5

My system runs Debian Testing, and / is generally mounted as read-only.

The main problem with this is, every time I install something or update the system, I cannot remount the filesystem (I get the error: mount: / is busy) as read-only again.

Used command:mount -o remount,ro /dev/mapper/sda9_crypt /

I have searched for processes and file-locks (with lsof/fuser), but I have no idea what I have to specifically search for.

I do not want to reset the system after an update, just to be able to get it remounted read-only. Therefore, I look for the key processes that I need to kill to make this possible.

Gilles 'SO- stop being evil'
  • 829,060
Jeff
  • 51

2 Answers2

1

In the output of lsof /, in addition to files opened for writing (w suffix in the FD column), look for files marked (deleted). Files outside /var, /tmp (and /run, etc.) and home directories usually don't remain open for writing for a long time. But after an upgrade of some software, there may be some executable, library or data file that's still in use (open for reading or executing) by a running process that was started before the upgrade.

When a file is deleted but still open, that actually only removes its directory entry. The file itself is only deleted when it has no directory entry and it isn't open. That last part of deletion can't happen on a filesystem that's mounted read-only, so such a half-deleted file prevents remounting the filesystem as read-only just like a file open for writing does.

Gilles 'SO- stop being evil'
  • 829,060
  • I think there is a misunderstanding. The volume is always remounted as read-write before something is changed. Only then remount read-only done the works no longer. The output of "lsof / | grep deleted", shows nothing, but i still cant remount read-only. It probably seems better simply restart, or? Thanks. – Jeff Mar 09 '16 at 15:24
  • @Jeff I don't understand what misunderstanding you're referring to. I am describing the scenario where the volume is remounted read-write before changing something and afterwards remounting as read-only doesn't work. Files open for writing, and files that are deleted but still open, are the most common things that prevent remounting as read-only. If it's neither (you ran lsof as root, right?), there are other reasons that are hard to investigate (e.g. a loop mount), but they're rare, I can't think of something that would typically happen during a software upgrade. – Gilles 'SO- stop being evil' Mar 09 '16 at 17:25
1

We can parse the output of lsof and filter to processes with writable file descriptors on the device. On my system, the FD is the 4th column, and it's suffixed with w or u for files opened for writing or read+write respectively:

lsof +f -- / | awk '$4 == "FD" || $4 ~ /[0-9][wu]$/'

The $4 == "FD" test is there just to pass the column headers through unmolested.

This will need adapting for your particular lsof implementation; there might be value in reading the Output for other programs section of the lsof manual page if you need a more portable solution.

Toby Speight
  • 8,678