Re: /var on tmpfs

[David Young <dyoung%pobox.com@localhost>]

On Thu, Nov 15, 2018 at 10:28:56PM -0700, Don NetBSD wrote:
> I've a box with a DoM.  I'd like to mount / as ro and create a
> tmpfs for /var (and /tmp).  I don't think anything else NEEDS to
> be rw (the infrequent changes to /etc can be made by unlocking /
> to make those changes).
> 
> I imagine I can just make a tarball of a skeletal /var and
> unpack this over /var, once mounted?
> 
> Is there a preexisting mechanism for this sort of thing?
> Or, do I roll my own?

I have done this before.

I added an rc script for copying filesystems on non-volatile (NV)
storage to memory filesystems and then null-mount the memory
filesystems on top of the NV directories.  See attachment.

I added a line to /etc/fstab,

	swap /mfs tmpfs rw,-s8M 0 0

I modified my rc.conf to 1) indicate that /etc, /var, temporary and
home directories should be on (ephemeral!) memory filesystems, and 2)
ensure that the prerequisite filesystems (/usr) were mounted before
mountcritmem ran.

        # When /usr is on a different filesystem than /, I mount it
        # before the memory filesystems so that pax can run programs
        # from it.
        #
        critical_filesystems_beforemem="/usr"

        # Do not mount /var, it's a memory fs. Superfluous, since NetBSD
        # will not mount /var a second time, anyway.
        #
        # critical_filesystems_local=""

        # Don't mount /usr, it comes with / on the CD-ROM.
        #
        critical_filesystems_remote=""

        # Don't mount /usr, it comes with / on the CD-ROM.
        #
        critical_filesystems_memory="/etc /home /root /tmp /var"

If this works for you, too, maybe mountcritmem should go into the base
system.

Dave

-- 
David Young
dyoung%pobox.com@localhost    Urbana, IL    (217) 721-9981

#!/bin/sh
#
# $NetBSD$
# $Id: mountcritmem 4133 2006-08-26 06:10:29Z dyoung $
#

# PROVIDE: mountcritmem
# REQUIRE: root
# BEFORE: mountcritlocal

$_rc_subr_loaded . /etc/rc.subr

name="mountcritmem"
required_dirs="/mfs /permanent $critical_filesystems_memory"

for _d in $critical_filesystems_memory; do
	d=${_d#/}
	required_dirs="$required_dirs /permanent/$d"
done

start_cmd="mountcritmem_start"
stop_cmd="mountcritmem_stop"

#
# Example /etc/fstab
#
# /dev/wd0a / ffs ro 0 0
# swap /mfs mfs rw,-s=10880k,-i=256 0 0

abort_mountcritmem()
{
	if [ "$autoboot" = yes ]; then
		echo "ERROR: ABORTING BOOT (sending SIGTERM to parent)!"
		kill -TERM $$
		exit 1
	fi
}

mountcritmem_start()
{
	if [ "${critical_filesystems_memory:-}" = "" ]; then
		return 0
	fi

	echo "Mounting critical memory filesystems"
	_fs_list=
	for _d in $critical_filesystems_memory; do
		d=${_d#/}
		_fs_list="$_fs_list $d"
	done
	for d in $_fs_list; do
		if [ ! -d /permanent/$d ]; then
			echo "ERROR: missing /permanent/$d"
			abort_mountcritmem
			return 1
		fi
	done

	for d in $_fs_list; do
		if ! mount /mfs; then
			echo "ERROR: cannot mount /mfs"
			abort_mountcritmem
			return 1
		fi
		break
	done

	for d in $_fs_list; do
		if ! mkdir /mfs/$d; then
			echo "ERROR: cannot mkdir /mfs/$d"
			abort_mountcritmem
			return 1
		fi
	done

	for d in $_fs_list; do
		if ! mount -t null /$d /permanent/$d; then
			echo "ERROR: cannot mount /permanent/$d"
			abort_mountcritmem
			return 1
		fi
	done

	for d in $_fs_list; do
		cd /permanent/$d
		if ! mount -t null /mfs/$d /$d; then
			echo "ERROR: cannot mount /mfs/$d"
			abort_mountcritmem
			return 1
		fi
		if ! pax -pe -rw . /$d ; then
			echo "ERROR: cannot populate /mfs/$d"
			abort_mountcritmem
			return 1
		fi
		cd -
	done
}

mountcritmem_stop()
{
	if [ "${critical_filesystems_memory:-}" = "" ]; then
		return 0
	fi

	_rev_fs_list=
	for _d in $critical_filesystems_memory; do
		d=${_d#/}
		_rev_fs_list="$d $_rev_fs_list"
	done
	for d in $_rev_fs_list; do
		umount /mfs/$d
		umount /permanent/$d
	done
	for d in $_rev_fs_list; do
		umount /mfs
		break
	done
}

load_rc_config $name
run_rc_command "$1"