Setup read only mode

This guide only works with Jessie Raspbian without X server and desktop manager. If you run Jessie Raspbian with Pixel, follow this guide.

It is recommended to run the build-lights in read-only mode to minimize the probability of SD card corruption when power is removed abruptly. If you have writable partitions on the same SD card as the root filesystem, corruption may still occur when power is removed while the SD card is doing wear-leveling across partitions.

Note that this procedure mounts both root filesystem and boot partition as read-only. If you have additional partitions, those will not be mounted as read-only.

Replace log management with busybox, you can read the logs with logread

apt-get install busybox-syslogd; dpkg --purge rsyslog

Disable filesystem checks, disable swap, mount root as read-only

Add "fastboot noswap ro" to /boot/cmdline.txt.

File /boot/cmdline.txt looks like this:

dwc_otg.lpm_enable=0 console=serial0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline fsck.repair=yes rootwait fastboot noswap ro

Move spool

rm -rf  /var/spool
ln -s /tmp /var/spool

Mount root and boot partitions as read-only, move /var and /tmp to tmpfs

Add "ro" flag to /etc/fstab. Move /var and /tmp to tmpfs.

Example:

proc            /proc           proc    defaults          0       0
/dev/mmcblk0p1  /boot           vfat    defaults,ro       0       2
/dev/mmcblk0p2  /               ext4    defaults,noatime,ro 0     1
/dev/mmcblk0p3  /storage        ext4    defaults,noatime,sync 0   3
tmpfs           /var/log        tmpfs   nodev,nosuid      0       0
tmpfs           /var/tmp        tmpfs   nodev,nosuid      0       0
tmpfs           /tmp            tmpfs   nodev,nosuid      0       0

Move dhcpd.resolv.conf to tmpfs

touch /tmp/dhcpcd.resolv.conf
rm /etc/resolv.conf
ln -s /tmp/dhcpcd.resolv.conf /etc/resolv.conf

Easy switching between read-only and read-write

Place the below at the end of /etc/bash.bashrc

# set variable identifying the filesystem you work in (used in the prompt below)
fs_mode=$(mount | sed -n -e "s/^.* on \/ .*(\(r[w|o]\).*/\1/p")
# alias ro/rw
alias roroot='mount -o remount,ro / ; fs_mode=$(mount | sed -n -e "s/^.* on \/ .*(\(r[w|o]\).*/\1/p")'
alias rwroot='mount -o remount,rw / ; fs_mode=$(mount | sed -n -e "s/^.* on \/ .*(\(r[w|o]\).*/\1/p")'
# setup fancy prompt
export PS1='\[\033[01;32m\]\u@\h${fs_mode:+($fs_mode)}\[\033[00m\]:\[\033[01;34m\]\w\[\033[00m\]\$ '
# aliases for mounting boot volume
alias roboot='mount -o remount,ro /boot'
alias rwboot='mount -o remount,rw /boot'

Watchdog

Add to /boot/config.txt

# Enable watchdog
dtparam=watchdog=on

Edit watchdog config /etc/watchdog.conf and enable (uncomment) following lines:

watchdog-device = /dev/watchdog
max-load-1

Start watchdog at system start and start right away

insserv watchdog; /etc/init.d/watchdog start

additional settings needed on Jessie, edit /lib/systemd/system/watchdog.service and add:

[Install]
WantedBy=multi-user.target

Now it should be enabled properly

systemctl enable watchdog

Setup automatic reboot after kernel panic in /etc/sysctl.conf (add to the end)

kernel.panic = 10

Finish and reboot

Setup read only mode

Setup read only mode

Replace log management with busybox, you can read the logs with logread

Disable filesystem checks, disable swap, mount root as read-only

Move spool

Mount root and boot partitions as read-only, move /var and /tmp to tmpfs

Move dhcpd.resolv.conf to tmpfs

Easy switching between read-only and read-write

Watchdog

results matching ""

No results matching ""