[systemd-devel] [PATCH RFC] namespace: make sure ReadWriteDirectories are actually writable
Michael Olbrich
m.olbrich at pengutronix.de
Fri Dec 27 11:00:05 PST 2013
On Fri, Dec 27, 2013 at 05:52:16PM +0100, Zbigniew Jędrzejewski-Szmek wrote:
> On Fri, Dec 27, 2013 at 10:18:30AM +0100, Michael Olbrich wrote:
> > Currently adding directories to ReadWriteDirectories= only restores the
> > original mount flags. So e.g. setting ReadOnlyDirectories=/usr and
> > ReadWriteDirectories=/usr/local works as expected if the underlying file
> > system was writable. However, setting ReadWriteDirectories= has no effect
> > if the underlying file system is mounted read-only.
> > This patch changes that by explicitly remounting the bind mount.
> This doesn't feel right. This means that running any service with ReadWriteDirectories
> set would mean mounting partitions rw. That would be a significant change
> of semantics for current users. I think you should have an fstab entry
> with the rw flag. You can use noauto and it won't be mounted by default,
> and systemd should mount it automatically for you if you start the service.
That doesn't help. I need it for the rootfs. This is for embedded systems.
Most applications are not allowed to write to the rootfs. This can only be
ensured if the rootfs is mounted read-only.
If changing the semantics is not acceptable how about a new option like
ForceReadWriteDirectories= or something like that?
Regards,
Michael
--
Pengutronix e.K. | |
Industrial Linux Solutions | http://www.pengutronix.de/ |
Peiner Str. 6-8, 31137 Hildesheim, Germany | Phone: +49-5121-206917-0 |
Amtsgericht Hildesheim, HRA 2686 | Fax: +49-5121-206917-5555 |
More information about the systemd-devel
mailing list