r/o root filesystem?
I just tried to set up a router with a read-only /. This seems like it ought
to work, since debian uses /var fairly religiously where appropriate. In fact
it worked 95% but there are the occasional boot scripts that expect to be able
to write into /etc and /dev.
I don't think policy says anything about this, but given how much effort has
gone into putting things into /var where appropriate it seems like a shame to
waste all that effort by not being strict about the last 5% and not reaping
the benefit of all that work.
The files edited in /etc seem to be /etc/motd and /etc/nologin. Either we move
these files to /var or we accept that DELAYLOGIN and EDITMOTD are implicitly
false when / is read-only and just hide the errors with 2>/dev/null.
The trickier stuff are the various places that assume /dev is writable. I'm
not sure these are all solvable. Things like xterm will never work properly if
they can't set the owner of the pty. But it still seems odd to me that boot
scripts are going around doing mknod and chmod on devices.
# Create mountpoint and multiplexor device.
[ -d /dev/pts ] || mkdir --mode=755 /dev/pts
[ -c /dev/ptmx ] || mknod --mode=666 /dev/ptmx c 5 2
# Set pseudo-terminal access permissions.
if [ ! -c /dev/.devfsd ] && [ -c /dev/ttyp0 ]
chmod 666 /dev/tty[p-za-e][0-9a-f]
chown root:tty /dev/tty[p-za-e][0-9a-f]
# Update /etc/motd.
if [ "$EDITMOTD" != no ]
uname -a > /etc/motd.tmp
sed 1d /etc/motd >> /etc/motd.tmp
mv /etc/motd.tmp /etc/motd