I just had a quick look at mountall and can't find any easy way to mount everything read only. So bypassing mountall at this point means having only the root filesystem mounted in read-only mode, which should work in most cases when people stick to default partitioning.
It'll lead to a non working rescue environment for people who have split their /usr or /var to another partition though.
A quick look at the current scripts gives me that list:
- apt-snapshots (not exactly sure what it needs)
- clean (requires at least write access to /var)
- dpkg (requires write access to everything)
- failsafeX (probably requires everything to be mounted, it's calling gdm directly and won't work with lightdm)
- fsck (requires write access to / as it's just touching /forcefsck)
- grub (requires write access to /boot)
- netroot (requires write access to /var/lib/dhcp/ for the dhclient lease file)
- root (safe to run in read-only mode)
So to avoid introducing another script prompting the user about either getting an early root shell or starting to mount everything read/write and start friendly-recovery, I think we have two ways of doing it:
1)
- Add a flag to mountall to force it to mount everything read-only and another to remount everything as read/write.
- We could then have mountall's init script check if we are in a rescue environment, if that's the case, mount all local storage read-only and ignore any network storage.
- Then modify all existing friendly-recovery scripts to ask mountall to remount everything read/write and write a new one for a "read-only root shell" that'd only show up if none of the others have been called yet.
- Exiting friendly-recovery should also trigger a remount of everything in read/write so the system can boot properly.
2)
- Move all of friendly-recovery out of /usr
- Modify mountall's script not to do anything when in recovery mode unless a specific environment variable is set
- Then modify all existing friendly-recovery scripts to call mountall to mount everything read/write and write a new one for a "read-only root shell" that'd only show up if none of the others have been called yet.
- Exiting friendly-recovery should also trigger mountall in case none of the other scripts did it already.
So far I only had a quick look at mntctl and mountall itself and I couldn't find any flag to force it to mount everything read-only.
I just had a quick look at mountall and can't find any easy way to mount everything read only. So bypassing mountall at this point means having only the root filesystem mounted in read-only mode, which should work in most cases when people stick to default partitioning.
It'll lead to a non working rescue environment for people who have split their /usr or /var to another partition though.
A quick look at the current scripts gives me that list:
- apt-snapshots (not exactly sure what it needs)
- clean (requires at least write access to /var)
- dpkg (requires write access to everything)
- failsafeX (probably requires everything to be mounted, it's calling gdm directly and won't work with lightdm)
- fsck (requires write access to / as it's just touching /forcefsck)
- grub (requires write access to /boot)
- netroot (requires write access to /var/lib/dhcp/ for the dhclient lease file)
- root (safe to run in read-only mode)
So to avoid introducing another script prompting the user about either getting an early root shell or starting to mount everything read/write and start friendly-recovery, I think we have two ways of doing it:
1)
- Add a flag to mountall to force it to mount everything read-only and another to remount everything as read/write.
- We could then have mountall's init script check if we are in a rescue environment, if that's the case, mount all local storage read-only and ignore any network storage.
- Then modify all existing friendly-recovery scripts to ask mountall to remount everything read/write and write a new one for a "read-only root shell" that'd only show up if none of the others have been called yet.
- Exiting friendly-recovery should also trigger a remount of everything in read/write so the system can boot properly.
2)
- Move all of friendly-recovery out of /usr
- Modify mountall's script not to do anything when in recovery mode unless a specific environment variable is set
- Then modify all existing friendly-recovery scripts to call mountall to mount everything read/write and write a new one for a "read-only root shell" that'd only show up if none of the others have been called yet.
- Exiting friendly-recovery should also trigger mountall in case none of the other scripts did it already.
So far I only had a quick look at mntctl and mountall itself and I couldn't find any flag to force it to mount everything read-only.