This message is about three interdependent goals: 1. To create /run/, which makes it possible ... 2. to implement variable resolver configuration, which will help 3. to make it possible to mount / read-only.
(In the present context, "variable" information is information that changes during the normal operation of a system, not just when the system is administered.) So far in pursuit of #3 I have filed a few bug reports asking that programs store certain variable information under /var/. Those changes should be straightforward and relatively uncontroversial. As was discussed here earlier, however, some programs cannot use /var/ and need something like /run/. Creating /run/ and creating a variable resolver configuration framework are liable to be more controversial. (It shouldn't be too controversial at the FHS level, however. I have posted questions on the FHS list and no serious objections have been raised against the idea of /run/. Someone pointed out that several distros already use /initrd/ without FHS permission. There's good reason for that, so no big deal.) So, ... before I begin asking maintainers to implement the necessary changes, I ask for commentary here on the following outline. #1 /run/ ========= Jamie Wilkinson has prepared patches: http://spacepants.org/ and is updating them for the latest sysvinit release (2.85). * base-files Add /run/ directory * pam, shadow Allow either /etc/nologin or /run/nologin to prevent nonroot login * sysvinit: Touch /run/nologin (not /etc/nologin) when there is a delay before a shutdown. * util-linux Use /run/mtab for mount's statefile #2. Variable resolver configuration =================================== The resolver configuration file, /etc/resolv.conf, is one of the variable files in /etc/. ppp/pppconfig and pump both modify it, stomping on each other's changes if they are both used. Neither of them notifies DNS caches of available forwarders. It is proposed that these problems be solved by means of the following variable resolver configuration scheme. * Symlink /etc/resolv.conf -> /run/resolvconf/resolv.conf * Resolv.conf-like files are maintained for each i'face in /run/resolvconf/interface/ by the configurator of that i'face * DNS cache configuration file fragments go in /run/<dnscache>/ * /sbin/update-resolver regenerates /run/resolvconf/resolv.conf and calls DNS cache update scripts in /etc/resolvconf/update.d/ to update DNS cache configuration file fragments in /run/<dnscache>/ TODO -- done in EXPERIMENTAL resolvconf package -- latest version: http://panopticon.csustan.edu/thood/resolvconf_0.3.tar.gz http://panopticon.csustan.edu/thood/resolvconf_0.3_all.deb * resolvconf (to be integrated into libc6, home of the resolver) * Create /sbin/update-resolver="/etc/init.d/resolvconf reload" * Create /etc/init.d/resolvconf script to: * Write /run/resolvconf/resolv.conf which lists nameservers from /run/resolvconf/interface/* files * Do "run-parts /etc/resolvconf/update.d" * Symlink /etc/rcS.d/S39resolvconf -> /etc/init.d/resolvconf * ppp * Create script /etc/ppp/ip-up.d/resolvconf to: * Write the lines: nameserver $DNS1 nameserver $DNS2 to /run/resolvconf/interface/$PPP_IFACE * Then run update-resolver * Create script /etc/ppp/ip-down.d/resolvconf to: * Delete /run/resolvconf/interface/$PPP_IFACE * Then run update-resolver * bind * Create script /etc/resolvconf/update.d/bind to: * Convert /etc/bind/named.options.sed into /run/bind/named.options (which is to be included in /etc/bind/named.conf) * Then run "/etc/init.d/bind reload" TODO * pppconfig * Modify /etc/ppp/ip-up.d/0dns-up, /etc/ppp/ip-down.d/0dns-down to call /sbin/update-resolver if available instead of futzing with /etc/resolv.conf * pump * Change /sbin/pump to: * Write resolv.conf info to /run/resolvconf/interface/pppX instead of to the current /etc/resolv.conf * Then run update-resolver * dhcp3-client * Change /etc/dhcp3/dhclient-script to: * Write resolv.conf info to /run/resolvconf/interface/$IFACE instead of to the current /etc/resolv.conf * Then run update-resolver * ifupdown * Allow nameservers to be listed in /etc/network/interfaces thus: nameserver a.b.c.d For each such nameserver: * Write to /run/resolvconf/interface/$IFACE the line nameserver a.b.c.d * Then run update-resolver * bind * Change the /etc/bind/named.conf file to include /run/bind/named.options * Convert /etc/bind/named.conf.options into /etc/bind/named.options.sed * Change /etc/init.d/bind script to: * At the bottom of start(), write nameserver 127.0.0.1 to /run/resolvconf/interface/lo and then run update-resolver * At top of stop(), delete /run/resolvconf/interface/lo and run update-resolver * dnscache * Something similar 3. Read-only / ============== If / is to be mounted read-only in normal use, files that are modified in normal use cannot be stored in /etc/. TODO, wishes filed * sysvinit #150355: Move motd to /var/lib/ #188087 [DONE in 2.85-1]: Eliminate ioctl.save * util-linux #156489 [PENDING?]: Move adjtime out of /etc/ * ppp #187756: Tolerate read-only /etc/ * pppconfig #187810 [PENDING?]: Support read-only /etc/ #187651: Make resolv.conf futzing optional * cupsys #187954 [PENDING]: Move printcap.cups under /var/ TODO * ppp * Change /usr/sbin/pppd to: * Store pidfile in /run/, not in /var/run/ * dhcp3-client * Change /sbin/dhclient to: * By default, store pidfile in /run/, not in /var/run/ * ifupdown * Store ifstate in /run/network/, not in /etc/network/ * diskless tools * "Fix" * sysvinit * Add support for mounting / read-only. * Add support for mounting /run/ as a separate filesystem. * The patches in #30446 and #186892 should be reviewed in implementing this. WONTDO * linuxlogo #187953 [REJECTED?]: Do not store linuxlogo files in /etc/. The administrator will have to deal with linuxlogo files. -- Thomas Hood <[EMAIL PROTECTED]>