The /data File System Layout¶
Important
ALL files related to the end product application must be located in /data.
Production Layout¶
The Big Picture¶
/data is the only writeable filesystem on the G3 module that is persistent.
As such, Reach Technology has used the Linux Filesystem Standard as a model to
provide a recognizable structure to /data.
Directory |
Contents |
|---|---|
bin |
End Product Application executables and scripts. |
etc |
System and End Product Application configuration data. |
lib |
End Product Application shared libraries. |
lost+found |
Recovered bits of corrupted files are found here. |
mender |
Mender safely applies updates to the system. |
sbin |
End Product Application management, configuration and diagnostic tools. |
share |
End Product Application data files. |
share/audio |
End Product Application sound files. |
share/fonts |
End Product Application font files. |
share/pixmaps2 |
End Product Application image files. |
share/video |
End Product Application video files. |
u-boot |
Boot loader configuration. Also contains the |
var |
Various system state files accessed via /var. |
var/tmp |
End Product Application temporary files and Unix Domain Socket endpoints. |
Footnotes:
System Configuration Files¶
Linux desktop systems and servers place most configuration files in or under
/etc. Generally, these need to be writeable during the product development
process; however, they usually do not need modification once the product is
deployed. Because the G3 module is a field deployed embedded Linux system, it’s
critical that the configuration files are not vulnerable to accidental or malicious
modification that could leave the deployed product non-functional.
The G3 module is field upgradeable either via over the air updates or local updates deployed on a USB flash drive. As mentioned above, the root filesystem is mounted read-only. This is one measure to prevent accidental updates of system configuration files that could leave the end product in an unuseable state. For a more detailed discussion of the upgrade capability, see the embedded image upgrade section.
The OverlayFS filesystem mount discussed here gives us the best of both worlds. There is an absolutely immutable copy of the original configuration file in the “lowerdir”; i.e. the actual /etc in the rootfs partition. Changes to the file show up as a new file of the same name in /data/etc which takes precedence if it exists.
So, the original configuration file can not be truly deleted unless:
The overlay is unmounted (non-trivial, but doable under controlled circumstances).
The rootfs is remounted read-write.
Now, it is still possible to maliciously obsure a configuration file by writing something new that ends up in /data/etc; this requires root level access.
Important
This is one reason why the end product application should never be run as root!!!
You should, of course, also set a non-trivial root password.
For additional system security, you can implement a cron job that periodically examines /data/etc and compares the contents (e.g. SHA256 sums) against a master list and zorches anything that doesn’t match.
Pre-Production Layout¶
Warning
This description matches the old layout of /data. There are significant
differences from the production embedded software release to support the read-only
rootfs. See the discussion of the production layout above!!!
This information is retained for historical purposes only.
The /data directory on the G3 module is where the end product application and associated data that you create
is stored.
Note
In the developer VM, the equivalent /data directory also exists. It is exported
by the VM using NFS so it can be mounted on the development host to enable easy copying
of data and executable code between the host and the VM.
The G3 module /data directory currently contains 4 sub-directories, described in the table
below.
Directory |
Contents |
|---|---|
app |
Directory for applications and data. |
lost+found |
Recovered bits of corrupted files are found here. |
mender |
Mender safely applies updates to the system. |
u-boot |
Boot loader configuration. Also contains the |
The file splash.bmp that is displayed while the Linux init system is starting up services. Change this to whatever you wish for end product branding3.
Footnotes:
- 3
Image must be in 24-bit BMP format.