设备安装为只读,但我仍然可以写入(CentOS 6.8)

tag-icon tag-icon centos mount readonly
设备安装为只读,但我仍然可以写入(CentOS 6.8)

我在闪存驱动器上安装了 CentOS 6.8,由于其生命周期有限(100,000 次写入(每个扇区发生故障之前的平均时间)),我想将其挂载为只读。

据说内核以 ro 身份启动。至少,结果cat /proc/cmdline以“ro ...”开头。

我已设置/etc/fstab为只读挂载:

UUID=4addd4a7-97f6-4399-89e4-6d3728bd2979 /     ext4    defaults,noatime,ro        1 1
UUID=21a81149-6534-4313-8696-e203896d5881 /boot ext4    defaults,noatime,ro        1 2
UUID=D64B-DD9C          /boot/efi               vfat    noatime,ro,umask=0077,shortname=winnt 0 0
tmpfs                   /dev/shm                tmpfs   defaults        0 0
devpts                  /dev/pts                devpts  gid=5,mode=620  0 0
sysfs                   /sys                    sysfs   defaults        0 0
proc                    /proc                   proc    defaults        0 0
tmpfs                   /var/log                tmpfs   defaults        0 0

当我运行时,我发现遵循了mount中的规范。/etc/fstab尽管如此,我仍然可以修改文件并写入新文件。正在运行挂载可写的进一步证据lsof(根据这个帖子)。结果显示有一些文件打开用于写入,大部分位于 /home 上。 (为了达到这个目的,我必须安装/var/logtmpfs。)

这是 CentOS 6.8 中的错误吗?有解决方法吗?

答案1

我记得在某个地方读过,可能是在手册页中,有一种错误,这意味着要使设备只读,您还必须重新安装设备。

mount -o remount,ro ...

尝试在 fstab 中的其他条目之后添加重新挂载,可以在 fstab 中为 ps mount 提供文件系统“none”。

更新:

我找到了相关的 man 条目;

   mount(8) since v2.27 allows to change the mount options by passing the relevant options along with --bind.  For example:

          mount --bind,ro foo foo

   This feature is not supported by the Linux kernel; it is implemented in userspace by an additional mount(2) remounting syscall.  This solution is not atomic.

   The alternative (classic) way to create a read-only bind mount is to use the remount operation, for example:

          mount --bind olddir newdir
          mount -o remount,ro,bind olddir newdir

   Note that a read-only bind will create a read-only mountpoint (VFS entry), but the original filesystem superblock will  still  be  writable,  meaning  that  the  olddir  will  be
   writable, but the newdir will be read-only.

   It's impossible to change mount options recursively (for example with -o rbind,ro).

基于此,您可以尝试使用 fstab 选项;

default,rbind,ro

如果失败,请添加一个条目以重新安装。

更新2(man 8 mount / man 8 mount blockdev);

   -r, --read-only
          Mount the filesystem read-only.  A synonym is -o ro.

          Note  that,  depending  on the filesystem type, state and kernel behavior, the system may still write to the device.  For example, ext3 and ext4 will replay the journal if
          the filesystem is dirty.  To prevent this kind of write access, you may want to mount an ext3 or ext4 filesystem with the ro,noload mount options or set the  block  device
          itself to read-only mode, see the blockdev(8) command.

这意味着您可以选择:

ro,noload

或使用;

blockdev --setro /dev/...

相关内容