Subject: Re: Read-only root filesystem
To: =?ISO-8859-1?Q?Mikael_Nystr=F6m?= <email@example.com>
From: matthew sporleder <firstname.lastname@example.org>
Date: 05/20/2007 08:00:56
On 5/20/07, Mikael Nystr=F6m <email@example.com> wrote:
> I have a question about how to use a read only root filesystem. I'm
> currently working on a setup that is going to use a read-only root
> filesystem and kern.securelevel set to 2. I tried booting once with
> this setup and realized that I need to mount everything before I set
> securelevel to 2 (not in rc.conf in other words).
> I have other partitions that are mounted read-write so every file
> that needs to be updated regulary resides on these partitions
> (actually softlinks for motd/resolv.conf etc), but how about /dev?
> Don't I need it to be read-write? I guess it's not so smart to make
> it a separate partition since it will probably break stuff while
> booting ...
> Is there a good document to read about necessary steps for a read
> only root filesystem?
There are some hints on tech-embed for this sort of thing. Although
they are mostly for a different purpose and will recommend using
Maybe you could use veriexec and protect all the files except those
that need to get written regularly.