How to force all filesystems to read-only at boot?

I am using LEDE 17.1.4 on Raspberry Pi 3B and want to have my file-systems safe to powerloss.

To do this i need to have /boot and root / mounted read-only.

In my system there is no:

  1. /etc/config/fstab -> this is referenced by some wiki pages, but not present in my system

  2. no configurable mtab in /etc, but only a link to /proc

The boot process is done in read-only mode. When the sytem is up, it seems root / and /boot are remounted read-write. I need them to stay read-only. Where can this be configured?


Automatically check filesystem for errors before mounting

I don't understand what you are saying...

For one current LEDE/OpenWRT seems to lack the function of fsck at boot time...see here:

Neither by tune2fs nor any other method provided by the system is configurable and working...

It's an option under the LuCI GUI

There is no option System/Moint Point in my LuCI...

In System i see:

  • System
  • Administration
  • Software
  • Startup
  • Scheduled Tasks
  • LED Configuration
    and so on...

In System/System there is also no mentioning of moint points.

Do i need to install something for this?

You may need the block-mount package.

From the top nav, open the "System" drop down. From within that drop down, select "Mount Points"



Consider investing in a good UPS.

1 Like

He's got a serious concern, and even plugging the power adapter into "a good UPS" you still have the non-locking and easy-to-dislodge USB connector. He's not alone in wishing to prevent file system corruption.

Which is an easy fix.

I don't know why we should be discussing the reasoning behind it. This should be basics for embedded consumer systems.
These systems usually don't reside in a locked server room and a lot of mishaps can happen even when you have a "good" UPS. From your cat to your child, by your own error and what not can interfere with the system and render it inoperable and possibly hard to recover when all you have is an inaccessible JTAG and non-removable storage media.
At least on the Pi i can remove the SD card and check it externally offline, but as another point SD cards are not very stable if you write to them a lot. The three broken SD cards (SanDisk) from various Pi systems in front of me tell me to change something.

There is more than one solution, and others who read the topic may decide that one solution works better for them than another.

There are those who are not comfortable trying to un-f**k their filesystem.

It seems you would make the appropriate edits in /etc/fstab (not /etc/options/fstab as you mentioned in the other thread).

As you quoted, the mounting of root / and /boot on LEDE seems not to be done through /etc/options/fstab as it doesn't exist. This info is found on wiki pages, but the mount mechanism has apparently changed. The info how to modify this mount process and also how to force file system checking of partitions before mount is nowhere to be found for LEDE. This is what my other thread is about.

My plan was to use or configure the appropriate LEDE files for fsck of filesystems at boot and have the file systems used in read-only mode, which both seems to be no standard use case in LEDE so far. At least i am still not knowing the standard procedure for both.

The option where i am at right now is to boot the system until userspace is running and then execute a shell script with root privileges to remount /boot and root / in read-only mode, have fsck run on both filesystems and leave them read-only until next reboot where the procedure then executed again. The standard way on other Linux systems is to tell the kernel to fsck the filesystems on mount and never to enter read-write mode, which is safer in case the boot process crashes badly and destroys the filesystem.

As mentioned above, fstab is in in /etc (at least on my router) not /etc/options.


Edit: Also a copy in /rom/etc

OpenWRT uses a set of pre-init scripts and procd. Agreed, both are poorly documented.

You might start by looking at /etc/init.d/boot and potentially the contents of /lib/preinit as places to hook in your call to fsck or similar.

my /etc/fstab is empty except for one commented out line as mounting is not done there.

cat fstab
# <file system> <mount point> <type> <options> <dump> <pass>

That's what i also figured and where i might put in my checks.

From Ubuntu documentation,..

If a device/partition is not listed in fstab ONLY ROOT may mount the device/partition.

Thanks, but this is not adding information how the filesystems are brought up in LEDE and where they are remounted to read-write and why no filecheck is done when the filesystems are dirty.

On my system there is all this mounted in mtab:

/dev/root / ext4 rw,noatime,block_validity,delalloc,barrier,user_xattr 0 0
proc /proc proc rw,nosuid,nodev,noexec,noatime 0 0
sysfs /sys sysfs rw,nosuid,nodev,noexec,noatime 0 0
tmpfs /tmp tmpfs rw,nosuid,nodev,noatime 0 0
/dev/mmcblk0p1 /boot vfat rw,noatime,fmask=0022,dmask=0022,codepage=437,iocharset=iso8859-1,shortname=mixed,errors=remount-ro 0 0
tmpfs /dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0
devpts /dev/pts devpts rw,nosuid,noexec,relatime,mode=600 0 0
debugfs /sys/kernel/debug debugfs rw,noatime 0 0
proc /work/debianwrt/proc proc rw,relatime 0 0
sys /work/debianwrt/sys sysfs rw,relatime 0 0
tmpfs /work/debianwrt/dev tmpfs rw,nosuid,relatime,size=512k,mode=755 0 0

But nowhere how to change or configure this or have it fsck'ed at mount.

See this OpenWrt archived article...

If you know of any open source firmware that does a filecheck when the filesystems are dirty, post the link.

I have tried as written in the article....installed block-mount, created /etc/config/fstab with block detect and activated fstab usage and rebooted.

For the filesystems i used the following switches:
option options 'ro,sync'
option enabled '1'

It didn't change any attributes in the mounted filesystems. Possibly the fstab in LEDE is only affecting filesystems to be mounted after boot...(the non-essential filesystems for booting).

I need to modify the original mount parameters. To my knowledge mounting at boot is executed among other mechanics by:
and within this file by "mount_root" which is a binary in /sbin where i don't seen configuration options.

Also i think this only mounts root and i am not sure where the remaining like /boot is mounted.

I think the first mount of root / is done by the kernel; then root / gets remounted to read-write by 80_mount_root. Please correct me if i am wrong.

Early filesystem mounting happens in various places, depending on the target and image type. Usually root, overlay and overlyfs are mounted by fstools which in turn are invoked by preinit during boot. Supplementary filesystems like /tmp, /sys etc. are directly monted by procd during boot.

The simplest solution to your problem is adding an appropriate mount / -o remount,ro call using a custom script in /lib/preinit/.