Bugzilla will be upgraded to version 5.0 on a still to be determined date in the near future. The original upgrade date has been delayed.
First Last Prev Next    This bug is not in your last search results.
Bug 1444018 - Stateless: READONLY=yes does not work on RHEL 7
Stateless: READONLY=yes does not work on RHEL 7
Status: CLOSED CANTFIX
Product: Red Hat Enterprise Linux 7
Classification: Red Hat
Component: initscripts (Show other bugs)
7.4
All Linux
medium Severity medium
: rc
: ---
Assigned To: David Kaspar [Dee'Kej]
qe-baseos-daemons
Marek Suchanek
:
Depends On: 1268349
Blocks: 1465901 1472751 1549617 1549689
  Show dependency treegraph
 
Reported: 2017-04-20 08:41 EDT by Frantisek Sumsal
Modified: 2018-05-14 06:43 EDT (History)
2 users (show)

See Also:
Fixed In Version:
Doc Type: Known Issue
Doc Text:
The "READONLY=yes" option is not sufficient to configure a read-only system In Red Hat Enterprise Linux 6, the "READONLY=yes" option in the `/etc/sysconfig/readonly-root` file was used to configure a read-only system partition. In Red Hat Enterprise Linux 7, the option is no longer sufficient, because *systemd* uses a new approach to mounting the system partition. To configure a read-only system in Red Hat Enterprise Linux 7: * Set the "READONLY=yes" option in `/etc/sysconfig/readonly-root`. * Add the "ro" option to the root mount point in the `/etc/fstab` file.
Story Points: ---
Clone Of:
Environment:
Last Closed: 2018-05-10 11:32:29 EDT
Type: Bug
Regression: ---
Mount Type: ---
Documentation: ---
CRM:
Verified Versions:
Category: ---
oVirt Team: ---
RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: ---

Attachments (Terms of Use)
Add an attachment (proposed patch, testcase, etc.)

  None (edit)
Description Frantisek Sumsal 2017-04-20 08:41:01 EDT 
Description of problem:
Setting READONLY to 'yes' in /etc/sysconfig/readonly-root does not work on RHEL 7 - root file system is mounted as read-write after reboot. After discussion with systemd devels we came to conclusion that this is caused by missing drop-in files for affected mounts, as they are handled by systemd in RHEL 7.

Version-Release number of selected component (if applicable):
initscripts-9.49.37-1.el7

How reproducible:
always

Steps to Reproduce:
# sed -i'' -re 's/(READONLY=).*/\1yes/' /etc/sysconfig/readonly-root
# reboot
# grep READONLY= /etc/sysconfig/readonly-root
# grep " / " /proc/mounts
# touch /test

Actual results:
# grep READONLY= /etc/sysconfig/readonly-root 
READONLY=yes
# grep " / " /proc/mounts
rootfs / rootfs rw 0 0
/dev/mapper/VolGroup00-LogVol00 / ext4 rw,seclabel,relatime,data=ordered 0 0
# touch /test
# echo $?
0

Expected results:
## Example from RHEL 6.9
# grep READONLY= /etc/sysconfig/readonly-root
READONLY=yes
# grep " / " /proc/mounts
rootfs / rootfs rw 0 0
/dev/vda1 / ext4 ro,seclabel,relatime,barrier=1,data=ordered 0 0
# touch /test
touch: cannot touch `/test': Read-only file system
Comment 5 David Kaspar [Dee'Kej] 2018-05-10 11:32:29 EDT 
We have discussed this issue thoroughly with both Lukas & Michal, and come to a conclusion it's not possible to fix this issue in any sane way.

Turned out the drop-ins for this issue won't work. It would require a quite huge change to systemd, which wouldn't be accepted by upstream. And we definitely do not want to keep such a change donwstream only...

The simplest workaround is for user to READONLY=yes in /etc/sysconfig/readonly-root, and to manually append the 'ro' to mount options of '/' mount point in /etc/fstab.

Therefore, I'm closing thsi as CANTFIX, and I will request a KB article / documentation change for this.

https://github.com/fedora-sysv/initscripts/pull/190
Comment 6 Marek Suchanek 2018-05-11 12:07:37 EDT 
Hello David,

I've edited your draft doc text for the 7.5 Release Notes. Can you please review my description and let me know if any changes are necessary?

Thanks,
Marek
Comment 7 David Kaspar [Dee'Kej] 2018-05-14 06:43:25 EDT 
(In reply to Marek Suchanek from comment #6)
> Hello David,
> 
> I've edited your draft doc text for the 7.5 Release Notes. Can you please
> review my description and let me know if any changes are necessary?
> 
> Thanks,
> Marek

Looks good to me. :)
Note You need to log in before you can comment on or make changes to this bug.
First Last Prev Next    This bug is not in your last search results.