Last active March 28, 2020 06:47
Mount raspberry pi filesystems as readonly

Setup Raspberry Pi with read-only root and /boot filesystems

Thanks to

Tested successfully on:

$ lsb_release -a
No LSB modules are available.
Distributor ID:	Debian
Description:	Debian GNU/Linux 7.11 (wheezy)
Release:	7.11
Codename:	wheezy


Distributor ID:	Raspbian
Description:	Raspbian GNU/Linux 8.0 (jessie)
Release:	8.0
Codename:	jessie

Create remount scripts

Create /bin/remount_readwrite with:

mount -o remount,rw /

Create /bin/remount_readonly with:

mount -o remount,ro /

Make them executable:

chmod +x /bin/remount_read*

Replace syslog with busybox

sudo apt-get install busybox-syslogd && sudo apt-get remove --purge rsyslog

(now view logs with logread command)

Disable swap AND set readonly

Edit /boot/cmdline.txt and append fastboot noswap ro, for example:

dwc_otg.lpm_enable=0 console=ttyAMA0,115200 console=tty1 root=/dev/mmcblk0p2 rootfstype=ext4 elevator=deadline rootwait fastboot noswap ro

Move some /var/ run files into /tmp

rm -rf /var/lib/dhcp/ && ln -s /tmp /var/lib/dhcp
rm -rf /var/run && ln -s /tmp /var/run
rm -rf /var/spool && ln -s /tmp /var/spool
rm -rf /var/lock && ln -s /tmp /var/lock
rm -rf /etc/resolv.conf && ln -s /tmp/dhcpcd.resolv.conf /etc/resolv.conf

touch /tmp/dhcpcd.resolv.conf;

Move random-seed into tmpfs

??? TODO ???

rm /var/lib/systemd/random-seed && ln -s /tmp/random-seed /var/lib/systemd/random-seed

Fix Supervisor [optional]

Add mkdir -p $LOGDIR to /etc/init.d/supervisor:

case "$1" in
        echo -n "Starting $DESC: "

        mkdir -p $LOGDIR

Fix Samba [optional]

Copy existing Samba /var/lib directory

cp -R /var/lib/samba /var/lib/samba_real

Replace directories with symlinks into /tmp

sudo rm -rf /var/lib/samba && sudo ln -s /tmp/samba/lib-samba /var/lib/samba
sudo rm -r /var/cache/samba && sudo ln -s /tmp/samba/cache-samba /var/cache/samba
sudo rm -r /var/log/samba && sudo ln -s /tmp/samba/log-samba /var/log/samba

Create Samba fixing script

Create /etc/init.d/ with the following:


# this copies the samba folder from our home folder to the temporary fs on bootup and creates
# necessary folders for samba to work with on the temporary fs

mkdir /tmp/samba
cp -R /var/lib/samba_real /tmp/samba/lib-samba
mkdir /tmp/samba/cache-samba
mkdir /tmp/samba/log-samba
sudo ln -s /tmp/samba/log-samba /var/log/samba

Then make it run on startup:

sudo chmod 755 /etc/init.d/
sudo /etc/init.d/
sudo update-rc.d defaults

Move NTP driftfile into tmpfs

Edit /etc/ntp.conf and set the following

driftfile /var/lib/ntp/ntp.drift

Allow fake-hwclock to write to disk periodically

Modify /etc/cron.hourly/fake_hwclock with:


if (command -v fake-hwclock >/dev/null 2>&1) ; then
  fake-hwclock save

Enable automatic updates to use read-write mode

Create the file /etc/apt/apt.conf.d/50remount-readonly with the following:

# /etc/apt/apt.conf.d/50remount-readonly

DPkg::Pre-Invoke { '/bin/remount_readwrite'; };
DPkg::Post-Invoke { '/bin/remount_readonly'; };

Edit fstab

Add ro option and add tmpfs drives:

/dev/mmcblk0p1  /boot           vfat    defaults,ro          0       2
/dev/mmcblk0p2  /               ext4    defaults,noatime,ro  0       1

tmpfs           /tmp            tmpfs   nosuid,nodev         0       0
tmpfs           /var/log        tmpfs   nosuid,nodev         0       0
tmpfs           /var/tmp        tmpfs   nosuid,nodev         0       0
i have moved the sqlite db to usb but will this procedure work with rasbian desktop?

