Hooks for read-only /usr
I like to have a read-only /usr filesystem. So I have ...
# cat /etc/apt/apt.conf.d/50readonly-usr
DPkg
{
// Auto re-mounting of a readonly /usr
Pre-Invoke {"mount -o remount,rw /usr";};
Post-Invoke {"mount -o remount,ro /usr || true";};
}
Unfortunately this works quite badly. During execution of apt,
services are stopped and started again, so it is frequently the case
that by the time apt runs the Post-invoke hook, processes are holding
open files in /usr. This prevents /usr being re-mounted (that's the
reason for the "|| true"). Is there a better way to do this?
One idea that occurred to me was to have dpkg do this; it could
remount /usr read-write before removing the old files and unpacking
the new, and mount it read-only after perhaps the package
configuration stage (before restarting things).
Anyway, is something like this already possible?
Thanks,
James.
Reply to: