On Wed, 29 Apr 2015 13:47:38 +0200 Otto Moerbeek <[email protected]> wrote:
> On Wed, Apr 29, 2015 at 01:39:34PM +0200, Otto Moerbeek wrote: > > > On Wed, Apr 29, 2015 at 01:13:28PM +0200, Marko Cupa?? wrote: > > > > > Hi, > > > > > > I have a firewall which was originally installed with 5.4 > > > release, and it was configured to be resistant to sudden power > > > outages by means of mounting / as read only, and /var and /dev > > > partitions as mfs populated from /mfs/var and /mfs/dev. Here's > > > fstab: > > > > > > e3f2007c8606c31a.a / ffs ro 1 1 > > > swap /var mfs rw,-P=/mfs/var,-s=32768,nodev,nosuid,noexec 0 0 > > > swap /dev mfs rw,-P=/mfs/dev,-s=8192,-i=128,nosuid,noexec 0 0 > > > > > > Although this is non-critical box on local network, I wanted to > > > keep it up to date so yesterday I upgraded it to 5.5 first, and > > > then to 5.6. It appears that it no longer mounts / as read only. > > > > > > mount output shows the following: > > > /dev/wd0a on / type ffs (local) > > > mfs:15966 on /var type mfs (asynchronous, local, nodev, noexec, > > > nosuid, size=32768 512-blocks) mfs:29006 on /dev type mfs > > > (asynchronous, local, noexec, nosuid, size=8192 512-blocks) > > > > > > Trying to remount it as read/write says device busy: > > > $ sudo mount -ur / > > > mount_ffs: /dev/wd0a on /: Device busy > > > > > > What could be preventing read-only mount? > > > > rc mounts / rw explicitly these days, to be able to write a random > > Btw, it has been like that since 1997, so you had a modified rc, I > presume. > > > generator seed for the next boot. > > > > Why you cannot update to r/w I don't know, but fstat -f / might tell > > you more. If a file on / is open for r/w, the mount -u wil fail, as > > documented. Otto, thank you for fstat tip, there was bunch of files but just one that was being written to: pacija@rsbgavaalix02:~ $ sudo fstat -f / USER CMD PID FD MOUNT INUM MODE R/W SZ|DV _syslogd syslogd 26174 14 / 390155 -rw------- w 4524 Next, i searched for a file with this INUM: pacija@rsbgavaalix02:~ $ sudo find / -inum 390155 /etc/cron/log AFAIK, cron related stuff should be in /var/cron, not /etc/cron. Listing /var showed that cron is a symlink: pacija@rsbgavaalix02:~ $ ls -lh /var/ lrwxr-xr-x 1 root wheel 9B Apr 29 11:43 cron -> /etc/cron Maybe this has something to do with the way I copied /var to /mfs/var (i used cp -RPp)? I am going to re-try with tar. -- Marko Cupać https://www.mimar.rs
