SquidGuard on Embedded
-
Hi there,
I just installed squidGuard and changed the .inc files so that nothing gets written to /var or /var/tmp because these filesystems are too small for the database. I changed everything to /squidGuard/. I mounted my fs rw but everytime I try to download the database like it is told in the how to video I get the following error:
Warning: fopen(/squidGuard/log/sg_configurator.log): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1160 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1161 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1162 Warning: fopen(/squidGuard/log/sg_configurator.log): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1160 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1161 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1162 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:1160) in /usr/local/www/pkg_edit.php on line 35
And after that my filesystem is read-only again. Why?
Any help?
Thanks!
-
In the squidGuard .inc file there is probably a call to conf_mount_ro() which changes the filesystems back to read-only.
If you really want to run read/write, you probably need to alter /etc/inc/config.inc and comment out the body of the "function conf_mount_ro() {" block.
I wouldn't really recommend that, but if you are confident in the quality of your CF media then it should be fine at least for a reasonable amount of time.
-
Hi jimp,
I do not want to run r/w. I only want these two to run, so I can block some sites. No cashing or logging neededβ¦
-
Ah, well in that case, the ro() calls are probably in the wrong place to let the download and unpacking of a blacklist file to happen properly.
Either that or some other function that is called in the .inc is calling ro() in turn and it needs more rw()'s.
When I originally altered squidGuard to work on embedded, I didn't test the blacklists part.
-
Hey jimp, thanks for the hints. I commented the stuff for the ro function in /etc/inc/config.inc out and then I installed the blacklist. That took like two and a half hours. If anyone is interested please comment out the following lines so that they look like this:
/* mwexec("/bin/sync"); /
/ mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); /
/ mwexec("/sbin/mount -u -r -f /"); */Backup your original copy of config.inc first! After everything is done copy the original file back and mount your file system ro again.
-
You also need to disable the ro function evertime you apply the new settings to squidGuard! Lame! jimp, can't you "fix" that stuff in the package?
-
I probably could fix it but my only spare embedded box is setup for 2.0 testing right now.
It had been saving its settings properly as-is when I tested it last, but that's been a while.
-
I know this thread has been dead for a while but I looked at it again, and it looks like the problem is that the squidGuard package is assuming that the log directory is read/write all the time. It logs a lot of things, and it's not feasible to keep that on a read-only filesystem. The better solution might be to rotate its log frequently, or manually add another FS (like a USB stick) that is kept read/write.