diff options
| author | Claudius Heine <ch@denx.de> | 2016-11-23 09:45:27 +0100 |
|---|---|---|
| committer | Claudius Heine <ch@denx.de> | 2016-11-23 09:45:27 +0100 |
| commit | 139fd5320d48998e2c06141dd6105a6cd2eaea0e (patch) | |
| tree | 253503d7a8342b5baa133adc62638f7922f306e9 | |
| parent | 4140a324c3b505f309f01f67a83285ddec1f62e4 (diff) | |
| download | meta-readonly-rootfs-overlay-139fd5320d48998e2c06141dd6105a6cd2eaea0e.tar.gz | |
fixed README.md
| -rw-r--r-- | README.md | 48 |
1 files changed, 30 insertions, 18 deletions
| @@ -1,15 +1,15 @@ | |||
| 1 | # meta-readonly-rootfs-overlay | 1 | # meta-readonly-rootfs-overlay |
| 2 | 2 | ||
| 3 | This yocto layer provides the necessary scripts and configurations to setup a | 3 | This yocto layer provides the necessary scripts and configurations to setup a |
| 4 | writable root file system overlay on top of a read-only root filesystem. | 4 | writable root file system overlay on top of a read-only root file system. |
| 5 | 5 | ||
| 6 | ## Why does this exists? | 6 | ## Why does this exists? |
| 7 | 7 | ||
| 8 | Having a read-only root file system is useful for many scenarios: | 8 | Having a read-only root file system is useful for many scenarios: |
| 9 | 9 | ||
| 10 | - Have a unmodifiable factory root file system | 10 | - Separate user specific changes from system configuration, and being able to |
| 11 | - Seperate user specific changes from system configuration | 11 | find differences |
| 12 | - Allow factory reset, by deleting the user specfic changes | 12 | - Allow factory reset, by deleting the user specific changes |
| 13 | - Have a fallback image in case the user specific changes made the root file | 13 | - Have a fallback image in case the user specific changes made the root file |
| 14 | system no longer bootable. | 14 | system no longer bootable. |
| 15 | 15 | ||
| @@ -25,12 +25,15 @@ changed data to another writable partition. | |||
| 25 | 25 | ||
| 26 | To implement the first solution, the developer needs to analyse which file | 26 | To implement the first solution, the developer needs to analyse which file |
| 27 | needs to change and then create symlinks for them. When doing factory reset, | 27 | needs to change and then create symlinks for them. When doing factory reset, |
| 28 | the developer "empties" every file that is linked, to avoid dangling | 28 | the developer needs to overwrite every file that is linked with the factory |
| 29 | symlinks/binds. While this is more work on the developer side, it might | 29 | configuration, to avoid dangling symlinks/binds. While this is more work on the |
| 30 | increase the security, because only files that are symlinked/bind-mounted can | 30 | developer side, it might increase the security, because only files that are |
| 31 | be changed. | 31 | symlinked/bind-mounted can be changed. However, IMO that is better left to file |
| 32 | permissions. | ||
| 32 | 33 | ||
| 33 | This meta-layer provides the second solution. | 34 | This meta-layer provides the second solution. Here no investigation of writable |
| 35 | files are needed and factory reset can be done by just deleting all files or | ||
| 36 | formatting the writable volume. | ||
| 34 | 37 | ||
| 35 | # Dependencies | 38 | # Dependencies |
| 36 | 39 | ||
| @@ -79,6 +82,15 @@ other layers needed. e.g.: | |||
| 79 | " | 82 | " |
| 80 | ``` | 83 | ``` |
| 81 | 84 | ||
| 85 | To add the script to your image, just add: | ||
| 86 | |||
| 87 | ``` | ||
| 88 | IMAGE_INSTALL_append = " initscripts-readonly-rootfs-overlay" | ||
| 89 | ``` | ||
| 90 | |||
| 91 | to your `local.conf` or image recipe. Or use | ||
| 92 | `core-image-rorootfs-overlay-initramfs` as initrd. | ||
| 93 | |||
| 82 | ## Read-only root filesystem | 94 | ## Read-only root filesystem |
| 83 | 95 | ||
| 84 | If you use this layer you do *not* need to set `read-only-rootfs` in the | 96 | If you use this layer you do *not* need to set `read-only-rootfs` in the |
| @@ -93,7 +105,7 @@ root=/dev/sda1 rootrw=/dev/sda2 | |||
| 93 | ``` | 105 | ``` |
| 94 | 106 | ||
| 95 | This cmd line start `/sbin/init` with the `/dev/sda1` partition as the read-only | 107 | This cmd line start `/sbin/init` with the `/dev/sda1` partition as the read-only |
| 96 | rootfs and the `/dev/sda2` partition as the read-write persistend state. | 108 | rootfs and the `/dev/sda2` partition as the read-write persistent state. |
| 97 | 109 | ||
| 98 | ``` | 110 | ``` |
| 99 | root=/dev/sda1 rootrw=/dev/sda2 init=/bin/sh | 111 | root=/dev/sda1 rootrw=/dev/sda2 init=/bin/sh |
| @@ -108,7 +120,7 @@ root=/dev/sda1 rootrw=/dev/sda2 init=/init | |||
| 108 | ``` | 120 | ``` |
| 109 | 121 | ||
| 110 | This cmd line starts `/sbin/init` with `/dev/sda1` partition as the read-only | 122 | This cmd line starts `/sbin/init` with `/dev/sda1` partition as the read-only |
| 111 | rootfs and the `/dev/sda2` partition as the read-write persistend state. When | 123 | rootfs and the `/dev/sda2` partition as the read-write persistent state. When |
| 112 | using this init script without an initrd, `init=/init` has to be set. | 124 | using this init script without an initrd, `init=/init` has to be set. |
| 113 | 125 | ||
| 114 | ``` | 126 | ``` |
| @@ -119,20 +131,20 @@ The same as before but it now starts `/bin/sh` instead of `/sbin/init` | |||
| 119 | 131 | ||
| 120 | ### Details | 132 | ### Details |
| 121 | 133 | ||
| 122 | `root=` specifies the read-only root filesystem device. If this is not | 134 | `root=` specifies the read-only root file system device. If this is not |
| 123 | specified, the current rootfs is used. | 135 | specified, the current rootfs is used. |
| 124 | 136 | ||
| 125 | `rootfstype=` if support for the-read only filesystem is not build into the | 137 | `rootfstype=` if support for the-read only file system is not build into the |
| 126 | kernel, you can specifiy the required module name here. | 138 | kernel, you can specify the required module name here. |
| 127 | 139 | ||
| 128 | `rootinit=` if the `init` parameter was used to specify this init script, | 140 | `rootinit=` if the `init` parameter was used to specify this init script, |
| 129 | `rootinit` can be used to overwrite the default (`/sbin/init`). | 141 | `rootinit` can be used to overwrite the default (`/sbin/init`). |
| 130 | 142 | ||
| 131 | `rootrw=` specifies the read-write filesystem device. If this is not | 143 | `rootrw=` specifies the read-write file system device. If this is not |
| 132 | specified, `tmpfs` is used. | 144 | specified, `tmpfs` is used. |
| 133 | 145 | ||
| 134 | `rootrwfstype=` if support for the read-write filesystem is not build into the | 146 | `rootrwfstype=` if support for the read-write file system is not build into the |
| 135 | kernel, you can specifiy the required module name here. | 147 | kernel, you can specify the required module name here. |
| 136 | 148 | ||
| 137 | `rootrwreset=` set to `yes` if you want to delete all the files in the | 149 | `rootrwreset=` set to `yes` if you want to delete all the files in the |
| 138 | read-write filesystem prior to building the overlay root files system. | 150 | read-write file system prior to building the overlay root files system. |