Move all to /usr
Summary
Provide a way of mounting /usr read-only and share it between multiple hosts to save maintenance and space.
/usr on its own filesystem is useful in custom setups. But instead of the Unix way to (almost randomly) split-off tools from /usr and put them in /, and require more and more tools to move to /, we today just expect /usr to be mounted from inside the initramfs, to be available before 'init' starts. What /bin and /sbin was for Unix is the initramfs for Linux. An initramfs that supports to mount /usr on top of /, before it starts 'init', makes all current setups work properly.
Owner
- Name: Harald Hoyer
- Email: harald@redhat.com
Current status
- Targeted release: Fedora 16
- Targeted release: Fedora 17
- Last updated: (DATE)
- Percentage of completion: 0%
Detailed Description
There is no way to reliably bring up a modern system with an empty /usr, there are two alternatives to fix it: copy /usr back to the rootfs or use an initramfs which can hide the split-off from the system.
Historically /bin, /sbin, /lib had the purpose to contain the utilities to mount /usr. This role can now be taken by the initramfs. Because the initramfs knows, where to find the root partition (which includes /etc), it can parse /etc/fstab and other configuration files and mount /usr before it finally switches the root partition and executes /usr/bin/init. From this point on init mounts the remaining partitions in /etc/fstab and the system starts as usual.
The long-term plan is to clean up the mess and confusion the current split of / vs. /usr has created. All tools will move back to /usr where they belong, and the rootfs will only contain compat-symlinks into /usr. Almost the entire system installed by packages will reside in /usr. This will split all non-host specific data to /usr. /usr can then be seen as the Unix System Resources partition (/System), which defines the base operating system (e.g. F18 or RHEL-7).
This new /usr could be mounted read-only by default, while the rootfs is read-write and contains only empty mount points, compat-symlinks to /usr and the host-specific data like /etc, /root, /srv. Compared to today's setups, the rootfs will be very small. The new /usr could also easily be shared read-only across several systems, and it would contain almost the entire system. Such setups are more efficient, can optionally provide a lot more security, are more flexible, provide more sane options for custom setups, and are much simpler to setup and maintain.
The remaining non-volatile top level directories are host specific:
- /boot - data to boot the machine (bootloader, kernel and initramfs image)
- /var - host specific variable data
- /home - user data
- /root - user data
- /etc - host specific configuration data
- /opt - host specific non-base OS apps
- /srv - host specific contents to be served
In the process of moving /bin and /sbin to /usr/bin, /usr/sbin can be moved also to /usr/bin.
Example F15
This output is from a modified F15 standard installation:
# df -h Filesystem Size Used Avail Use% Mounted on rootfs 2.0G 162M 1.8G 9% / udev 484M 0 484M 0% /dev tmpfs 494M 248K 493M 1% /dev/shm tmpfs 494M 43M 451M 9% /run /dev/sda2 2.0G 162M 1.8G 9% / /dev/sda5 13G 3.3G 8.8G 28% /usr tmpfs 494M 43M 451M 9% /run tmpfs 494M 0 494M 0% /sys/fs/cgroup tmpfs 494M 0 494M 0% /media /dev/sda1 117M 47M 65M 42% /boot
# ls -l / total 66 lrwxrwxrwx 1 root root 7 Jul 7 16:28 bin -> usr/bin dr-xr-xr-x. 5 root root 1024 Jul 4 19:33 boot drwxr-xr-x 16 root root 3480 Jul 11 19:34 dev drwxr-xr-x. 127 root root 12288 Jul 11 19:34 etc drwxr-xr-x. 3 root root 4096 Jul 4 17:33 home lrwxrwxrwx 1 root root 7 Jul 11 17:30 lib -> usr/lib lrwxrwxrwx 1 root root 9 Jul 11 17:23 lib64 -> usr/lib64 drwx------. 2 root root 16384 Jul 4 16:02 lost+found drwxr-xr-x 2 root root 40 Jul 11 19:33 media drwxr-xr-x. 2 root root 4096 May 18 13:33 mnt drwxr-xr-x. 2 root root 4096 May 18 13:33 opt dr-xr-xr-x 116 root root 0 Jul 11 17:33 proc dr-xr-x---. 6 root root 4096 Jul 11 15:58 root drwxr-xr-x 28 root root 1060 Jul 11 19:35 run lrwxrwxrwx 1 root root 7 Jul 7 16:28 sbin -> usr/bin drwxr-xr-x. 2 root root 4096 Jul 4 16:02 selinux drwxr-xr-x. 2 root root 4096 May 18 13:33 srv drwxr-xr-x 13 root root 0 Jul 11 19:33 sys drwxrwxrwt. 14 root root 4096 Jul 11 19:34 tmp drwxr-xr-x. 13 root root 4096 Jul 4 19:55 usr drwxr-xr-x. 18 root root 4096 Jul 4 17:27 var
Benefit to Fedora
Clear separation of operating system and host specific resources. /usr can be read-only and shareable.
Scope
The ability to share /usr is especially useful for clusters and virtual machines. The ability to mount /usr read-only (e.g. on read-only media) adds to the security of the machine.
How To Test
User Experience
- less toplevel directories
Dependencies
- initramfs (dracut)
- changes in selinux policies
- repackaging of packages with content in /bin, /sbin, /lib*
- drop consolehelper to move /usr/sbin/* to /usr/bin
- alternatives symlinks?
- filesystem rpm, toplevel symlinks
Roadmap
Phase 1 ( Fedora 16 ?)
- update rpmlint
- begin changing rpm packages with files in /bin, /sbin, /usr/sbin, /lib, /lib64
- ??? make backward compat symlinks in %post and %ghost those symlinks ?????
- RPM package list:
$ (for i in bin sbin lib lib64 usr/sbin; do yum -C --disablerepo=* --enablerepo=fedora provides "/$i/*"; done) \ |egrep -v '^Filename '|egrep -v '^Repo '|egrep -v 'Matched '|egrep -v '^\s+:' \ |while read a b; do a=${a#[0-9]*:}; echo ${a%%-[0-9]*};done|sort -u
Outputs 1059 rpm packages.
- change selinux policies
- prepare dracut to mount /usr from /etc/fstab
- drop consolehelper to enable the /usr/sbin -> /usr/bin move
Phase 2 ( Fedora 17 )
- change remaining rpm packages
- check, if rpm can cope with old packages, rpm error, if conflicting files due to symlinks
- create symlinks on new installation /bin -> usr/bin, /sbin -> usr/bin, /lib -> usr/lib, /lib64 -> usr/lib64, /usr/sbin -> bin
- might provide an update script
- check if directory is emtpy besides %ghosted symlinks
- remove directory and create symlink
Contingency Plan
- The move of /usr/sbin to /usr/bin can be delayed. /bin -> /usr/bin, /sbin -> /usr/sbin
- ??? make backward compat symlinks in %post and %ghost those symlinks ?????