Forgetful systems with overlayroot

February 17 2015

Not too long ago I needed to make a laptop resilient to ungraceful shutdowns. This meant that at some point the file system needed to become read-only, because I did not want to depend on journaling and filesystem checks to recover from power failures. To surprise, there weren’t many ways to do this - I could:

  • boot to RAM
  • use a modified livesystem disk image
  • make root read-only
  • use a linux distribution that supports this (e.g. Puppy linux)

Unfortunately implementing these using Ubuntu seemed tedious and Puppy linux was unable to support the software (Skype) I needed.

That’s when using a unification file system occurred to me and a google search quickly brought up this article by Dustin Kirkland.

Overlayroot is a package that was initially created to support encryption on cloud instances using dm-crypt, however it can use any file system as an overlay. Including tmpfs (memory).

Installation

Setup is rather trivial:

$ sudo apt-get install overlayroot

After installing the package, the file /etc/overlayroot.conf needs to be modified, adding the line to the end:

overlayroot=”tmpfs”

This makes the root file system on disk read-only (accessible at /mnt/root-rw) and all writes are redirected to tmpfs, i.e. memory. This means, however, that the amount of RAM limits the writable size of the overlayed root filesystem (the amount of available disk space is limited to half of available memory), but for my needs (short sessions between reboots, not much disk activity) this was ideal.

Reverting

If for any reason you need to make root writable again, a reboot is not necessarily required. Running:

$ sudo overlayroot-chroot

will chroot you to the writable root, so you can perform system updates (or disable overlayroot completely).

Other uses

Even though overlayroot was created with the primary goal of securing cloud instances, I feel that many more uses will come up. With the introduction of Ubuntu core and the use of ubuntu on embedded devices, many of which may have less than reliable power sources, overlayroot seems like an ideal way to lock-down a disk image once the system is configured.

Another raison d’être for overlaying the root file system are embeddable devices using SD cards as primary storage. Since the cards have a limited write-cycle resource, redirecting writes to memory may be a way around this.

The only problem that might hinder this is using overlayroot with a memory overlay on memory-limited systems for long stretches of time. As writes acuumulate, the overlay may fill up and require a system reboot.