SquidGuard on Embedded



  • Hi there,

    I just installed squidGuard and changed the .inc files so that nothing gets written to /var or /var/tmp because these filesystems are too small for the database. I changed everything to /squidGuard/. I mounted my fs rw but everytime I try to download the database like it is told in the how to video I get the following error:

    Warning: fopen(/squidGuard/log/sg_configurator.log): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1160 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1161 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1162 Warning: fopen(/squidGuard/log/sg_configurator.log): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1160 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1161 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1162 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:1160) in /usr/local/www/pkg_edit.php on line 35

    And after that my filesystem is read-only again. Why?

    Any help?

    Thanks!


  • Rebel Alliance Developer Netgate

    In the squidGuard .inc file there is probably a call to conf_mount_ro() which changes the filesystems back to read-only.

    If you really want to run read/write, you probably need to alter /etc/inc/config.inc and comment out the body of the "function conf_mount_ro() {" block.

    I wouldn't really recommend that, but if you are confident in the quality of your CF media then it should be fine at least for a reasonable amount of time.



  • Hi jimp,

    I do not want to run r/w. I only want these two to run, so I can block some sites. No cashing or logging needed…


  • Rebel Alliance Developer Netgate

    Ah, well in that case, the ro() calls are probably in the wrong place to let the download and unpacking of a blacklist file to happen properly.

    Either that or some other function that is called in the .inc is calling ro() in turn and it needs more rw()'s.

    When I originally altered squidGuard to work on embedded, I didn't test the blacklists part.



  • Hey jimp, thanks for the hints. I commented the stuff for the ro function in /etc/inc/config.inc out and then I installed the blacklist. That took like two and a half hours. If anyone is interested please comment out the following lines so that they look like this:

    /* mwexec("/bin/sync"); /
    /
    mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); /
    /
    mwexec("/sbin/mount -u -r -f /"); */

    Backup your original copy of config.inc first! After everything is done copy the original file back and mount your file system ro again.



  • You also need to disable the ro function evertime you apply the new settings to squidGuard! Lame! jimp, can't you "fix" that stuff in the package?


  • Rebel Alliance Developer Netgate

    I probably could fix it but my only spare embedded box is setup for 2.0 testing right now.

    It had been saving its settings properly as-is when I tested it last, but that's been a while.


  • Rebel Alliance Developer Netgate

    I know this thread has been dead for a while but I looked at it again, and it looks like the problem is that the squidGuard package is assuming that the log directory is read/write all the time. It logs a lot of things, and it's not feasible to keep that on a read-only filesystem. The better solution might be to rotate its log frequently, or manually add another FS (like a USB stick) that is kept read/write.


Locked