On 3/9/25 06:48, Christopher David Howie wrote:
On 3/9/25 9:26 AM, Eben King wrote:
The "norecovery" option for mount(8) seems like a dangerous design
choice. "readonly" is supposed to mean "do not write to disk".
Yeah, that's what I thought too.
"readonly" means "don't allow the contents of the filesystem to be
changed," e.g. attempts to alter files by userspace programs are
rejected. It doesn't mean the kernel won't write to the device.
mount(8) even documents this explicitly:
Note that, depending on the filesystem type, state and kernel
behavior, the system may still write to the device. For example,
ext3 and ext4 will replay the journal if the filesystem is dirty. To
prevent this kind of write access, you may want to mount an ext3 or
ext4 filesystem with the ro,noload mount options or set the block
device itself to read-only mode, see the blockdev(8) command.
This doesn't seem like "readonly does the wrong thing" so much as "you
should know what things do before you use them."
When the machines are to serve humans, sometimes the design must favor
human psychology (e.g. imperfection) over technical purity (e.g.
perfection):
- What to name things [1].
- "The principle of least surprise" [2].
- "Keep it simple, stupid!" (KISS) [3].
- "Do what I mean" (DWIM) [4].
Now I am curious what "readonly" means to my FreeBSD systems with UFS
and ZFS.
David
[1] https://martinfowler.com/bliki/TwoHardThings.html
[2] https://en.wikipedia.org/wiki/Principle_of_least_astonishment
[3] https://en.wikipedia.org/wiki/KISS_principle
[4] https://en.wikipedia.org/wiki/DWIM
