stateless linux, and read-only root

Bill Nottingham notting at redhat.com
Mon Mar 27 20:26:19 UTC 2006


For FC6 we're looking at bringing forward and integrating some of the
Stateless Linux work. More detail will be up at:

 http://fedoraproject.org/wiki/StatelessLinux

although probably not for a couple of days.

One of the main tenets of this is that the system filesystems should
be able to run read-only; there's no reason for apps to be writing
to the system filesystem in general use. However, tracking this
can be difficult; you don't want to force everyone to run read-only
just to get data on their workloads.

So, what we've worked on is a way to simply log what apps are writing
to (or trying to write to) the system filesystems. This is now
available at:

  http://people.redhat.com/notting/rolo/

A readme for this is attached. Basically, we're interested in getting
logs from a variety of workloads, ranging from basic desktop to server;
with this information, we can make sure that a readonly root scenario
works for the majority of use cases that someone might want.

Right now, reports can go to this list, in this thread or similar.
If we need to set up a separate mechanism for recieving them, we
can.

Bill
-------------- next part --------------
rolo - logging of apps for read-only root
-----------------------------------------

The idea of rolo is to log applications that try to write to the system
filesystems; these are applications that may fail if they attempt to
run on a system with read-only root.

REQUIREMENTS

rolo uses either the audit layer or systemtap.

  audit requirements: audit, audit daemon service (auditd) enabled

  systemtap requirements: systemtap, kernel-devel, kernel-debuginfo

The method that rolo uses is configurable via /etc/sysconfig/rolo.

HOW TO USE

Install the rolo packages, and the prerequisites for your backend
of choice.

  /sbin/rolo start
      Starts logging
  
  /sbin/rolo stop
      Stops logging
      
  /sbin/rolo report
      Reports what has currently been logged.

  /sbin/rolo build
      Builds the module for systemtap usage. 'start' will attempt
      to do this automatically if it's required.

  You can also boot with 'init=/sbin/rolo-init' to start the logging
  on bootup.

EXCEPTIONS

rolo comes with a list of paths to ignore attempts to write to (such
as /tmp, or /proc). This list is configurable via /etc/rolo/exceptions.


NOTES

To avoid excess noise, rolo should be stopped before running package
update tools, such as pup, pirut, or yum.

 SystemTap specific:

   SystemTap buffers events before writing them; you may need to run
   'rolo stop' before running 'rolo report' to get a full report.
   
   The SystemTap backend filters while running as well as when
   reporting; if you remove exceptions, you will need to rebuild
   the module with 'rolo build'.
   
   The SystemTap backend logs to a tmpfs file; this will use
   memory as time goes on.
   
 Audit specific:

   To use the audit backend on bootup (via rolo-init), you will need
   to remove the '-D' rule from /etc/audit.rules.

   The audit backend logs every usage of the open() syscall; this will
   cause the audit logs to become fairly large.



More information about the fedora-devel-list mailing list