Dynamic Root Support For FreeBSD Now Available

Dan writes "FreeBSD's Gordon Tetlow has committed his enhancements to enable users to build /bin and /sbin dynamically linked on FreeBSD. His reason to do this is two-fold. One is to give better support for PAM and NSS in the base system. The second is to save some disk space. Currently (on his x86 box), /bin and /sbin are 32 MB. With a dynamically linked root (and some pruning of some binaries), the /bin, /lib, and /sbin come out to 6.1 MB. This should be great for people with 2.x and 3.x era root partitions that are only about 50 MB. Gordon says that there will be a performance hit associated with this. He did a quick measurement at boot and his boot time (from invocation of /etc/rc to the login prompt) went from 12 seconds with a static root to 15 seconds with a dynamic root."

bad bad bad

[Tirel]

not only will this affect performance, but it will also make it impossible to recover a server if you accidentally delete /usr,

there are less and less reasons to use seperate partitions for root directories, and this is *NOT GOOD*

Re:bad bad bad

[Fweeky]

Er, why? /bin, /sbin and /lib should all be on the same partition, and if you're really screwed, that's what /rescue is for.

Re:bad bad bad

[Nizzt]

Thats why the librarys are in /lib not /usr/lib

Re:bad bad bad

[cperciva]

it will also make it impossible to recover a server if you accidentally delete /usr

No. The libraries used by stuff in /bin and /sbin are being moved into /lib, so everything which is being changed from static to dynamic will still work even if /usr is gone.

Also note that /rescue is still static (and crunched).

Re:bad bad bad

[jkujawa]

The point of static binaries in /bin and /sbin is not only being able to mount /usr of a file server, but also being able to recover if you kill ld.so.

Re:bad bad bad

not only will this affect performance, but it will also make it impossible to recover a server if you accidentally delete /usr,

Only if you do something stupid, like put critical system libs into /usr. The binaries in /bin and /sbin shouldn't rely on anything in /usr, only libraries in /lib.

Re:bad bad bad

Why would you kill ld.so? You might as well argue that statically linked binaries aren't suitable either, because you can accidentally kill the actual executables themselves.

Re:bad bad bad

[ctr2sprt]

It's not good as a default, but it's good as an option. So while I hope FreeBSD installs still come with a static bin+sbin, it's nice to have the option, on a make world, to change the behavior if I decide I need to. It's added flexibility without any added complexity. What more could you want?

Re:bad bad bad

[Arandir]

Screw /usr. I still want to know how to recover the server after I accidentally deleted / last week...

Re:bad bad bad

[shlong]

" not only will this affect performance, but it will also make it impossible to recover a server if you accidentally delete /usr,"

What wasn't mentioned in the write-up is that /rescue contains statically-link versions of the tools that one would need to recover from problems. It might not be able to recover a deleted filesystem, but if you're trouncing careless around like that then there are plenty of other ways to shoot your feet off too.

Re:bad bad bad

[R.Caley]

Screw /usr. I still want to know how to recover the server after I accidentally deleted / last week...

Stick in the fixit cdrom.

You do keep a copy of /etc somewhere don't you?

Re:Linux distro's already do this.

[__past__]

Mostly because very, very few people think that this is a good idea.

Re:25%

This is just an option. The default way is still via static binaries.

This won't change for some time (wheather it will change at all still has to be discussed).

good and bad here

[josepha48]

This is good in the case of people who want to run a system off a cdrom or floppy or flash memory. On a cdrom you don't need to worry about deleteing /usr cause it should be burned into the cdrom. Also any partitions that you need end up in ram / memory disks. /dev is a good example of a ram disk. By having a smaller /bin and /sbin one can suddenly have nice small routers / gateways using freebsd, instead of Linux.

I'd imagine that if NetBSD and OpenBSD don't already have this ability it will be a matter of time as the BSD's share much between each other. Just look at the realpath vulnerability that they all were affected by.

Re:good and bad here

[vesamies]

NetBSD is also using dynamic /bin, /sbin, not sure what OpenBSD is doing. This is not much of an ability since /usr/bin, /usr/sbin have always been dynamic, now everything is dynamic. Well, looks like everyone has all-dynamic system now, which is good.

Re:good and bad here

[MobyTurbo]

I'd imagine that if NetBSD and OpenBSD don't already have this ability it will be a matter of time as the BSD's share much between each other.

NetBSD has had dynamic root (with /rescue, etc.) in -current for months. :-)

Re:good and bad here

[JDizzy]

I'd imagine that if NetBSD and OpenBSD don't already have this ability it will be a matter of time as the BSD's share much between each other.

Silly didn't you know that FreeBSD is stealling this from NetBSD's dynamic world? Well they are. FreeBSD has also taken the idea of a /rescue incase one of the libs that is dynamicly linked by (say init) is damaged. This was also a NetBSD idea. I guess that leaves OpenBSD to make the changes, but they probably think dynamic bins is insecure or some shit because an attacker would simply replace a lib that contains harmfull code-fu.

Re:good and bad here

[Geekboy(Wizard)]

I don't want OpenBSD to have it. What happens if you kill ld.so? You are *FUCKED*. At least now, when I kill it, I can at least use mv to copy back my good copy with static libs. Disk space is cheep, get over it, and make / a bit bigger.

Re:good and bad here

[little_fluffy_clouds]

NetBSD already moved to dynamic root and /rescue earlier this year.

Re:good and bad here

[josepha48]

Its not a requirement that you have it in FreeBSD AFAIK, its an option. Also if you are talking about flash cards / CDROM where you have about 650 Megs limit or older machines that cant handle a bigger disk then this will allow more stuff to be installed or a smaller install. There are people who use 128Meg flash cards to run BSD / Linux from as a firewall.

Not sure how you'd kill ld.so, I'm guessing your talking about rm -rf ld.so. Yeah you'd be screwed, but there is such thing as a rescue CD or upgrading the system.

Re:25%

[__past__]

Or you could just build your 5.x world without the WITH_DYNAMICROOT option.

Not that Dragonfly doesn't look interesting, but, erm, I guess I'll give it some time to mature before I consider it for any critical system. My next update will definitely be to FBSD 5-STABLE.

Re:Linux distro's already do this.

[phoenix_rizzen]

"Because Linux does it" is not always a good reason to do something. Linux developers tend to throw anything and everything they can into the mix. BSD developers tend to watch what others do, research the pros/cons, then develop a plan on how to do it right ... before tackling the coding.

Hence, while Linux distros tend to get things first, BSD tends to get things right. :)

My understanding...

[devphil]

...was that, in earlier *nixes, sbin programs were always statically linked, to avoid problems with requiring /usr, or accidentally damaging the dynamic loader, or still functioning while restoring dynamic libs from tape, etc, etc.

Not necessarily FreeBSD, but just some flavor of Unix. The versions of Digital Unix (under different names) which I teethed on were designed like this.

It's always annoyed me that Linux's [/usr]/sbin was dynamically linked.

Re:My understanding...

[Ezdaloth]

You do know of "/stand", do you ? The utils also on the boot-floppies. Those are still statically linked.

Re:25%

[Marillion]

Not really, The binary is smaller, the execution loader caches the common code, both in memory and from disk. By increasing the amount of common code, those utilities should actually load faster.

What about independent of external libs?

[moncyb]

It's good that they are trying to save disk space, but why don't they just rewrite them so they don't use libc? Linux assembly.org is working on such a project, though it doesn't have to be in assembly. I've done some work using direct syscalls in Linux with C (look at /usr/include/asm--start with unistd.h). I haven't looked at FreeBSD in this way yet, but I think it can be done. At the very least, simple utilities like cp and ln could be written this way. Save disk space and be staticly linked--good all the way around.

Re:What about independent of external libs?

[Piquan]

Because there's a lot of logic in, say, PAM or NSS, which are needed often in /bin and /sbin. You could write that into each program, but then you'd have to update them all each time you found a bug or needed to add a feature. You could share a .o file between them, and then it's the same thing as statically linking them in the first place.

Re:What about independent of external libs?

[josepha48]

You should look at the uClibc project which is trying to make a smaller libc for small floppy based distros. Also busybox, can be used to make a smaller system. Progamming in assembly is not pretty.

Re:What about independent of external libs?

[R.Caley]

It's good that they are trying to save disk space, but why don't they just rewrite them so they don't use libc?

Because reinventing wheels is generally a Bad Thing?

Better to work to make libc smaller, or restructure it so that small utilities only drag in what they absolutely need.

Re:What about independent of external libs?

[moncyb]

Why thank you. I'm glad I have your permission now. I just might do that--I already have ls, sleep, touch, uname done. ;-)

Re:What about independent of external libs?

[moncyb]

Why? Do programs such as cp, ln, and touch really need libc? Why make something the size of a small paperback book connected to four huge wheels when you can just carry it around in your pocket?

Better to work to make libc smaller, or restructure it so that small utilities only drag in what they absolutely need.

So you are saying rewrite libc? Is this not reinventing the wheel? Not that it is a bad idea, but how is it different?

Re:What about independent of external libs?

[moncyb]

Yeah, but ln and cp do not need PAM or NSS or libc, so why use them?

You could share a .o file between them, and then it's the same thing as statically linking them in the first place.

Indeed, but then you are not statically linking in the entire libc system, which is the problem. I'm not against linking a bunch of .o files together, I just don't see the point in cramming tonnes of libc functions into a binary which doesn't need them and ends up more bloated as a result.

Re:What about independent of external libs?

[R.Caley]

Why? Do programs such as cp, ln, and touch really need libc?

No program ever needs a library. You could always implement everything from the ground up. The point of having libraries is to share the code. Re-implementing parts of the standard library in each utility is, apart from the wasted effort, just a way of creating more places for bugs to live.

So you are saying rewrite libc? Is this not reinventing the wheel?

No, it's software development. You fix the one piece of code which does a job so that it is useful in more places rather than writing a dozen independent pieces of code to do the same job.

Re:What about independent of external libs?

[Piquan]

Indeed, but then you are not statically linking in the entire libc system, which is the problem.

When you statically link, you only link in what you need. It doesn't suck in all of libc.a, only the .o files that are necessary. (Remember that a .a is an archive of .o files.)

Re:Linux distro's already do this.

[phoenix_rizzen]

Yeesh, lighten up, eh? There's a reason for the :) in the above post.

All I was saying was that "Because Linux has it" is not a good enough reason to implement a feature. That would be like saying "Why doesn't Linux support VBScript in the kernel? MS Windows has it, so it must be good."

As to my credentials, what does that have to do with anything??

Ah well, what can one expect when posting to Slashdot? :D

Re:Developer laments: What Killed FreeBSD

[beefdart]

BSD is Dead??

http://uptime.netcraft.com/perf/reports/Hosters

I guess Linux-Kiddies can't read.

Choke on it and die.

Re:25%

[JDizzy]

It really depends if your a pesimist, or an optimist. Yes 3 units of 12 is indeed 25%, and since it is 3 units over 12 to 15 it could be seen as an additional 25% extra time. The more correct way to look at it is from the point of view for the number 15. aka the boot was an entire 1/5 faster without dynamic bins.

Besides, there have also been improvements in caching libs in conjunction with linking so that dynamic bin's always load faster. It could also be possible to make certain /bin and /sbin stuff static, but thats what /rescue is for with the crunched bins. Besides, this will only lead to a more optimised ld program and linking system there after. Not having the entire bulk of libc repliated allover the place in /bin and /sbin is entirly acceptible to me. Architecturally speaking that is a big faux pax to leave such a clutter. This is why elf was devised in the first place, and slow to implement Operating Environments is partly to blame for the hindering of cool features like dynamic linking tricks such as thosed used in pam and nss. This is, after all, the reason we have libraries.

Re:25%

[moncyb]

How about some utils which are written in assembly and are not dependent upon other libs? They're faster and smaller. You may want to look at LinuxAssembly.org's asm utils. They say it works for FreeBSD and other BSDs, though I haven't tested this myself (yet). When I tried them in Linux a few years ago, they weren't quite complete, but being small and independent has its advantages. When it's complete (maybe it is now?), I imagine these programs will be the choice for those who want to save disk space or speed up their system. Such a project would work in C. If it was in C, it would probably get more developers on board too...

Re:Linux distro's already do this.

[Arandir]

Hence, while Linux distros tend to get things first, BSD tends to get things right.

Actually, BSD gets a lot things first. First to have a commercial support, first to have a free and complete operating system, and first to get sued by obnoxious companies :-). More recently, first to implement IP6, Serial ATA, Hyperthreading, etc. I would have to check, but I think they got USB and Firewire first as well.

Re:25%

[craig2787]

Riiiiight. Thats under a meg a minute. Clearly this is a fabricated post. Show me some ps and vmstat/etc output, and i will newfs freebsd off right away.

Re:Linux distro's already do this.

[Ezdaloth]

NetBSD was the first (free unix-like OS) to have USB indeed.

Re:25%

[Groganz]

And destroy the portability of the system to other archs while you are at it...

That's just for the initial penalty.

[Ayanami+Rei]

Subsequent runs of said binaries will be just as fast (and perhaps faster) as your cache usage will be optimized with libc mapped once.

Isn't this the tradeoff for lots of neat optimizations? A little extra overhead at the start for amortized gains?

Portability between archs.

[moncyb]

Yes, these programs don't work on non-IA32 systems, but if someone needs to save space or wants more speed and they have an IA32 system, why not use them? The same thing could be done in C, thus preserving portability...

Blink

[timotten]

enable users to build /bin and /sbin dynamically linked on FreeBSD

I am having difficulty parsing this, and neither the article nor the comments here help me. This is my best guess. Someone please correct me.

SITUATION: For some executable program $P in /bin or /sbin; for some executable library $L in /lib; there exists some subroutine $p in $P and some object $l in $L such that $p uses $l.

OLD BEHAVIOR: When building $P, static-linker resolves name "$l", yielding an address or the desired data.

NEW BEHAVIOR: When executing $P, dynamic-linker resolves name "$l", yielding an address or the desired data.

DETAILS OF CHANGE: The kernel enforced the old behavior by examining every request sent to the generic 'dynamic-link' facility and blocked any requests which involved programs which happened to be in /bin or /sbin. The new behavior is achieved by removing the arbitrary, stupid prohibition.

ALTERNATIVE DETAILS OF CHANGE: The old behavior was enforced by the build scripts for $P and $L; we didn't want our super-important $P to be disturbed if something as lame as the dynamic linker crapped out on us. The new behavior is achieved by changing some compiler flags. We will all die when the dynamic linker craps out.

Re:Developer laments: What Killed FreeBSD

[peterpi]

But not as we know it.

Why bother?

[pla]

I fail to see the benefit of this.

A 25% absolute performance penalty, at the relative "gain" of 82% of a small part of the filesystem. However, compared to even an incredibly small (by today's standards) 1GB partition, you talk about saving only 2.5% of the total disk space. On any reasonable drive, this would equal far less than 1% savings.

Now, in an embedded environment, such a savings might make a noticeable difference. However, in an embedded environment, you wouldn't have every app ever considered useful in /bin and /sbin, only those critical to basic system functioning (or better yet, something like a FreeBSD equivalent to BusyBox (which I've used to create embedded Linux distros that needed to fit in 8MB of flash and have basic X functionality), for a whopping 300k).

As for "people with 2.x and 3.x era root partitions"... C'mon, really... Throw in the "older means better" towel and upgrade. Seriously. I have single OGG files (of full CDs) larger than 50MB. Hell, I gave up on DOS 3.3 because of the 32MB partition limit nearly a decade ago. Upgrade. Upgrade. Upgrade! Sometimes "obsolescence" doesn't need to have the word "planned" in front of it, you just need to accept that PC-level hardware has vastly improved since limitations like that seemed even remotely acceptible.

So... Can someone explain why this matters, beyond the "because we can" factor?

Re:Why bother?

[insomaniac]

Well, I can try.

In a typical FreeBSD installation you make the root partition (/) quite small, these days 128MB to 256MB. This is to make the chance that when something happens that could damage your hard disk, the chance of it damaging your root and leave your system unbootable is minimal.
This makes the chance that you can get to single user mode and run fsck on the damaged partitions bigger.
In FreeBSD 2.x and 3.x the default root was even smaller and this made upgrading to 4.x in the general make buildworld sense nigh impossible, this might help the people with legacy machines to upgrade.

/sbin is the "STATIC BIN"

[billstewart]

Arrgh! If you're not going to statically link the stuff, don't put it in /sbin! Arrrgh.

Re:25%

[adri]

Actually, there's overhead in the loader - resolving symbols and checking libraries takes a while.

Re:Linux distro's already do this.

[Valar]

Eh. It's not exactly universal though. OpenBSD doesn't even do MP, much less hyperthreading (if you think these are two very different issues, go read the god damn IA-32 System Developer Manual). Acttually, I think NetBSD is the same deal right now. FreeBSD has MP though.