SquidGuard on Embedded

jlepthien · Feb 6, 2010, 12:22 AM

Hi there,

I just installed squidGuard and changed the .inc files so that nothing gets written to /var or /var/tmp because these filesystems are too small for the database. I changed everything to /squidGuard/. I mounted my fs rw but everytime I try to download the database like it is told in the how to video I get the following error:

Warning: fopen(/squidGuard/log/sg_configurator.log): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1160 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1161 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1162 Warning: fopen(/squidGuard/log/sg_configurator.log): failed to open stream: Read-only file system in /etc/inc/pfsense-utils.inc on line 1160 Warning: fwrite(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1161 Warning: fclose(): supplied argument is not a valid stream resource in /etc/inc/pfsense-utils.inc on line 1162 Warning: Cannot modify header information - headers already sent by (output started at /etc/inc/pfsense-utils.inc:1160) in /usr/local/www/pkg_edit.php on line 35

And after that my filesystem is read-only again. Why?

Any help?

Thanks!

jimp · Feb 6, 2010, 1:53 AM

In the squidGuard .inc file there is probably a call to conf_mount_ro() which changes the filesystems back to read-only.

If you really want to run read/write, you probably need to alter /etc/inc/config.inc and comment out the body of the "function conf_mount_ro() {" block.

I wouldn't really recommend that, but if you are confident in the quality of your CF media then it should be fine at least for a reasonable amount of time.

jlepthien · Feb 6, 2010, 7:43 AM

Hi jimp,

I do not want to run r/w. I only want these two to run, so I can block some sites. No cashing or logging needed…

jimp · Feb 6, 2010, 3:41 PM

Ah, well in that case, the ro() calls are probably in the wrong place to let the download and unpacking of a blacklist file to happen properly.

Either that or some other function that is called in the .inc is calling ro() in turn and it needs more rw()'s.

When I originally altered squidGuard to work on embedded, I didn't test the blacklists part.

jlepthien · Feb 6, 2010, 9:46 PM

Hey jimp, thanks for the hints. I commented the stuff for the ro function in /etc/inc/config.inc out and then I installed the blacklist. That took like two and a half hours. If anyone is interested please comment out the following lines so that they look like this:

/* mwexec("/bin/sync"); /
/ mwexec("/sbin/mount -u -r -f {$g['cf_path']}"); /
/ mwexec("/sbin/mount -u -r -f /"); */

Backup your original copy of config.inc first! After everything is done copy the original file back and mount your file system ro again.

jlepthien · Feb 6, 2010, 9:55 PM

You also need to disable the ro function evertime you apply the new settings to squidGuard! Lame! jimp, can't you "fix" that stuff in the package?

jimp · Feb 11, 2010, 2:46 AM

I probably could fix it but my only spare embedded box is setup for 2.0 testing right now.

It had been saving its settings properly as-is when I tested it last, but that's been a while.

jimp · Jun 22, 2010, 3:29 PM

I know this thread has been dead for a while but I looked at it again, and it looks like the problem is that the squidGuard package is assuming that the log directory is read/write all the time. It logs a lot of things, and it's not feasible to keep that on a read-only filesystem. The better solution might be to rotate its log frequently, or manually add another FS (like a USB stick) that is kept read/write.