Setting Up FreeBSD for Read-Only Booting

Nate Lawson (2/25/03)

Booting and mounting all filesystems read-only removes the need to fsck(8) if your system crashes or to allow use in an embedded environment where systems are powered down without shutdown(8).

The following changes were made to boot FreeBSD 4.5-RELEASE read-only but the general principles apply to any version. You want to disable any programs that have to write to the filesystem and provide a memory-backed filesystem for the one area that does need to be written (/var/run). You could also make all of /var an md(4) filesystem but this is not necessary unless you want to run syslogd(8), sendmail(8), etc.

  1. To disable programs which write to the disk, add the following to your /etc/rc.conf:
    # Disable various services that try to write to the filesystem
  2. Edit your /etc/fstab and change all the filesystems (/, /usr) from rw to ro in the options field. For example:
    # Device	Mountpoint	FStype	Options		Dump	Pass#
    /dev/ad0s4a	/		ufs	ro		1	1
    /dev/ad0s4e	/usr		ufs	ro		2	2
  3. Create an md(4) filesystem on boot (default size 10MB) and disable changing permissions on ttys as this requires a writable /dev. If the patch does not work, manually add the md stuff right after rc attempts to mount everything.

    Add this patch to your /etc/rc:

    --- rc.orig	Fri Mar 14 11:46:12 2003
    +++ rc	Fri Mar 14 11:47:46 2003
    @@ -225,6 +225,12 @@
    +echo 'Building /var/run memory filesystem'
    +disklabel -r -w md0 auto && \
    +	newfs /dev/md0c > /dev/null && \
    +	mount /dev/md0c /var/run && \
    +	chmod 755 /var/run
     adjkerntz -i
     purgedir() {
    @@ -337,11 +343,11 @@
     # Whack the pty perms back into shape.
    -if ls /dev/tty[pqrsPQRS]* > /dev/null 2>&1; then
    -	chflags 0 /dev/tty[pqrsPQRS]*
    -	chmod 666 /dev/tty[pqrsPQRS]*
    -	chown root:wheel /dev/tty[pqrsPQRS]*
    +#if ls /dev/tty[pqrsPQRS]* > /dev/null 2>&1; then
    +#	chflags 0 /dev/tty[pqrsPQRS]*
    +#	chmod 666 /dev/tty[pqrsPQRS]*
    +#	chown root:wheel /dev/tty[pqrsPQRS]*
     # Clean up left-over files