 on / type ext4 (rw,noatime,data=ordered)
pi@raspberrypi01:~ $ sudo mount -no remount,ro /dev/mmcblk0p7
pi@raspberrypi01:~ $ 
pi@raspberrypi01:~ $ mount | grep "on / "
/dev/mmcblk0p7 on / type ext4 (ro,noatime,data=ordered)
pi@raspberrypi01:~ $ 

[ejolson]

So what are possible issues with running a Raspbian this way with readonly root filesystem?

You seem in a better position than most to answer what the issues are. Those deamons must write to log files and need to be stopped to avoid errors when remounting read only. If they are not explicitly stopped systemd or something will probably restart them over and over when they crash.

A lot of programs communicate through the log, tmp, run and user home subdirectories. One possible approach is to mount users' home directories from nfs and a writable overlayfs, unionfs or aufs on top of root so root becomes writable again. On Intel machines with sufficient memory, it is usually sufficient for casual use to use a RAM filesystem; on the Pi it might be better to have the writable filesystem on a separate USB stick. Before shutting down there are three choices for the USB stick: leave it alone, reformat it or move the changed files back to the sdcard. Which you do depends on whether the changes made to the root filesystem should be preserved or not.

[HermannSW]

I did remount root readonly intentionally, and have not seen any harm in doing so. Which service do I need to start that might do harm to Pi Zero in this special all readonly mode? Which other command or program? Or does failure to log under /var go unnoticed and system can run stable?
Hermann.

[ejolson]

I did remount root readonly intentionally, and have not seen any harm in doing so. Which service do I need to start that might do harm to Pi Zero in this special all readonly mode? Which other command or program? Or does failure to log under /var go unnoticed and system can run stable?
Hermann.

The Linux kernel will be fine with a read only root filesystem and so should most init processes. Note that I have no experience with the systemd init process in Jessie and it is possible it may do something astonishing after some time if /etc and /var are read only.

Now, if the kernel and the init process are both okay, it is reasonable to claim that the system has not crashed. On the otherhand, this kind of not crashing doesn't mean you can get any work done using a specific application.

[Heater]

See here for hints and tips re: read only root:

https://wiki.debian.org/ReadonlyRoot
http://chschneider.eu/linux/thin_client/

[ejolson]

See here for hints and tips re: read only root:

https://wiki.debian.org/ReadonlyRoot
http://chschneider.eu/linux/thin_client/

These references indicate that Debian-based Linux distributions such as Raspbian were designed to store information about the current state in /etc and /var subdirectories and won't work properly otherwise. However, whether various services gracefully stop working when these subdirectories are read only
or whether the whole system crashes not clear from these links. I would strongly recommend using either overlayfs, unionfs or aufs instead of manually adding links from /etc to /var. This is the strategy taken with allmost all live CD's and much less likely to break things. Another thought would be to give up on Raspbian and use something like openWRT which was designed to run read only.

[Heater]

All very true.

The point of my links, especially the first, is that they discuss which programs need taking care of because they need to write to somewhere. And some hints as to what to do for them.

OpenWRT is a wonderful thing, as are many other approaches. But Raspbian is what we all know and love and gets the best support on the Pi, so why not try and get that working read only?

That of course may well mean making use of file systems designed to help with such situations for some or all of the system.