[j-nsp] some bugs to avoid

Wed May 18 03:24:53 EDT 2011

Yes, but the system mountes them from root so if we have corrupted root, 
the system will not boot.

On 18.05.2011 1:09, Stacy W. Smith wrote:
> That's probably not worth the hassle. The operating system is already mounted as a set of read-only memory-disk file systems from ISO images embedded within the install package. In addition, the verified-exec functionality will only allow Juniper-signed binaries to be executed.
>
> --Stacy
>
>
> lab at mxC-1>  show system storage
> Filesystem              Size       Used      Avail  Capacity   Mounted on
> /dev/da0s1a             885M       141M       673M       17%  /
> devfs                   1.0K       1.0K         0B      100%  /dev
> /dev/md0                 43M        43M         0B      100%  /packages/mnt/jbase
> /dev/md1                231M       231M         0B      100%  /packages/mnt/jkernel-ppc-10.3R1.9
> /dev/md2                 15M        15M         0B      100%  /packages/mnt/jpfe-MX80-10.3R1.9
> /dev/md3                6.4M       6.4M         0B      100%  /packages/mnt/jdocs-10.3R1.9
> /dev/md4                 72M        72M         0B      100%  /packages/mnt/jroute-ppc-10.3R1.9
> /dev/md5                 18M        18M         0B      100%  /packages/mnt/jcrypto-ppc-10.3R1.9
> /dev/md6                2.8G       8.0K       2.6G        0%  /tmp
> /dev/md7                2.8G       4.3M       2.6G        0%  /mfs
> /dev/da0s1e              98M        14K        90M        0%  /config
> procfs                  4.0K       4.0K         0B      100%  /proc
> /dev/da1s1f             2.8G       279M       2.3G       11%  /var
>
> lab at mxC-1>  start shell
> % mount
> /dev/da0s1a on / (ufs, local, noatime)
> devfs on /dev (devfs, local)
> /dev/md0 on /packages/mnt/jbase (cd9660, local, noatime, read-only, verified)
> /dev/md1 on /packages/mnt/jkernel-ppc-10.3R1.9 (cd9660, local, noatime, read-only, verified)
> /dev/md2 on /packages/mnt/jpfe-MX80-10.3R1.9 (cd9660, local, noatime, read-only)
> /dev/md3 on /packages/mnt/jdocs-10.3R1.9 (cd9660, local, noatime, read-only, verified)
> /dev/md4 on /packages/mnt/jroute-ppc-10.3R1.9 (cd9660, local, noatime, read-only, verified)
> /dev/md5 on /packages/mnt/jcrypto-ppc-10.3R1.9 (cd9660, local, noatime, read-only, verified)
> /dev/md6 on /tmp (ufs, local, noatime, soft-updates)
> /dev/md7 on /mfs (ufs, local, noatime, soft-updates)
> /dev/da0s1e on /config (ufs, local, noatime)
> procfs on /proc (procfs, local, noatime)
> /dev/da1s1f on /var (ufs, local, noatime)
>
>
>
>
> On May 17, 2011, at 1:43 PM, Tima Maryin wrote:
>
>> Did anyone try to hack /etc/fstab in order to mount / as read-only?
>>
>> Can it help ?