From 20b4ea52e57b4329eb46ccc91709796a0b9e925e Mon Sep 17 00:00:00 2001 From: Milan Toman Date: Thu, 8 Apr 2021 10:10:24 +0200 Subject: [PATCH] Actual override script for RO FS added --- overlay.sh | 53 ++++++++++++++++++++++ overlayRoot.sh | 119 ------------------------------------------------- 2 files changed, 53 insertions(+), 119 deletions(-) create mode 100644 overlay.sh delete mode 100644 overlayRoot.sh diff --git a/overlay.sh b/overlay.sh new file mode 100644 index 0000000..b2270c3 --- /dev/null +++ b/overlay.sh @@ -0,0 +1,53 @@ +#/etc/initramfs-tools/scripts/overlay +# Local filesystem mounting -*- shell-script -*- + +# +# This script overrides local_mount_root() in /scripts/local +# and mounts root as a read-only filesystem with a temporary (rw) +# overlay filesystem. +# + +. /scripts/local + +local_mount_root() +{ + local_top + local_device_setup "${ROOT}" "root file system" + ROOT="${DEV}" + + # Get the root filesystem type if not set + if [ -z "${ROOTFSTYPE}" ]; then + FSTYPE=$(get_fstype "${ROOT}") + else + FSTYPE=${ROOTFSTYPE} + fi + + local_premount + + # CHANGES TO THE ORIGINAL FUNCTION BEGIN HERE + # N.B. this code still lacks error checking + + modprobe ${FSTYPE} + checkfs ${ROOT} root "${FSTYPE}" + + # Create directories for root and the overlay + mkdir /lower /upper + + # Mount read-only root to /lower + if [ "${FSTYPE}" != "unknown" ]; then + mount -r -t ${FSTYPE} ${ROOTFLAGS} ${ROOT} /lower + else + mount -r ${ROOTFLAGS} ${ROOT} /lower + fi + + modprobe overlay || insmod "/lower/lib/modules/$(uname -r)/kernel/fs/overlayfs/overlay.ko" + + # Mount a tmpfs for the overlay in /upper + mount -t tmpfs tmpfs /upper + mkdir /upper/data /upper/work + + # Mount the final overlay-root in $rootmnt + mount -t overlay \ + -olowerdir=/lower,upperdir=/upper/data,workdir=/upper/work \ + overlay ${rootmnt} +} diff --git a/overlayRoot.sh b/overlayRoot.sh deleted file mode 100644 index 555fd10..0000000 --- a/overlayRoot.sh +++ /dev/null @@ -1,119 +0,0 @@ -#!/bin/sh -# Read-only Root-FS for Raspian using overlayfs -# Version 1.0 -# -# Created 2017 by Pascal Suter @ DALCO AG, Switzerland to work on Raspian as custom init script -# (raspbian does not use an initramfs on boot) -# -# This program is free software: you can redistribute it and/or modify -# it under the terms of the GNU General Public License as published by -# the Free Software Foundation, either version 3 of the License, or -# (at your option) any later version. -# -# This program is distributed in the hope that it will be useful, -# but WITHOUT ANY WARRANTY; without even the implied warranty of -# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the -# GNU General Public License for more details. -# -# You should have received a copy of the GNU General Public License -# along with this program. If not, see -# . -# -# -# Tested with Raspbian mini, 2017-01-11 -# -# This script will mount the root filesystem read-only and overlay it with a temporary tempfs -# which is read-write mounted. This is done using the overlayFS which is part of the linux kernel -# since version 3.18. -# when this script is in use, all changes made to anywhere in the root filesystem mount will be lost -# upon reboot of the system. The SD card will only be accessed as read-only drive, which significantly -# helps to prolong its life and prevent filesystem coruption in environments where the system is usually -# not shut down properly -# -# Install: -# copy this script to /sbin/overlayRoot.sh and add "init=/sbin/overlayRoot.sh" to the cmdline.txt -# file in the raspbian image's boot partition. -# I strongly recommend to disable swapping before using this. it will work with swap but that just does -# not make sens as the swap file will be stored in the tempfs which again resides in the ram. -# run these commands on the booted raspberry pi BEFORE you set the init=/sbin/overlayRoot.sh boot option: -# sudo dphys-swapfile swapoff -# sudo dphys-swapfile uninstall -# sudo update-rc.d dphys-swapfile remove -# -# To install software, run upgrades and do other changes to the raspberry setup, simply remove the init= -# entry from the cmdline.txt file and reboot, make the changes, add the init= entry and reboot once more. - -fail(){ - echo -e "$1" - /bin/bash -} - -# load module -modprobe overlay -if [ $? -ne 0 ]; then - fail "ERROR: missing overlay kernel module" -fi -# mount /proc -mount -t proc proc /proc -if [ $? -ne 0 ]; then - fail "ERROR: could not mount proc" -fi -# create a writable fs to then create our mountpoints -mount -t tmpfs inittemp /mnt -if [ $? -ne 0 ]; then - fail "ERROR: could not create a temporary filesystem to mount the base filesystems for overlayfs" -fi -mkdir /mnt/lower -mkdir /mnt/rw -mount -t tmpfs root-rw /mnt/rw -if [ $? -ne 0 ]; then - fail "ERROR: could not create tempfs for upper filesystem" -fi -mkdir /mnt/rw/upper -mkdir /mnt/rw/work -mkdir /mnt/newroot -# mount root filesystem readonly -rootDev=/dev/mmcblk0p2 -rootPARTUUID=`awk '$2 == "/" {print $1}' /etc/fstab` -rootMountOpt=`awk '$2 == "/" {print $4}' /etc/fstab` -rootFsType=`awk '$2 == "/" {print $3}' /etc/fstab` -mount -t ${rootFsType} -o ${rootMountOpt},ro ${rootDev} /mnt/lower -if [ $? -ne 0 ]; then - fail "ERROR: could not ro-mount original root partition" -fi -mount -t overlay -o lowerdir=/mnt/lower,upperdir=/mnt/rw/upper,workdir=/mnt/rw/work overlayfs-root /mnt/newroot -if [ $? -ne 0 ]; then - fail "ERROR: could not mount overlayFS" -fi -# create mountpoints inside the new root filesystem-overlay -mkdir /mnt/newroot/ro -mkdir /mnt/newroot/rw -# remove root mount from fstab (this is already a non-permanent modification) -grep -v "$rootPARTUUID" /mnt/lower/etc/fstab > /mnt/newroot/etc/fstab -echo "#the original root mount has been removed by overlayRoot.sh" >> /mnt/newroot/etc/fstab -echo "#this is only a temporary modification, the original fstab" >> /mnt/newroot/etc/fstab -echo "#stored on the disk can be found in /ro/etc/fstab" >> /mnt/newroot/etc/fstab -# change to the new overlay root -cd /mnt/newroot -pivot_root . mnt -exec chroot . sh -c "$(cat <