[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: /run/, resolvconf and read-only root


On Mon, May 05, 2003 at 01:53:17PM +0200, Tollef Fog Heen wrote:

> * Emile van Bergen 
> | On Mon, May 05, 2003 at 11:29:16AM +0200, Tollef Fog Heen wrote:
> | 
> | > * Thomas Hood 
> | > 
> | > | If existing behaviour is preserved, then sysadmins shouldn't
> | > | be offended.
> | > 
> | > Sure they can be, having yet another top-level directory.  It's
> | > messy.
> | 
> | It's an elegant solution, and far less messy than packages messing with
> | configuration files in /etc.
> You are solving, from my point-of-view, a non-problem.  And you are
> doing that by creating another directory in every installation of
> Debian, not just those which need /run.
> | It's either one of those two, or specifying that /var cannot be network
> | mounted unless it's already mounted when init is started, because it's
> | on the NFS-root FS.
> I don't see the problem with this solution.  Use linuxrc and initrd
> and mount /var in linuxrc.

That sounds like a custom, optimize-early solution that does not
integrate well with how networking is set up in Debian, which happens
currently in /etc/rcS.d/S39ifupdown, S40networking, and S45mountnfs.

You're saying that /var should not be mounted from networks that get set
up at that stage? That's OK, but then we just need to document that.

However, you can also allow the system to boot that far without
requiring the real /var, by allowing /run on the system, and keeping
interface state and resolver data from DHCP etc. there. 

Because, contrary to /var, this directory is non-persistent, machines
can put it on a ram-based fs if they want, and have a /var mounted from
a "standard" (i.e. non-nfs root/linuxrc boot time mounted) network, as
their only writable storage, keeping the way debian deals with
networking entirely standard.

I think that's a far more elegant solution than require people to hack
their own boot sequence. As a bonus, the catch-22 issue with mtab can
also be solved more elegantly that way than the magic sysvinit currently
has to pull.

Of course, most things in /etc that are written to by packages should
still move to an appropriate directory under /var, and some things
should concatenate information from /etc/ and /var/ at read time (I.e.
the nologin issue) instead of the messy editing of information in /etc
that currently takes place, but that's a different issue, which is
basically already asked for by policy. See the recent texmf discussion
if you're not convinced of that yet.

The fact that PAM currently requires sysvinit to create and remove
/etc/nologin itself, forcing it to violate the spirit of policy that the
admin's files are not to be messed with, is hopefully a temporary



E-Advies - Emile van Bergen           emile@e-advies.nl      
tel. +31 (0)70 3906153           http://www.e-advies.nl    

Attachment: pgpGt9X96S2ZQ.pgp
Description: PGP signature

Reply to: