previously on this list Timo Myyrä contributed: > Now that OpenBSD has tmpfs I'd use that instead of mfs. > > I just added following on my /etc/fstab: > > none /tmp tmpfs rw,nodev,nosuid,-s=1g,-m=1777 0 0 > none /var/cache tmpfs rw,nodev,nosuid,-s=128m,-m=0755 0 0 > none /var/run tmpfs rw,nodev,nosuid,-s=64m,-m=0755 0 0
I use the script below for /dev on a ro root which uses mfs to copy /dev to /dev2 and then back so it's always updated. When I run sysmerge I just have to remember to umount /dev first to update the filesystem /dev and not the mfs and do this as the last step before a reboot to avoid issues. I think it's safe, atleast it seems alright so far. It does mean you need to restart daemons that use sockets like at the bottom of the script though. I've had one machine (faster than the others) where getty didn't come up without the sleeps though and didn't expect the sockets not being copied so I'm far from 100% sure about it or if tmpfs may be more suited or not? Can you copy files from /dev and mount to /dev in one line with tmpfs? Thinking about it now, I think I am running it from rc.local so running it early in the boot up will probably allow me to remove the sleeps and restarting the services. _______________________________________________________________________ #!/bin/sh /sbin/mount -uw / #Put /dev in ram for read only root without permission problems if [ ! -d /dev2 ]; then /bin/mkdir /dev2 fi #populate /dev2 with files from /dev except sockets (we can't do so in one go) /sbin/mount_mfs -i 2 -P /dev -s 10000 /dev/wd0b /dev2 #Give time to settle so that getty runs reliably and login comes up. sleep 2 #populate /dev with files from /dev2 except sockets /sbin/mount_mfs -i 2 -P /dev2 -o nosuid,noexec -s 10000 /dev/wd0b /dev sleep 2 /sbin/umount /dev2 #stop and start any daemons that create sockets in /dev /etc/rc.d/syslogd stop echo "" /etc/rc.d/syslogd start echo "" #/sbin/mount -urf / _______________________________________________________________________ -- _______________________________________________________________________ 'Write programs that do one thing and do it well. Write programs to work together. Write programs to handle text streams, because that is a universal interface' (Doug McIlroy) In Other Words - Don't design like polkit or systemd _______________________________________________________________________
