Read-only RootFS

Preparing

• Build your host

 vserver vs1 build --force -m debootstrap --hostname vs1.localhost -- -d squeeze -m http://ftp.se.debian.org/debian

Modifying

• Modify /etc/vservers/vs1/fstab according to

 /etc/vservers/vs1/vdir	/	ext3	bind,rw,dev	0 0
 none	/proc		proc	defaults		0 0
 none	/tmp		tmpfs	size=16m,mode=1777	0 0
 none	/var/lock		tmpfs	size=16m,mode=1777	0 0
 none	/var/run		tmpfs	size=16m,mode=1777	0 0
 none	/lib/init/rw		tmpfs	size=16m,mode=1777	0 0
 none	/dev/pts	devpts	gid=5,mode=620		0 0
 /writeable_root/vs1	/home/vs1	ext3	bind,dev	0 0

• Add an .oldroot-directory to the installation (vcontext creates this directory, but skips if it already exists)

 mkdir /etc/vservers/vs1/vdir/.oldroot
 chmod 0700 /etc/vservers/vs1/vdir/.oldroot

• Create the folder that holds the log-folder ( If you want to save these. )

 mkdir -p /writeable_root/vs1/log
 mkdir /etc/vservers/vs1/vdir/home/vs1
 rm -rf /etc/vservers/vs1/vdir/var/log
 ln -s ../home/vs1 /etc/vservers/vs1/vdir/var/log

Completing

• Start the vserver and stop it, to make use of the .oldroot.

 vserver vs1 start
 vserver vs1 stop

• If the root is still read-write inside the vserver, add the following to pre-start script

 mkdir /etc/vservers/vs1/scripts
 echo "mount -o bind,remount,ro . ." > /etc/vservers/vs1/scripts/pre-start

• Note that the vserver has to be started read-writeable once. Now that it has been started and stopped, change the 'rw' to 'ro' in fstab.