Re: Hooks for read-only /usr

["Mumia W.." <paduille.4061.mumia.w+nospam@earthlink.net>]

On 06/19/2008 03:12 AM, James Youngman wrote:
> I like to have a read-only /usr filesystem.   So I have ...
>
> # cat /etc/apt/apt.conf.d/50readonly-usr
> DPkg
> {
>    // Auto re-mounting of a readonly /usr
>    Pre-Invoke {"mount -o remount,rw /usr";};
>    Post-Invoke {"mount -o remount,ro /usr || true";};
> }
>
>
> Unfortunately this works quite badly.   During execution of apt,
> services are stopped and started again, so it is frequently the case
> that by the time apt runs the Post-invoke hook, processes are holding
> open files in /usr.   This prevents /usr being re-mounted (that's the
> reason for the "|| true").  Is there a better way to do this?
>
> One idea that occurred to me was to have dpkg do this; it could
> remount /usr read-write before removing the old files and unpacking
> the new, and mount it read-only after perhaps the package
> configuration stage (before restarting things).
>
> Anyway, is something like this already possible?
>
> Thanks,
> James.

It may be possible. You could use "at" to schedule the remounting of 
/usr at a later time, e.g. 10 minutes:

Post-Invoke {
  "echo 'mount -o remount,ro /usr' | at now + 10 minutes
}

You'll have to hope that whatever processes using /usr have finished by 
the time the mount command executes, and there will be a window during 
which time /usr will be writable. It's kludgy, but I don't think you'll 
find a non-kludgy solution for this.

Anyway, good luck.