Unionfs

Table of Contents

unionfs short demo 

unionfs short demo 

Subject: Brittle init.d scripts - tmpfs ramfs
Newsgroups: gmane.linux.distributions.grml.user
Date: Sun, 28 Jan 2007 23:18:51 +0100
> Here's what we want: small system directories causing frequent disk access
> and opening security risks mounted in RAM.

Try unionfs. Here's a short demo (a 5 minutes hack, I hope I did not overlook something):

What we want? Everything logged to /var/log should be written into a tmpfs mounted on /tmp/tmpfs.

Step 1: Let's log string "unionfs-test" to syslog for further investigation and make sure we don't have any file handles left:

# logger unionfs-test
# Stop syslog-ng
Stopping system logging: syslog-ng.
# tail -3 /var/log/syslog
Jan 28 22:51:10 funkenzutzler logger: unionfs-test
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: SIGTERM received, terminating;
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'

Step 2: Now set up tmpfs and unionfs:

# mkdir /tmp/tmpfs
# mount -t tmpfs -o size=20% none /tmp/tmpfs
# modprobe unionfs
# mount -t unionfs -o dirs=/tmp/tmpfs:/var/log=ro none /var/log

Step 3: Now let's start syslog-ng and log string "unionfs running":

# Start syslog-ng
Starting system logging: syslog-ng.
# logger unionfs running
# tail -1 /var/log/syslog
Jan 28 22:52:20 funkenzutzler logger: unionfs running

Ok, logging was successfull, but is content of original /var/log still present?

# ls -la /var/log | tail -5
-rw-rw-r--  1 root   utmp       902016 2007-01-28 13:40 wtmp
drwxr-s---  2 root   adm          4096 2006-09-03 13:28 xen/
-rw-r--r--  1 root   root            0 2006-05-09 08:10 xfs.log
-rw-rw-r--  1 root   root       616086 2007-01-28 20:46 Xorg.0.log
-rw-r--r--  1 root   root       575769 2007-01-15 17:30 Xorg.0.log.old

Yes, sir - that's why we call it overlay. :) But what's inside /tmp/tmpfs now?

# ls -la /tmp/tmpfs total 15792 drwxrwxrwt 2 root root 100 2007-01-28 23:06 ./ drwxrwxrwt 26 root root 12288 2007-01-28 23:06 ../ -rw-r----- 1 root adm 3927493 2007-01-28 23:06 messages -rw-r----- 1 root adm 12082844 2007-01-28 23:06 syslog -rw-r----- 1 root adm 113031 2007-01-28 23:06 user.log

Ah, only the stuff changed in /var/log went to our tmpfs, nice. Now let's umount tmpfs and unionfs:

# umount -l /var/log ; umount -l /tmp/tmpfs
# tail -1 /var/log/syslog
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'

Huh - where is our 'unionfs running' in syslog? :) Let's double-check:

# Restart syslog-ng
Stopping system logging: syslog-ng.
Starting system logging: syslog-ng.
# logger unions not present
# tail -5 /var/log/syslog
Jan 28 22:51:10 funkenzutzler logger: unionfs-test
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: SIGTERM received, terminating;
Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'
Jan 28 22:52:59 funkenzutzler syslog-ng[16218]: syslog-ng starting up; version='2.0rc3'
Jan 28 22:53:27 funkenzutzler logger: unions not present

Right - all changes during use of the unionfs overlay were written to tmpfs instead of /var/log on harddisk. Cute, nor? :)

mika


SourceForge.net LogoXpt.SourceForge.netCreative Commons Attribution-ShareAlike License Del.icio.us digg FURL blinklist reddit Feed Me Links Technorati Stumble Upon Google Bookmarks Yahoo My Web Newsvine Socializer Ma.gnolia RawSugar Squidoo Spurl BlinkBits Netvouz Rojo Blogmarks Shadows Simpy Co.mments Scuttle Bloglines Tailrank Wists FARK smarking Segnalo
Single file version available here.
Last updated on 2008-06-28.
To discuss, comment here.