chesty / overlayroot Goto Github PK

There is a tiny problem on XU4 the /overlay/lower is not mounted read only.

/dev/mmcblk0p1 on /overlay/lower type ext4 (rw,relatime)

I think I must update partition name inside script (I post result here)...

XU4 mount :

(root|~) mount
sysfs on /sys type sysfs (rw,nosuid,nodev,noexec,relatime)
proc on /proc type proc (rw,nosuid,nodev,noexec,relatime)
udev on /dev type devtmpfs (rw,nosuid,relatime,size=953384k,nr_inodes=187412,mode=755)
devpts on /dev/pts type devpts (rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000)
tmpfs on /run type tmpfs (rw,nosuid,noexec,relatime,size=204488k,mode=755)
overlay on / type overlay (rw,relatime,lowerdir=/overlay/lower,upperdir=/overlay/upper,workdir=/overlay/work)
tmpfs on /overlay type tmpfs (rw,relatime)
/dev/mmcblk0p1 on /overlay/lower type ext4 (rw,relatime)
securityfs on /sys/kernel/security type securityfs (rw,nosuid,nodev,noexec,relatime)
tmpfs on /dev/shm type tmpfs (rw,nosuid,nodev)
tmpfs on /run/lock type tmpfs (rw,nosuid,nodev,noexec,relatime,size=5120k)
tmpfs on /sys/fs/cgroup type tmpfs (ro,nosuid,nodev,noexec,mode=755)
cgroup on /sys/fs/cgroup/systemd type cgroup (rw,nosuid,nodev,noexec,relatime,xattr,release_agent=/lib/systemd/systemd-cgroups-agent,name=systemd)
cgroup on /sys/fs/cgroup/freezer type cgroup (rw,nosuid,nodev,noexec,relatime,freezer)
cgroup on /sys/fs/cgroup/net_cls,net_prio type cgroup (rw,nosuid,nodev,noexec,relatime,net_cls,net_prio)
cgroup on /sys/fs/cgroup/devices type cgroup (rw,nosuid,nodev,noexec,relatime,devices)
cgroup on /sys/fs/cgroup/cpu,cpuacct type cgroup (rw,nosuid,nodev,noexec,relatime,cpu,cpuacct)
cgroup on /sys/fs/cgroup/cpuset type cgroup (rw,nosuid,nodev,noexec,relatime,cpuset)
cgroup on /sys/fs/cgroup/blkio type cgroup (rw,nosuid,nodev,noexec,relatime,blkio)
cgroup on /sys/fs/cgroup/memory type cgroup (rw,nosuid,nodev,noexec,relatime,memory)
systemd-1 on /proc/sys/fs/binfmt_misc type autofs (rw,relatime,fd=26,pgrp=1,timeout=0,minproto=5,maxproto=5,direct)
mqueue on /dev/mqueue type mqueue (rw,relatime)
debugfs on /sys/kernel/debug type debugfs (rw,relatime)
configfs on /sys/kernel/config type configfs (rw,relatime)
tmpfs on /tmp type tmpfs (rw,nosuid,relatime)
overlay on /var/log.hdd type overlay (rw,relatime,lowerdir=/overlay/lower,upperdir=/overlay/upper,workdir=/overlay/work)
/dev/zram0 on /var/log type ext4 (rw,relatime,block_validity,discard,delalloc,nojournal_checksum,barrier,user_xattr,acl)
tmpfs on /run/user/0 type tmpfs (rw,nosuid,nodev,relatime,size=204484k,mode=700)

Whenever i connect to the Raspberry Pi with "overlayroot" thru SSH, run "rootwork", "exit" and then
disconnect, i cannot SSH again, i get this error.

ubuntu@DESKTOP:~$ ssh [email protected]
[email protected]'s password:
PTY allocation request failed on channel 0

After exiting "rootwork" /dev/pts/0 is not there anymore.

Before rootwork

pi@raspberrypiB:~ $ grep --color devpts /proc/mounts
devpts /dev/pts devpts rw,nosuid,noexec,relatime,gid=5,mode=620,ptmxmode=000 0 0

After rootwork

pi@raspberrypiB:~ $ grep --color devpts /proc/mounts
pi@raspberrypiB:~ $

I can only SSH again if i manually reboot it.

I've made a pull request with the fix for this.

I noticed in rootwork that the /boot partition is remounted rw and then ro on exit, but I don't see where /boot is mounted ro to begin with. On Rasbian, is the /boot partition actually mounted ro after a reboot but before running rootwork?

Just a note - mounting /boot as ro may not be that important because nothing should write to it during normal operation, only during things like kernel updates. However, I don't know what risk power failures would pose.

Related to this, to support Ubuntu Server and other systems that use /boot/firmware rather than /boot (see issue #9), the rootwork script needs to be updated - perhaps to use /boot/firmware if it is a mountpoint, and otherwise use /boot.

@chesty - I want to add to others' comments about how valuable this project is for long-term RPi stable operation. We appreciate the time and energy you've contributed to write, test, publish, and support this project.

How do I uninstall this? Might be worth putting in the README.

The chrooting solution is great, however it should be mentioned in the readme, that it has issues with systemd:

- can't reboot
# reboot
Running in chroot, ignoring request.

- can't list active services
# systemctl
Running in chroot, ignoring command 'list-units'

- we cannot be sure, if a new package has been installed succesfully
# apt-get install dbus
E: Can not write log (Is /dev/pts mounted?) - posix_openpt (19: No such device)
Running in chroot, ignoring request / command 'daemon-reload' / 'show' / 'daemon-reload' / 'is-active'
.......service is a disabled or a static unit, not starting it.

If such a task is required I suggest commenting out the initramfs= in /boot/config.txt temporally and reboot.

Hey - thanks for this I'm currently testing it out on a Raspberry Pi Zero W running DietPi.

I know this repo has been stable for a long time now but I was wondering if we could create a tag / "release". So that if I install this on multiple Pis I don't have to just clone master which always risks moving on. It would be much better to be able to clone a tag or a release to ensure all versions are the same.

Thanks.

My system work perfectly in RO. but there is a strange bug inside the bashscript at 32 (chroot line)

${SUDO} IMCHROOTED=${ROOT} chroot ${ROOT}

(it's my own PS1)

(root|~/overlayroot) ./rootwork
./rootwork: ligne 32: IMCHROOTED=/overlay/lower: Aucun fichier ou dossier de ce type

I must remove the IMCHROOTED=${ROOT} before the chroot on line 32 to get the RW chroot.

My pi boot by nfs from a piserver, and I want to use overlayroot to set root writable. I succeed on the os from piserver (kernel version: 4.19.97-v7+), but failed on the latest raspberry pi os (kernel version: 5.4.51-v7l+).
I set debug option on cmdline.txt to see the initramfs debug, and found the error occurred on init-bottom-overlay script from line 64:
mount -t overlay overlay -olowerdir=/overlay/lower,upperdir=/overlay/upper,workdir=/overlay/work ${rootmnt}
mount: mount overlay on /root failed: No such device.
cp: can't stat '/root/etc/fstab': No such file or directory.
/script/init-bottom/init-bottom-overlay: line 71: can't create /root/etc/fstab: nonexistent directory.
/script/init-bottom/init-bottom-overlay: line 72: can't create /root/etc/fstab: nonexistent directory.

Hello,

Can we use it with CentOS ?

Thanks,
ran

I tried again and again with the latest pi os 2020-08-20 with kernel 5.4.51-v7l+.

I have been unable to get this working on Ubuntu 18.04 Server on a Raspberry Pi 3.

As far as I can tell, everything is installed correctly (note Ubuntu uses /boot/firmware rather than /boot):

$ uname -a
Linux rpi3 4.15.0-1048-raspi2 #52-Ubuntu SMP PREEMPT Wed Sep 18 08:58:33 UTC 2019 armv7l armv7l armv7l GNU/Linux

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Ubuntu
Description:	Ubuntu 18.04.3 LTS
Release:	18.04
Codename:	bionic

$ mount |grep mmc
/dev/mmcblk0p2 on / type ext4 (rw,relatime,data=ordered)
/dev/mmcblk0p1 on /boot/firmware type vfat (rw,relatime,fmask=0022,dmask=0022,codepage=437,iocharset=ascii,shortname=mixed,errors=remount-ro)

$ grep initramfs /boot/firmware/config.txt 
#initramfs initrd.img followkernel
initramfs initrd.gz followkernel

$ grep overlay /etc/initramfs-tools/modules
overlay

$ ls -al /etc/initramfs-tools/hooks/hooks-overlay /etc/initramfs-tools/scripts/init-bottom/init-bottom-overlay
-rwxr-xr-x 1 root root  324 Oct 21 14:26 /etc/initramfs-tools/hooks/hooks-overlay
-rwxr-xr-x 1 root root 1973 Oct 21 14:30 /etc/initramfs-tools/scripts/init-bottom/init-bottom-overlay

$ ls -al /boot/firmware/init.gz 
-rwxr-xr-x 1 root root 18609106 Oct 21 15:14 /boot/firmware/init.gz

$ ls -al /usr/share/initramfs-tools/scripts/functions /usr/share/initramfs-tools/hook-functions
-rw-r--r-- 1 root root 22234 Apr 17  2019 /usr/share/initramfs-tools/hook-functions
-rw-r--r-- 1 root root 20067 Dec 12  2018 /usr/share/initramfs-tools/scripts/functions

$ 

However, after rebooting, there is no sign that init-bottom-overlay is even being run:

$ ls -al / |grep overlay

$ cat /var/log/syslog |grep overlay

$ mount |grep overlay

$ cat /proc/cmdline |grep overlay

$ cat /etc/fstab |grep overlay

$ 

I tried this with the DE10-nano board running the provided LXDE Ubuntu 16.04 image (login needed to get it -
https://download.terasic.com/downloads/cd-rom/de10-nano/linux_BSP/DE10_Nano_LXDE.zip).

I followed all the steps for Ubuntu ARM but nothing seems to happen after rebooting. /overlay/lower is not even created and of course all changes are NOT lost after rebooting again.

I can see the prompt changing though (with an 'RO' at the end). Executing 'rootwork' confirms that there is no overlay (it says there is no /overlay). How can I debug this issue? It seems like the scripts are not executing. I noticed that the Ubuntu Linux comes with not fstab file. The bootloader is in charge of mounting the / partition here. I created an fstab file for the command 'sudo update-initramfs -k $(uname -r) -u' to work. I also noticed that the fstab file is not modified at all. Is this supposed to happen? I am sure that I created the fstab file correctly. The is a fat partition that is now mounted fine by the fstab.

I have access to the bootloader code if anything could be changed to that to make overlayroot work. Any ideas?

I read in a previous issue:

Just comment out "initramfs init.gz" in "/boot/config.txt".

But that did not work. Is it possible to undo all changes made to the partitions to make the system be as previously? If so, how?

Edit:
My main guess is that the fstab file needs to be changed as well. Right now mine is as following:
overlay / overlay rw,relatime,lowerdir=/overlay/lower,upperdir=/overlay/upper,workdir=/overlay/work 0 0

But I did not make a copy of the original fstab, so is it then not possible to revert this overlay state?

First thank you for your work, this seems like a robust solution for read only overlayed root fs for raspberry. I was wondering if you'd be interested to provide an install script that would do all the work? If yes, I think I can make a pull request. My skills in bash are limited so you will need to look at it...
Sounds like a good idea?