設備安裝為唯讀,但我仍然可以寫入(CentOS 6.8)

tag-icon tag-icon centos mount readonly
設備安裝為唯讀,但我仍然可以寫入(CentOS 6.8)

我在快閃磁碟機上安裝了 CentOS 6.8,由於其有限的生命週期(100,000 次寫入(每個磁區發生故障之前的平均時間)),我想將其掛載為唯讀。

據說內核以 ro 身份啟動。至少,結果cat /proc/cmdline以「ro ...」開頭。

我已設定/etc/fstab為唯讀掛載:

UUID=4addd4a7-97f6-4399-89e4-6d3728bd2979 /     ext4    defaults,noatime,ro        1 1
UUID=21a81149-6534-4313-8696-e203896d5881 /boot ext4    defaults,noatime,ro        1 2
UUID=D64B-DD9C          /boot/efi               vfat    noatime,ro,umask=0077,shortname=winnt 0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
tmpfs                   /var/log                tmpfs   defaults        0 0

當我運行時,我發現遵循了mount中的規範。/etc/fstab儘管如此,我仍然可以修改文件並寫入新文件。正在運行掛載可寫的進一步證據lsof(根據這個帖子)。結果顯示有一些檔案打開用於寫入,大部分位於 /home 上。 (為了達到這個目的,我必須安裝/var/logtmpfs。)

這是 CentOS 6.8 中的錯誤嗎?有解決方法嗎?

答案1

我記得在某個地方讀過,可能是在手冊頁中,有一種錯誤,這意味著要讓設備只讀,您還必須重新安裝設備。

mount -o remount,ro ...

嘗試在 fstab 中的其他條目之後新增重新掛載,可以在 fstab 中為 ps mount 提供檔案系統「none」。

更新:

我找到了相關的 man 條目;

   mount(8) since v2.27 allows to change the mount options by passing the relevant options along with --bind.  For example:

          mount --bind,ro foo foo

   This feature is not supported by the Linux kernel; it is implemented in userspace by an additional mount(2) remounting syscall.  This solution is not atomic.

   The alternative (classic) way to create a read-only bind mount is to use the remount operation, for example:

          mount --bind olddir newdir
          mount -o remount,ro,bind olddir newdir

   Note that a read-only bind will create a read-only mountpoint (VFS entry), but the original filesystem superblock will  still  be  writable,  meaning  that  the  olddir  will  be
   writable, but the newdir will be read-only.

   It's impossible to change mount options recursively (for example with -o rbind,ro).

基於此,您可以嘗試使用 fstab 選項;

default,rbind,ro

如果失敗,請新增一個條目以重新安裝。

更新2(man 8 mount / man 8 mount blockdev);

   -r, --read-only
          Mount the filesystem read-only.  A synonym is -o ro.

          Note  that,  depending  on the filesystem type, state and kernel behavior, the system may still write to the device.  For example, ext3 and ext4 will replay the journal if
          the filesystem is dirty.  To prevent this kind of write access, you may want to mount an ext3 or ext4 filesystem with the ro,noload mount options or set the  block  device
          itself to read-only mode, see the blockdev(8) command.

這意味著您可以選擇:

ro,noload

或使用;

blockdev --setro /dev/...

相關內容