Subject: Brittle init.d scripts - tmpfs ramfs Newsgroups: gmane.linux.distributions.grml.user Date: Sun, 28 Jan 2007 23:18:51 +0100
Subject: Brittle init.d scripts - tmpfs ramfs Newsgroups: gmane.linux.distributions.grml.user Date: Sun, 28 Jan 2007 23:18:51 +0100
> Here's what we want: small system directories causing frequent disk access > and opening security risks mounted in RAM.
Try unionfs. Here's a short demo (a 5 minutes hack, I hope I did not overlook something):
What we want? Everything logged to /var/log should be written into a tmpfs mounted on /tmp/tmpfs.
Step 1: Let's log string "unionfs-test" to syslog for further investigation and make sure we don't have any file handles left:
# logger unionfs-test # Stop syslog-ng Stopping system logging: syslog-ng. # tail -3 /var/log/syslog Jan 28 22:51:10 funkenzutzler logger: unionfs-test Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: SIGTERM received, terminating; Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'
Step 2: Now set up tmpfs and unionfs:
# mkdir /tmp/tmpfs # mount -t tmpfs -o size=20% none /tmp/tmpfs # modprobe unionfs # mount -t unionfs -o dirs=/tmp/tmpfs:/var/log=ro none /var/log
Step 3: Now let's start syslog-ng and log string "unionfs running":
# Start syslog-ng Starting system logging: syslog-ng. # logger unionfs running # tail -1 /var/log/syslog Jan 28 22:52:20 funkenzutzler logger: unionfs running
Ok, logging was successfull, but is content of original /var/log still present?
# ls -la /var/log | tail -5 -rw-rw-r-- 1 root utmp 902016 2007-01-28 13:40 wtmp drwxr-s--- 2 root adm 4096 2006-09-03 13:28 xen/ -rw-r--r-- 1 root root 0 2006-05-09 08:10 xfs.log -rw-rw-r-- 1 root root 616086 2007-01-28 20:46 Xorg.0.log -rw-r--r-- 1 root root 575769 2007-01-15 17:30 Xorg.0.log.old
Yes, sir - that's why we call it overlay. :) But what's inside /tmp/tmpfs now?
# ls -la /tmp/tmpfs total 15792 drwxrwxrwt 2 root root 100 2007-01-28 23:06 ./ drwxrwxrwt 26 root root 12288 2007-01-28 23:06 ../ -rw-r----- 1 root adm 3927493 2007-01-28 23:06 messages -rw-r----- 1 root adm 12082844 2007-01-28 23:06 syslog -rw-r----- 1 root adm 113031 2007-01-28 23:06 user.log
Ah, only the stuff changed in /var/log went to our tmpfs, nice. Now let's umount tmpfs and unionfs:
# umount -l /var/log ; umount -l /tmp/tmpfs # tail -1 /var/log/syslog Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3'
Huh - where is our 'unionfs running' in syslog? :) Let's double-check:
# Restart syslog-ng Stopping system logging: syslog-ng. Starting system logging: syslog-ng. # logger unions not present # tail -5 /var/log/syslog Jan 28 22:51:10 funkenzutzler logger: unionfs-test Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: SIGTERM received, terminating; Jan 28 22:51:14 funkenzutzler syslog-ng[3139]: syslog-ng shutting down; version='2.0rc3' Jan 28 22:52:59 funkenzutzler syslog-ng[16218]: syslog-ng starting up; version='2.0rc3' Jan 28 22:53:27 funkenzutzler logger: unions not present
Right - all changes during use of the unionfs overlay were written to tmpfs instead of /var/log on harddisk. Cute, nor? :)
mika