You are not logged in.

#1 2022-11-14 20:15:37

AlecLarsen
Member
Registered: 2022-11-14
Posts: 2

Is `chattr +i /boot` a bad idea?

Howdy all,

I am new to the forum, so I apologize in advance if this is not the right place to ask this question. smile

Recently, I broke my Arch install by upgrading while my `/boot` partition was unmounted. The result was an old kernel (on the `/boot` partition) trying to boot with the new modules (on `/`).

Setting aside why it was unmounted in the first place (I think I accidentally unmounted it in the Gnome Disks utility while trying to work with a USB drive), I think it should be possible to protect myself from this sort thing happening again by marking the mount point immutable with `chattr +i /boot` (since that would cause the update to fail when rebuilding the initramfs).

So, in a nutshell, I guess my question is: Is this a bad idea?

Thanks for your help!

-- Alec

Last edited by AlecLarsen (2022-11-14 20:19:10)

Offline

#2 2022-11-14 20:28:19

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 9,003
Website

Re: Is `chattr +i /boot` a bad idea?

AlecLarsen wrote:

Is this a bad idea?

Yes. Absolutely terrible.

EDIT: removed untested advice.

Last edited by Head_on_a_Stick (2022-11-14 20:41:17)


Jin, Jîyan, Azadî

Offline

#3 2022-11-14 20:59:53

AlecLarsen
Member
Registered: 2022-11-14
Posts: 2

Re: Is `chattr +i /boot` a bad idea?

Head_on_a_Stick wrote:

Yes. Absolutely terrible.

Thank you for the prompt reply! So I can understand better, are you willing to explain (or point me to some resource showing) why this is a bad idea?

EDIT: minor phrasing change

Last edited by AlecLarsen (2022-11-14 21:04:59)

Offline

#4 2022-11-14 21:06:37

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 9,003
Website

Re: Is `chattr +i /boot` a bad idea?

Using chattr just seems like a horrible hack. And I know all about those :-)

I think I have a better idea but I have to test it first. Back in a bit...

EDIT: my idea didn't work. Sorry for the noise.

Last edited by Head_on_a_Stick (2022-11-14 21:30:04)


Jin, Jîyan, Azadî

Offline

#5 2022-11-14 21:25:58

seth
Member
From: Won't reply 2 private help req
Registered: 2012-09-03
Posts: 76,427

Re: Is `chattr +i /boot` a bad idea?

A failure *during* the update is most likely cause you some trouble.
https://bbs.archlinux.org/viewtopic.php?id=234607

Offline

#6 2022-11-15 07:28:09

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 9,003
Website

Re: Is `chattr +i /boot` a bad idea?

I'm back! big_smile

My idea does actually work, which is nice.

So remove the /boot line from /etc/fstab and instead create two files:

/etc/systemd/system/boot.mount

[Unit]
Description=/boot partition

[Mount]
What=UUID=$uuid
Where=/boot
Type=vfat

(Replace $uuid with the actual filesystem UUID for the /boot partition.)

/etc/systemd/system/boot.automount

[Unit]
Description=Automount /boot partition

[Automount]
Where=/boot
TimeoutIdleSec=120

[Install]
WantedBy=multi-user.target

(TimeoutIdleSec is optional, omit it if you want /boot to be permanently mounted.)

Then enable the automount:

# systemctl enable boot.automount

Upon reboot check the output of `findmnt` to confirm /boot is controlled by systemd-1 using autofs.

Automounting will ensure the parition is mounted during updates and it will also automatically remount if the partition has been manually un-mounted. The only caveat is that the automount will be removed if umount is called when the partition isn't actually mounted.


Jin, Jîyan, Azadî

Offline

#7 2022-11-15 08:23:50

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 25,261

Re: Is `chattr +i /boot` a bad idea?

If you're going to do automounts you can easily do them in your fstab as well: https://wiki.archlinux.org/title/Fstab# … th_systemd

The more generally relevant question, why do you even have /boot unmounted in the first place? If you have an actual valid reason for it then you do not want an automount, since that would likely negate your reasoning.

Offline

#8 2022-11-15 08:36:50

Head_on_a_Stick
Member
From: The Wirral
Registered: 2014-02-20
Posts: 9,003
Website

Re: Is `chattr +i /boot` a bad idea?

V1del wrote:

why do you even have /boot unmounted in the first place?

OP wrote:

I think I accidentally unmounted it in the Gnome Disks utility while trying to work with a USB drive

So I think the intention is to prevent problems after accidental un-mounting.


Jin, Jîyan, Azadî

Offline

#9 2022-11-15 08:37:57

V1del
Forum Moderator
Registered: 2012-10-16
Posts: 25,261

Re: Is `chattr +i /boot` a bad idea?

If that's all there is to it, then automounts will indeed fix this properly.

Offline

#10 2022-11-15 09:32:06

frostschutz
Member
Registered: 2013-11-15
Posts: 1,647

Re: Is `chattr +i /boot` a bad idea?

I like using chattr +i for mount points (not just /boot but in general). Sure, it's a hack, but I'm fine with that. Before making it immutable, I also put an empty file like NOT_MOUNTED so it's obvious at a glance.

My /boot is an USB stick so it might not be plugged in at all. Also I'm using LVM, with separate LVs, so rather than one big filesystem for everything, my filesystems are small and don't have too much free space in them. A backup task running onto the wrong location would quickly run out of space, and then everything else starts failing too. Making the mountpoint immutable simply forces you to add proper checks in your backup scripts and the like.

And programs that don't check at least give an error rather than doing the wrong thing successfully.

Of course the downside is that you lose the file the program wanted to create for you. Some would rather keep the file, even if it's in the wrong location. But since mountpoints usually also lack user permissions, it would fail for anyone but root anyway. So I don't see it as a problem.

Offline

Board footer

Powered by FluxBB