remove usage of conf_mount_ro and conf_mount_rw

0a44698f · Ad Schellevis · 5eaf0e40 · 0a44698f · 0a44698f · 0a44698f
Commit 0a44698f authored Mar 12, 2015 by Ad Schellevis
36 changed files
--- a/src/etc/inc/auth.inc
+++ b/src/etc/inc/auth.inc
@@ -304,8 +304,6 @@ function local_sync_accounts()
 {
 	global $config;
-	conf_mount_rw();
 	/* remove local users to avoid uid conflicts */
 	$fd = popen('/usr/sbin/pw usershow -a', 'r');
 	if ($fd) {
@@ -360,8 +358,6 @@ function local_sync_accounts()
 		foreach ($config['system']['group'] as $group)
 			local_group_set($group);
-	conf_mount_ro();
 }
 function local_user_set(& $user) {
@@ -372,8 +368,6 @@ function local_user_set(& $user) {
 		return;
 	}
-	conf_mount_rw();
 	$home_base = "/home/";
 	$user_uid = $user['uid'];
 	$user_name = $user['name'];
@@ -468,7 +462,6 @@ function local_user_set(& $user) {
 	$un = $lock_account ? "" : "un";
 	exec("/usr/sbin/pw {$un}lock {$user_name} -q");
-	conf_mount_ro();
 }
 function local_user_del($user)

--- a/src/etc/inc/captiveportal.inc
+++ b/src/etc/inc/captiveportal.inc
@@ -1092,7 +1092,6 @@ function captiveportal_write_elements() {
        @mkdir($g['captiveportal_element_path']);
    if (is_array($cpcfg['element'])) {
-        conf_mount_rw();
        foreach ($cpcfg['element'] as $data) {
            if (!@file_put_contents("{$g['captiveportal_element_path']}/{$data['name']}", base64_decode($data['content']))) {
                printf(gettext("Error: cannot open '%s' in captiveportal_write_elements()%s"), $data['name'], "\n");
@@ -1101,7 +1100,6 @@ function captiveportal_write_elements() {
            if (!file_exists("{$g['captiveportal_path']}/{$data['name']}"))
                @symlink("{$g['captiveportal_element_path']}/{$data['name']}", "{$g['captiveportal_path']}/{$data['name']}");
        }
-        conf_mount_ro();
    }
    return 0;

--- a/src/etc/inc/config.gui.inc
+++ b/src/etc/inc/config.gui.inc
@@ -59,11 +59,5 @@ if(file_exists("/debugging")) {
 $config = parse_config();
-if($config_parsed == true) {
-	/* process packager manager custom rules */
-	if(is_dir("/usr/local/pkg/parse_config")) {
-		run_plugins("/usr/local/pkg/parse_config/");
-	}
-}
 ?>
--- a/src/etc/inc/config.inc
+++ b/src/etc/inc/config.inc
@@ -70,11 +70,9 @@ if(file_exists("/var/run/booting") && file_exists("/conf/config.xml")) {
 		$config_contents = str_replace("m0n0wall","pfsense", $config_contents);
 		if (!config_validate('/conf/config.xml'))
 			log_error(gettext("ERROR!  Could not convert m0n0wall -> pfsense in config.xml"));
-		conf_mount_rw();
 		$fd = fopen("/conf/config.xml", "w");
 		fwrite($fd, $config_contents);
 		fclose($fd);
-		conf_mount_ro();
 	}
 }

--- a/src/etc/inc/config.lib.inc
+++ b/src/etc/inc/config.lib.inc
@@ -87,6 +87,12 @@ function encrypted_configxml()
 ******/
 function parse_config($parse = false)
 {
+	require_once("script/load_phalcon.php");
+	$cnf = OPNsense\Core\Config::getInstance();
+	$config = $cnf->toArray();
+	return $config;
 	global $g, $config_parsed;
 	$config_xml = '/conf/config.xml';
@@ -180,13 +186,11 @@ function restore_backup($file)
 	global $g;
 	if (file_exists($file)) {
-		conf_mount_rw();
 		@unlink('/tmp/config.cache');
 		copy($file, '/conf/config.xml');
 		disable_security_checks();
 		log_error(sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file));
 		file_notice("config.xml", sprintf(gettext('%1$s is restoring the configuration %2$s'), $g['product_name'], $file), "pfSenseConfigurator", "");
-		conf_mount_ro();
 	}
 }
@@ -273,75 +277,6 @@ EOD;
 	alias_make_table($config);
 }
-/****f* config/conf_mount_rw
- * NAME
- *   conf_mount_rw - Mount filesystems read/write.
- * RESULT
- *   null
- ******/
-/* mount flash card read/write */
-function conf_mount_rw() {
-	global $g, $config;
-	/* do not mount on cdrom platform */
-	if($g['platform'] == "cdrom" or $g['platform'] == "pfSense")
-		return;
-	if ((refcount_reference(1000) > 1) && is_writable("/"))
-		return;
-	$status = mwexec("/sbin/mount -u -w -o sync,noatime /cf");
-	if($status <> 0) {
-		if(file_exists("/var/run/booting"))
-			echo gettext("Disk is dirty.  Running fsck -y") . "\n";
-		mwexec("/sbin/fsck -y /cf");
-		$status = mwexec("/sbin/mount -u -w -o sync,noatime /cf");
-	}
-	/*    if the platform is soekris or wrap or pfSense, lets mount the
-	 *    compact flash cards root.
-         */
-	$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
-	/* we could not mount this correctly.  kick off fsck */
-	if($status <> 0) {
-		log_error(gettext("File system is dirty.  Launching FSCK for /"));
-		mwexec("/sbin/fsck -y /");
-		$status = mwexec("/sbin/mount -u -w -o sync,noatime /");
-	}
-	mark_subsystem_dirty('mount');
-}
-/****f* config/conf_mount_ro
- * NAME
- *   conf_mount_ro - Mount filesystems readonly.
- * RESULT
- *   null
- ******/
-function conf_mount_ro() {
-	global $g, $config;
-	/* Do not trust $g['platform'] since this can be clobbered during factory reset. */
-	$platform = trim(file_get_contents("/usr/local/etc/platform"));
-	/* do not umount on cdrom or pfSense platforms */
-	if($platform == "cdrom" or $platform == "pfSense")
-		return;
-	if (refcount_unreference(1000) > 0)
-		return;
-	if(isset($config['system']['nanobsd_force_rw']))
-		return;
-	if(file_exists("/var/run/booting"))
-		return;
-	clear_subsystem_dirty('mount');
-	/* sync data, then force a remount of /cf */
-	pfSense_sync();
-	mwexec("/sbin/mount -u -r -f -o sync,noatime /cf");
-	mwexec("/sbin/mount -u -r -f -o sync,noatime /");
-}
 /****f* config/convert_config
 * NAME
@@ -488,7 +423,6 @@ function write_config($desc = 'Unknown', $backup = true)
 	$config['revision'] = make_config_revision_entry($desc);
-	conf_mount_rw();
 	$lockkey = lock('config', LOCK_EX);
 	/* generate configuration XML */
@@ -527,9 +461,6 @@ function write_config($desc = 'Unknown', $backup = true)
 	unlink_if_exists("/usr/local/pkg/pf/carp_sync_client.php");
-	/* tell kernel to sync fs data */
-	conf_mount_ro();
 	/* sync carp entries to other firewalls */
 	carp_sync_client();
@@ -551,7 +482,6 @@ function reset_factory_defaults($lock = false)
 {
 	global $g;
-	conf_mount_rw();
 	if (!$lock)
 		$lockkey = lock('config', LOCK_EX);
@@ -577,7 +507,6 @@ function reset_factory_defaults($lock = false)
 	touch("/conf/trigger_initial_wizard");
 	if (!$lock)
 		unlock($lockkey);
-	conf_mount_ro();
 	setup_serial_port();
 	return 0;
 }
@@ -590,7 +519,6 @@ function config_restore($conffile) {
 	backup_config();
-	conf_mount_rw();
 	$lockkey = lock('config', LOCK_EX);
@@ -603,7 +531,6 @@ function config_restore($conffile) {
 	$config = parse_config(true);
-	conf_mount_ro();
 	write_config(gettext("Reverted to") . " " . array_pop(explode("/", $conffile)) . ".", false);
@@ -626,7 +553,6 @@ function config_install($conffile)
 		log_error(gettext("Installing configuration ...."));
 	}
-	conf_mount_rw();
 	$lockkey = lock('config', LOCK_EX);
 	copy($conffile, '/conf/config.xml');
@@ -699,7 +625,6 @@ function cleanup_backupcache($lock = false) {
 	if (!$lock)
 		$lockkey = lock('config');
-	conf_mount_rw();
 	$backups = get_backups();
 	if ($backups) {
@@ -759,7 +684,6 @@ function cleanup_backupcache($lock = false) {
 	$bakout = fopen('/conf/backup/backup.cache', 'w');
 	fwrite($bakout, serialize($tocache));
 	fclose($bakout);
-	conf_mount_ro();
 	if (!$lock)
 		unlock($lockkey);
@@ -784,7 +708,6 @@ function get_backups()
 function backup_config()
 {
-	conf_mount_rw();
 	/* Create backup directory if needed */
 	safe_mkdir('/conf/backup');
@@ -816,7 +739,6 @@ function backup_config()
 	fwrite($bakout, serialize($backupcache));
 	fclose($bakout);
-	conf_mount_ro();
 	return true;
 }

--- a/src/etc/inc/dyndns.class
+++ b/src/etc/inc/dyndns.class
@@ -1212,7 +1212,6 @@
 			if($successful_update == true) {
 				/* Write WAN IP to cache file */
 				$wan_ip = $this->_checkIP();
-				conf_mount_rw();
 				if ($this->_useIPv6 == false && $wan_ip > 0) {
 					$currentTime = time();
 					notify_all_remote(sprintf(gettext("DynDNS updated IP Address on %s (%s) to %s"), convert_real_interface_to_friendly_descr($this->_if), $this->_if, $wan_ip));
@@ -1227,7 +1226,6 @@
 					@file_put_contents($this->_cacheFile_v6, "{$wan_ip}|{$currentTime}");
 				} else
 					@unlink($this->_cacheFile_v6);
-				conf_mount_ro();
 			}
 			$this->status = $status;
 			log_error($status);
@@ -1307,10 +1305,8 @@
 					$initial = false;
 					$log_error .= "Cached IPv6: {$cacheIP} ";
 				} else {
-					conf_mount_rw();
 					$cacheIP = '::';
 					@file_put_contents($this->_cacheFile, "::|{$currentTime}");
-					conf_mount_ro();
 					$cacheTime = $currentTime;
 					$initial = true;
 					$log_error .= "No Cached IPv6 found.";
@@ -1323,10 +1319,8 @@
 					$initial = false;
 					$log_error .= "Cached IP: {$cacheIP} ";
 				} else {
-					conf_mount_rw();
 					$cacheIP = '0.0.0.0';
 					@file_put_contents($this->_cacheFile, "0.0.0.0:{$currentTime}");
-					conf_mount_ro();
 					$cacheTime = $currentTime;
 					$initial = true;
 					$log_error .= "No Cached IP found.";
@@ -1380,11 +1374,9 @@
 			if (!$g['debug'])
 				return;
 			$string = date('m-d-y h:i:s').' - ('.$this->_debugID.') - ['.$this->_dnsService.'] - '.$data."\n";
-			conf_mount_rw();
 			$file = fopen($this->_debugFile, 'a');
 			fwrite($file, $string);
 			fclose($file);
-			conf_mount_ro();
 		}
 		function _checkIP() {
 			global $debug;

--- a/src/etc/inc/interfaces.inc
+++ b/src/etc/inc/interfaces.inc
@@ -1864,15 +1864,11 @@ EOD;
 	// Create the uptime log if requested and if it doesn't exist already, or delete it if it is no longer requested.
 	if (isset($ppp['uptime'])) {
 		if (!file_exists("/conf/{$pppif}.log")) {
-			conf_mount_rw();
 			file_put_contents("/conf/{$pppif}.log", '');
-			conf_mount_ro();
 		}
 	} else {
 		if (file_exists("/conf/{$pppif}.log")) {
-			conf_mount_rw();
 			@unlink("/conf/{$pppif}.log");
-			conf_mount_ro();
 		}
 	}
@@ -2514,8 +2510,6 @@ function interface_wireless_configure($if, &$wl, &$wlcfg) {
 	mwexec(kill_wpasupplicant("{$if}"));
 	/* generate wpa_supplicant/hostap config if wpa is enabled */
-	conf_mount_rw();
 	switch ($wlcfg['mode']) {
 	case 'bss':
 		if (isset($wlcfg['wpa']['enable'])) {
@@ -2665,7 +2659,6 @@ EOD;
 	}
 	fclose($fd_set);
-	conf_mount_ro();
 	/* Making sure regulatory settings have actually changed
 	 * before applying, because changing them requires bringing

--- a/src/etc/inc/pfsense-utils.inc
+++ b/src/etc/inc/pfsense-utils.inc
@@ -472,8 +472,6 @@ function restore_config_section($section_name, $new_contents)
 	$tmpxml = '/tmp/tmpxml';
-	conf_mount_rw();
 	$fout = fopen($tmpxml, 'w');
 	fwrite($fout, $new_contents);
 	fclose($fout);
@@ -493,7 +491,6 @@ function restore_config_section($section_name, $new_contents)
 	@unlink($tmpxml);
 	if ($section_xml === -1) {
-		conf_mount_ro();
 		return false;
 	}
@@ -502,7 +499,6 @@ function restore_config_section($section_name, $new_contents)
 	write_config(sprintf(gettext("Restored %s of config file (maybe from CARP partner)"), $section_name));
 	disable_security_checks();
-	conf_mount_ro();
 	return true;
 }
@@ -515,7 +511,6 @@ function restore_config_section($section_name, $new_contents)
 function merge_config_section($section_name, $new_contents)
 {
 	global $config;
-	conf_mount_rw();
 	$fname = '/tmp/tmp-' . time();
 	$fout = fopen($fname, "w");
 	fwrite($fout, $new_contents);
@@ -525,7 +520,6 @@ function merge_config_section($section_name, $new_contents)
 	unlink($fname);
 	write_config(sprintf(gettext("Restored %s of config file (maybe from CARP partner)"), $section_name));
 	disable_security_checks();
-	conf_mount_ro();
 	return;
 }
@@ -823,10 +817,8 @@ function reload_all_sync() {
 	system_ntp_configure();
 	/* sync pw database */
-	conf_mount_rw();
 	unlink_if_exists("/etc/spwd.db.tmp");
 	mwexec("/usr/sbin/pwd_mkdb -d /etc/ /etc/master.passwd");
-	conf_mount_ro();
 	/* restart sshd */
 	send_event("service restart sshd");
@@ -838,7 +830,6 @@ function reload_all_sync() {
 function setup_serial_port($when = 'save', $path = '')
 {
 	global $g, $config;
-	conf_mount_rw();
 	$prefix = "";
 	if (($when == "upgrade") && (!empty($path)) && is_dir($path.'/boot/'))
 		$prefix = "/tmp/{$path}";
@@ -935,7 +926,6 @@ function setup_serial_port($when = 'save', $path = '')
 	unset($on_off, $console_type, $serial_type);
 	fclose($fd);
 	reload_ttys();
-	conf_mount_ro();
 }
 function is_serial_enabled()
@@ -2022,7 +2012,6 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) {
 		|| $forceupdate) {
 		// Try to fetch the URL supplied
-		conf_mount_rw();
 		unlink_if_exists($urltable_filename . ".tmp");
 		$verify_ssl = isset($config['system']['checkaliasesurlcert']);
 		if (download_file($url, $urltable_filename . ".tmp", $verify_ssl)) {
@@ -2035,7 +2024,6 @@ function process_alias_urltable($name, $url, $freq, $forceupdate=false) {
 			unlink_if_exists($urltable_filename . ".tmp");
 		} else
 			touch($urltable_filename);
-		conf_mount_ro();
 		return true;
 	} else {
 		// File exists, and it doesn't need updated.
@@ -2091,7 +2079,6 @@ function nanobsd_switch_boot_slice() {
 	$ATOFLASH="{$BOOT_DRIVE}s{$ASLICE}";
 	$ACOMPLETE_PATH="{$BOOT_DRIVE}s{$ASLICE}a";
 	$ABOOTFLASH="{$BOOT_DRIVE}s{$AOLDSLICE}";
-	conf_mount_rw();
 	set_single_sysctl("kern.geom.debugflags", "16");
 	exec("gpart set -a active -i {$ASLICE} {$BOOT_DRIVE}");
 	exec("/usr/sbin/boot0cfg -s {$ASLICE} -v /dev/{$BOOT_DRIVE}");
@@ -2101,7 +2088,6 @@ function nanobsd_switch_boot_slice() {
 		nanobsd_update_fstab($AGLABEL_SLICE, $ACOMPLETE_PATH, $AOLD_UFS_ID, $AUFS_ID);
 	}
 	set_single_sysctl("kern.geom.debugflags", "0");
-	conf_mount_ro();
 }
 function nanobsd_clone_slice() {
 	global $SLICE, $OLDSLICE, $TOFLASH, $COMPLETE_PATH, $COMPLETE_BOOT_PATH;

--- a/src/etc/inc/pkg-utils.inc
+++ b/src/etc/inc/pkg-utils.inc
@@ -66,10 +66,8 @@ safe_mkdir($vardb);
 $g['platform'] = trim(file_get_contents("/usr/local/etc/platform"));
 if(!is_dir("/usr/local/pkg") or !is_dir("/usr/local/pkg/pf")) {
-	conf_mount_rw();
 	safe_mkdir("/usr/local/pkg");
 	safe_mkdir("/usr/local/pkg/pf");
-	conf_mount_ro();
 }
 /****f* pkg-utils/remove_package
@@ -209,8 +207,6 @@ function resync_all_package_configs($show_message = false) {
 	if($show_message == true)
 		echo "Syncing packages:";
-	conf_mount_rw();
 	foreach($config['installedpackages']['package'] as $idx => $package) {
 		if (empty($package['name']))
 			continue;
@@ -228,7 +224,6 @@ function resync_all_package_configs($show_message = false) {
 		echo " done.\n";
 	@unlink("/conf/needs_package_sync");
-	conf_mount_ro();
 }
 /*
@@ -588,9 +583,6 @@ function get_pbi_binaries($pbi) {
 function install_package($package, $pkg_info = "", $force_install = false) {
 	global $g, $config, $static_output, $pkg_interface;
-	/* safe side. Write config below will send to ro again. */
-	conf_mount_rw();
 	if($pkg_interface == "console")
 		echo "\n";
 	/* fetch package information if needed */
@@ -598,7 +590,6 @@ function install_package($package, $pkg_info = "", $force_install = false) {
 		$pkg_info = get_pkg_info(array($package));
 		$pkg_info = $pkg_info[$package]; // We're only dealing with one package, so we can strip away the extra array.
 		if (empty($pkg_info)) {
-			conf_mount_ro();
 			return -1;
 		}
 	}
@@ -616,7 +607,6 @@ function install_package($package, $pkg_info = "", $force_install = false) {
 			$static_output .= sprintf(gettext("Package %s is not supported on this version."), $pkg_info['name']);
 			update_status($static_output);
-			conf_mount_ro();
 			return -1;
 		}
 	}
@@ -643,7 +633,6 @@ function install_package($package, $pkg_info = "", $force_install = false) {
 	}
 	if(file_exists('/conf/needs_package_sync'))
 		@unlink('/conf/needs_package_sync');
-	conf_mount_ro();
 	write_config("Intermediate config write during package install for {$pkg_info['name']}.");
 	$static_output .= $to_output;
 	update_output_window($static_output);
@@ -937,8 +926,6 @@ function delete_package($pkg) {
 function delete_package_xml($pkg) {
 	global $g, $config, $static_output, $pkg_interface;
-	conf_mount_rw();
 	$pkgid = get_pkg_id($pkg);
 	if ($pkgid == -1) {
 		$static_output .= sprintf(gettext("The %s package is not installed.%sDeletion aborted."), $pkg, "\n\n");
@@ -949,7 +936,6 @@ function delete_package_xml($pkg) {
 		}
 		ob_flush();
 		sleep(1);
-		conf_mount_ro();
 		return;
 	}
 	pkg_debug(sprintf(gettext("Removing %s package... "),$pkg));
@@ -1119,7 +1105,6 @@ function delete_package_xml($pkg) {
 		update_output_window($static_output);
 	}
-	conf_mount_ro();
 	/* remove config.xml entries */
 	$static_output .= gettext("Configuration... ");
 	update_output_window($static_output);
@@ -1421,13 +1406,11 @@ function package_server_mismatch_message() {
 function pkg_fetch_config_file($package, $pkg_info = "") {
 	global $g, $config, $static_output, $pkg_interface;
-	conf_mount_rw();
 	if(empty($pkg_info) or !is_array($pkg_info[$package])) {
 		$pkg_info = get_pkg_info(array($package));
 		$pkg_info = $pkg_info[$package]; // We're only dealing with one package, so we can strip away the extra array.
 		if (empty($pkg_info)) {
-			conf_mount_ro();
 			return -1;
 		}
 	}
@@ -1448,26 +1431,22 @@ function pkg_fetch_config_file($package, $pkg_info = "") {
 				update_output_window($static_output);
 				echo "<br />Show <a href=\"pkg_mgr_install.php?showlog=true\">install log</a></center>";
 			}
-			conf_mount_ro();
 			return -1;
 		}
 		$static_output .= gettext("done.") . "\n";
 		update_output_window($static_output);
 	}
-	conf_mount_ro();
 	return true;
 }
 function pkg_fetch_additional_files($package, $pkg_info = "") {
 	global $g, $config, $static_output, $pkg_interface;
-	conf_mount_rw();
 	if(empty($pkg_info) or !is_array($pkg_info[$package])) {
 		$pkg_info = get_pkg_info(array($package));
 		$pkg_info = $pkg_info[$package]; // We're only dealing with one package, so we can strip away the extra array.
 		if (empty($pkg_info)) {
-			conf_mount_ro();
 			return -1;
 		}
 	}
@@ -1523,7 +1502,6 @@ function pkg_fetch_additional_files($package, $pkg_info = "") {
 			$static_output .= gettext("done.") . "\n";
 			update_output_window($static_output);
 		}
-		conf_mount_ro();
 		return true;
 	}
 }

--- a/src/etc/inc/services.inc
+++ b/src/etc/inc/services.inc
@@ -2170,7 +2170,6 @@ EOD;
 				$maxCacheAgeSecs = 25 * 24 * 60 * 60;
 				$need_update = false;
-				conf_mount_rw();
 				/* Update IPv4 if we have it. */
 				if (is_ipaddrv4($wanip)) {
 					if (($wanip != $cachedipv4) || (($currentTime - $cacheTimev4) > $maxCacheAgeSecs) || $forced) {
@@ -2200,7 +2199,6 @@ EOD;
 					}
 				} else
 					@unlink("{$cacheFile}.ipv6");
-				conf_mount_ro();
 				$upinst .= "\n";	/* mind that trailing newline! */
@@ -2229,7 +2227,6 @@ EOD;
 function configure_cron() {
 	global $g, $config;
-	conf_mount_rw();
 	/* preserve existing crontab entries */
 	$crontab_contents = file("/etc/crontab", FILE_IGNORE_NEW_LINES | FILE_SKIP_EMPTY_LINES);
@@ -2272,7 +2269,6 @@ function configure_cron() {
 	/* do a HUP kill to force sync changes */
 	sigkillbypid("{$g['varrun_path']}/cron.pid", "HUP");
-	conf_mount_ro();
 }
 function upnp_action ($action) {

--- a/src/etc/inc/system.inc
+++ b/src/etc/inc/system.inc
@@ -1290,11 +1290,9 @@ function system_timezone_configure()
 	}
 	// Apply timezone
-	conf_mount_rw();
 	copy(sprintf('/usr/share/zoneinfo/%s', $timezone), '/etc/localtime');
 	mwexec("sync");
-	conf_mount_ro();
 	if (file_exists("/var/run/booting"))
 		echo gettext("done.") . "\n";
@@ -1308,7 +1306,6 @@ function system_ntp_setup_gps($serialport) {
 	if (!file_exists($serialport))
 		return false;
-	conf_mount_rw();
 	// Create symlink that ntpd requires
 	unlink_if_exists($gps_device);
 	symlink($serialport, $gps_device);
@@ -1349,8 +1346,6 @@ function system_ntp_setup_gps($serialport) {
 		@file_put_contents("/etc/remote", "gps0:dv={$serialport}:br#{$gpsbaud}:pa=none:", FILE_APPEND);
 	}
-	conf_mount_ro();
 	return true;
 }
@@ -1363,13 +1358,10 @@ function system_ntp_setup_pps($serialport) {
 	if (!file_exists($serialport))
 		return false;
-	conf_mount_rw();
 	// Create symlink that ntpd requires
 	unlink_if_exists($pps_device);
 	@symlink($serialport, $pps_device);
-	conf_mount_ro();
 	return true;
 }

--- a/src/etc/rc.backup_dhcpleases
+++ b/src/etc/rc.backup_dhcpleases
@@ -2,7 +2,5 @@
 # Save the DHCP lease database to the config path.
 if [ -d "/var/dhcpd/var/db" ]; then
-	/usr/local/etc/rc.conf_mount_rw
 	cd / && tar -czf /conf/dhcpleases.tgz -C / var/dhcpd/var/db/
-	/usr/local/etc/rc.conf_mount_ro
 fi
--- a/src/etc/rc.backup_rrd
+++ b/src/etc/rc.backup_rrd
@@ -5,12 +5,10 @@
 # Save the rrd databases to the config path.
 if [ -d "${RRDDBPATH}" ]; then
-	[ -z "$NO_REMOUNT" ] && /usr/local/etc/rc.conf_mount_rw
 	for rrdfile in "${RRDDBPATH}"/*.rrd ; do
 		xmlfile="${rrdfile%.rrd}.xml"
 		/usr/local/bin/rrdtool dump "$rrdfile" "$xmlfile"
 	done
 	cd / && tar -czf "${CF_CONF_PATH}"/rrd.tgz -C / "${RRDDBPATH#/}"/*.xml
 	rm "${RRDDBPATH}"/*.xml
-	[ -z "$NO_REMOUNT" ] && /usr/local/etc/rc.conf_mount_ro
 fi
--- a/src/etc/rc.bootup
+++ b/src/etc/rc.bootup
@@ -120,8 +120,6 @@ $physmem = $memory[0];
 $realmem = $memory[1];
 echo " done.\n";
-conf_mount_rw();
 /* save dmesg output to file */
 system_dmesg_save();
@@ -400,4 +398,3 @@ if ($ipsec_dynamic_hosts) {
 led_normalize();
-conf_mount_ro();
--- a/src/etc/rc.firmware
+++ b/src/etc/rc.firmware
@@ -5,9 +5,6 @@
 # Copyright (C) 2003 Manuel Kasper <mk@neon1.net>.
 # All rights reserved.
-# mount /cf
-/usr/local/etc/rc.conf_mount_rw
 # Reset file(s)
 echo "" >/conf/upgrade_log.txt
 echo "" >/conf/firmware_update_misc_log.txt
@@ -123,7 +120,6 @@ enable)
 	echo "" >> /conf/upgrade_log.txt
 	echo "Enable" >> /conf/upgrade_log.txt
 	echo "" >> /conf/upgrade_log.txt
-	/usr/local/etc/rc.conf_mount_ro
 	;;
 auto)
 	touch /var/run/firmwarelock.dirty
@@ -131,14 +127,12 @@ auto)
 	remove_chflags
 	/usr/local/etc/rc.firmware_auto
 	restore_chflags
-	/usr/local/etc/rc.conf_mount_ro
 	;;
 pfSenseNanoBSDupgrade)
 	# Sanity check - bail early if there's no firmware file!
 	if [ ! -r $IMG ]; then
 		echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1
-		/usr/local/etc/rc.conf_mount_ro
 		exit 1
 	fi
@@ -147,7 +141,6 @@ pfSenseNanoBSDupgrade)
 		echo "You cannot use a full file for upgrade.  Please use a file labeled nanobsd upgrade."
 		file_notice "NanoBSDUpgradeFailure" "You have attemped to use a full NanoBSD installation file as an upgrade.  Please use a NanoBSD file labeled 'upgrade' instead."
 		rm -f $IMG
-		/usr/local/etc/rc.conf_mount_ro
 		exit 1
 	fi
@@ -217,7 +210,6 @@ pfSenseNanoBSDupgrade)
 		rm -f /var/run/firmwarelock.dirty
 		rm -f /var/run/firmware.lock
 		rm -f ${IMG}
-		/usr/local/etc/rc.conf_mount_ro
 		exit 1
 	fi
@@ -268,7 +260,6 @@ pfSenseNanoBSDupgrade)
 		rm -f $IMG
 		rm -f /var/run/firmwarelock.dirty
 		rm -f /var/run/firmware.lock
-		/usr/local/etc/rc.conf_mount_ro
 		exit 1
 	fi
@@ -314,7 +305,6 @@ pfSenseNanoBSDupgrade)
 		rm -f /var/run/firmwarelock.dirty
 		rm -f /var/run/firmware.lock
 		umount /tmp/$GLABEL_SLICE
-		/usr/local/etc/rc.conf_mount_ro
 		exit 1
 	fi
 	echo "" >> /conf/upgrade_log.txt
@@ -362,7 +352,6 @@ pfSenseNanoBSDupgrade)
 	touch /conf/needs_package_sync
 	# remount /cf ro
-	/usr/local/etc/rc.conf_mount_ro
 	/bin/sync
 	echo "NanoBSD Firmware upgrade is complete.  Rebooting in 10 seconds."  >> /conf/upgrade_log.txt 2>&1
@@ -381,7 +370,6 @@ pfSenseupgrade)
 	# Sanity check - bail early if there's no firmware file!
 	if [ ! -r $IMG ]; then
 		echo "2nd parameter has not been passed or file does not exist. Exiting." >> /conf/upgrade_log.txt 2>&1
-		/usr/local/etc/rc.conf_mount_ro
 		exit
 	fi
@@ -479,9 +467,6 @@ pfSenseupgrade)
 	date >> /conf/upgrade_log.txt
 	echo "" >> /conf/upgrade_log.txt
-	# remount /cf ro
-	/usr/local/etc/rc.conf_mount_ro
 	# release the firmware lock
 	rm -f /var/run/firmwarelock.dirty
 	rm -f /var/run/firmware.lock
@@ -511,7 +496,6 @@ delta_update)
 	binary_update $IMG
 	restore_chflags
 	find / -name CVS -type d -exec rm {} \;
-	/usr/local/etc/rc.conf_mount_ro
 	/sbin/umount -f /cf 2>/dev/null
 	/sbin/mount -r /cf 2>/dev/null
 	/sbin/umount -f / 2>/dev/null

--- a/src/etc/rc.firmware_auto
+++ b/src/etc/rc.firmware_auto
@@ -44,15 +44,6 @@ fi
 if [ "$PMD" = "$MD" ]; then
        echo "MD5's match."  | logger -p daemon.info -i -t AutoUpgrade
 		echo "Beginning ${product} upgrade." | wall
-        if [ "$PLATFORM" = "net45xx" ]; then
-            /usr/local/etc/rc.conf_mount_rw
-        fi
-        if [ "$PLATFORM" = "wrap" ]; then
-            /usr/local/etc/rc.conf_mount_rw
-        fi
-        if [ "$PLATFORM" = "nanobsd" ]; then
-            /usr/local/etc/rc.conf_mount_rw
-        fi
        if [ -r "/tmp/custom.tgz" ]; then
            sh /usr/local/etc/rc.firmware pfSenseupgrade /tmp/latest.tgz /tmp/custom.tgz
        else
@@ -65,7 +56,6 @@ if [ "$PMD" = "$MD" ]; then
        if [ "$PLATFORM" = "wrap" ]; then
            /bin/sync
            sleep 5
-            /usr/local/etc/rc.conf_mount_ro
            if [ -e /etc/init_bootloader.sh ]; then
                    sh /etc/init_bootloader.sh
            fi
@@ -73,7 +63,6 @@ if [ "$PMD" = "$MD" ]; then
        if [ "$PLATFORM" = "net45xx" ]; then
            /bin/sync
            sleep 5
-            /usr/local/etc/rc.conf_mount_ro
            if [ -e /etc/init_bootloader.sh ]; then
                    sh /etc/init_bootloader.sh
            fi

--- a/src/etc/rc.restore_config_backup
+++ b/src/etc/rc.restore_config_backup
@@ -70,7 +70,6 @@ function restore_history_backup($number) {
 		echo gettext("Y/N?") . " : ";
 		$confirm = strtoupper(chop(fgets($fp)));
 		if ($confirm == gettext("Y")) {
-			conf_mount_rw();
 			if(config_restore('/conf/backup/config-' . $thisbackup['time'] . '.xml') == 0) {
 				echo "\n";
 				echo sprintf(gettext('Successfully reverted to timestamp %1$s with description "%2$s".'), date(gettext("n/j/y H:i:s"), $thisbackup['time']), $thisbackup['description']);
@@ -78,7 +77,6 @@ function restore_history_backup($number) {
 			} else {
 				echo gettext("Unable to revert to the selected configuration.") . "\n";
 			}
-			conf_mount_ro();
 		} else {
 			echo gettext("Restore canceled.") . "\n";
 		}

--- a/src/etc/rc.sshd
+++ b/src/etc/rc.sshd
@@ -40,11 +40,6 @@ if (!isset($config['system']['enablesshd'])) {
 	return;
 }
-/* are we already running?  if not, do conf_mount_rw(), otherwise it should already be rw */
-if (!is_subsystem_dirty('sshdkeys')) {
-	conf_mount_rw();
-}
 $keys = array(
 	/* .pub files are implied */
 	'rsa1' => 'ssh_host_key',
@@ -157,5 +152,4 @@ if (mwexec($sbin_sshd)) {
 @mkdir('/conf/sshd', 0777, true);
 mwexec("/bin/cp -p ${etc_ssh}/ssh_host_* /conf/sshd/");
-conf_mount_ro();
 unset($keys);
--- a/src/etc/rc.update_bogons
+++ b/src/etc/rc.update_bogons
@@ -90,8 +90,6 @@ BOGON_V6_CKSUM=`/usr/bin/fetch -T 30 -q -o - "${v6urlcksum}" | awk '{ print $4 }
 ON_DISK_V6_CKSUM=`md5 /tmp/bogonsv6 | awk '{ print $4 }'`
 if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DISK_V6_CKSUM" ]; then
-	# At least one of the downloaded checksums matches, so mount RW
-	/usr/local/etc/rc.conf_mount_rw
 	ENTRIES_MAX=`pfctl -s memory | awk '/table-entries/ { print $4 }'`
@@ -139,8 +137,6 @@ if [ "$BOGON_V4_CKSUM" = "$ON_DISK_V4_CKSUM" ] || [ "$BOGON_V6_CKSUM" = "$ON_DIS
 		checksum_error="true"
 	fi
-	# We mounted RW, so switch back to RO
-	/usr/local/etc/rc.conf_mount_ro
 fi
 if [ "$checksum_error" != "" ]; then

--- a/src/sbin/ppp-log-uptime.sh
+++ b/src/sbin/ppp-log-uptime.sh
 #!/bin/sh
 #write the uptime in seconds to the persistent log in /conf/
-/usr/local/etc/rc.conf_mount_rw
 /bin/echo `date -j +%Y.%m.%d-%H:%M:%S` $1 >> /conf/$2.log
-/usr/local/etc/rc.conf_mount_ro
--- a/src/www/diag_backup.php
+++ b/src/www/diag_backup.php
@@ -222,9 +222,7 @@ END_SCRIPT_BLOCK;
 if ($_POST['apply']) {
 	ob_flush();
 	flush();
-	conf_mount_rw();
 	clear_subsystem_dirty("restore");
-	conf_mount_ro();
 	exit;
 }
@@ -375,7 +373,6 @@ if ($_POST) {
 									write_config();
 									add_base_packages_menu_items();
 									convert_config();
-									conf_mount_ro();
 								}
 								filter_configure();
 								$savemsg = gettext("The configuration area has been restored.  You may need to reboot the firewall.");
@@ -389,7 +386,6 @@ if ($_POST) {
 							file_put_contents($_FILES['conffile']['tmp_name'], $data);
 							if (config_install($_FILES['conffile']['tmp_name']) == 0) {
 								/* this will be picked up by /index.php */
-								conf_mount_rw();
 								mark_subsystem_dirty("restore");
 								touch("/conf/needs_package_sync");
 								/* remove cache, we will force a config reboot */
@@ -403,7 +399,6 @@ if ($_POST) {
 									write_config();
 									add_base_packages_menu_items();
 									convert_config();
-									conf_mount_ro();
 								}
 								if($m0n0wall_upgrade == true) {
 									if($config['system']['gateway'] <> "")
@@ -499,7 +494,6 @@ if ($_POST) {
 									write_config();
 									add_base_packages_menu_items();
 									convert_config();
-									conf_mount_ro();
 									$savemsg = gettext("The m0n0wall configuration has been restored and upgraded to OPNsense.");
 									mark_subsystem_dirty("restore");
 								}

--- a/src/www/diag_confbak.php
+++ b/src/www/diag_confbak.php
@@ -45,7 +45,6 @@ if (isset($_POST['backupcount'])) {
 		return;
 	}
-	conf_mount_rw();
 	$confvers = unserialize(file_get_contents('/conf/backup/backup.cache'));
 	if($_POST['newver'] != "") {
 		if(config_restore('/conf/backup/config-' . $_POST['newver'] . '.xml') == 0)
@@ -57,7 +56,6 @@ if (isset($_POST['backupcount'])) {
 		unlink_if_exists('/conf/backup/config-' . $_POST['rmver'] . '.xml');
 		$savemsg = sprintf(gettext('Deleted backup with timestamp %1$s and description "%2$s".'), date(gettext("n/j/y H:i:s"), $_POST['rmver']),$confvers[$_POST['rmver']]['description']);
 	}
-	conf_mount_ro();
 }
 if($_GET['getcfg'] != "") {

--- a/src/www/diag_nanobsd.php
+++ b/src/www/diag_nanobsd.php
@@ -86,24 +86,6 @@ EOF;
 	nanobsd_detect_slice_info();
 }
-if ($_POST['changero']) {
-	if (is_writable("/")) {
-		conf_mount_ro();
-	} else {
-		conf_mount_rw();
-	}
-}
-if ($_POST['setrw']) {
-	conf_mount_rw();
-	if (isset($_POST['nanobsd_force_rw']))
-		$config['system']['nanobsd_force_rw'] = true;
-	else
-		unset($config['system']['nanobsd_force_rw']);
-	write_config("Changed Permanent Read/Write Setting");
-	conf_mount_ro();
-}
 if ($savemsg)
 	print_info_box($savemsg)

--- a/src/www/diag_packet_capture.php
+++ b/src/www/diag_packet_capture.php
@@ -156,8 +156,6 @@ if ($_POST) {
 	if (!count($input_errors)) {
 		$do_tcpdump = true;
-		conf_mount_rw();
 		if ($_POST['promiscuous']) {
 			//if promiscuous mode is checked
 			$disablepromiscuous = "";
@@ -474,7 +472,6 @@ if (!empty($title)): ?>
 						}
 						system("/usr/sbin/tcpdump {$disabledns} {$detail_args} -r {$fp}{$fn}");
-						conf_mount_ro();
 		?>
 						</pre>

--- a/src/www/index.php
+++ b/src/www/index.php
@@ -144,9 +144,7 @@ if(file_exists('/conf/needs_package_sync')) {
 			exit;
 		}
 	} else {
-		conf_mount_rw();
 		@unlink('/conf/needs_package_sync');
-		conf_mount_ro();
 	}
 }

--- a/src/www/interfaces.php
+++ b/src/www/interfaces.php
@@ -461,7 +461,6 @@ if ($_POST['apply']) {
 		$pconfig['track6-prefix-id'] = intval($_POST['track6-prefix-id--hex'], 16);
 	else
 		$pconfig['track6-prefix-id'] = 0;
-	conf_mount_rw();
 	/* filter out spaces from descriptions  */
 	$_POST['descr'] = remove_bad_chars($_POST['descr']);
@@ -1124,7 +1123,6 @@ if ($_POST['apply']) {
 			handle_wireless_post();
 		}
-		conf_mount_ro();
 		write_config();
 		if (file_exists("{$g['tmp_path']}/.interfaces.apply")) {

--- a/src/www/pkg_mgr_install.php
+++ b/src/www/pkg_mgr_install.php
@@ -213,8 +213,6 @@ if ($_GET) {
 } else if ($_POST) {
 	$pkgid = str_replace(array("<", ">", ";", "&", "'", '"', '.', '/'), "", htmlspecialchars_decode($_POST['id'], ENT_QUOTES | ENT_HTML401));
-	/* All other cases make changes, so mount rw fs */
-	conf_mount_rw();
 	/* Write out configuration to create a backup prior to pkg install. */
 	write_config(gettext("Creating restore point before package installation."));
@@ -296,8 +294,6 @@ if ($_GET) {
 	if($fd_log)
 		fclose($fd_log);
-	/* Restore to read only fs */
-	conf_mount_ro();
 }
 ?>

--- a/src/www/restart_httpd.php
+++ b/src/www/restart_httpd.php
@@ -36,15 +36,9 @@ include("head.inc");
 <form>
 <?php include("fbegin.inc"); ?>
-<?=gettext("Mounting file systems read/write");?>...
-<?php flush(); sleep(1); conf_mount_rw(); ?>
-<?=gettext("Done");?>.<br />
 <?=gettext("Forcing all PHP file permissions to 0755");?>...
 <?php flush(); sleep(1); system('/bin/chmod -R 0755 /usr/local/www/*.php'); ?>
 <?=gettext("Done");?>.<br />
-<?=gettext("Mounting file systems read only");?>...
-<?php flush(); sleep(1); conf_mount_ro(); ?>
-<?=gettext("Done");?>.<br />
 <?=gettext("Restarting mini_httpd");?>...
 <?php flush(); sleep(1); system_webgui_start(); ?>
 <?=gettext("Done");?>.<br />

--- a/src/www/services_captiveportal_filemanager.php
+++ b/src/www/services_captiveportal_filemanager.php
@@ -110,10 +110,8 @@ if ($_POST) {
 		}
    }
 } else if (($_GET['act'] == "del") && !empty($cpzone) && $a_element[$_GET['id']]) {
-	conf_mount_rw();
 	@unlink("{$g['captiveportal_element_path']}/" . $a_element[$_GET['id']]['name']);
 	@unlink("{$g['captiveportal_path']}/" . $a_element[$_GET['id']]['name']);
-	conf_mount_ro();
 	unset($a_element[$_GET['id']]);
 	write_config();
 	header("Location: services_captiveportal_filemanager.php?zone={$cpzone}");

--- a/src/www/system_advanced_admin.php
+++ b/src/www/system_advanced_admin.php
@@ -239,14 +239,12 @@ if ($_POST) {
 		if ($restart_webgui)
 			$savemsg .= sprintf("<br />" . gettext("One moment...redirecting to %s in 20 seconds."),$url);
-		conf_mount_rw();
 		setup_serial_port();
 		// Restart DNS in case dns rebinding toggled
 		if (isset($config['dnsmasq']['enable']))
 			services_dnsmasq_configure();
 		elseif (isset($config['unbound']['enable']))
 			services_unbound_configure();
-		conf_mount_ro();
 	}
 }

--- a/src/www/system_firmware.php
+++ b/src/www/system_firmware.php
@@ -119,10 +119,8 @@ if ($_POST && !is_subsystem_dirty('firmwarelock')) {
 	}
 	if ($mode) {
 		if ($mode == "enable") {
-			conf_mount_rw();
 			mark_subsystem_dirty('firmware');
 		} else if ($mode == "disable") {
-			conf_mount_ro();
 			clear_subsystem_dirty('firmware');
 		} else if ($mode == "upgrade") {
 			if ($_FILES['ulfile']['error'])

--- a/src/www/system_firmware_auto.php
+++ b/src/www/system_firmware_auto.php
@@ -153,7 +153,6 @@ if(!$latest_version) {
 	} else {
 		if (pfs_version_compare($current_installed_buildtime, $current_installed_version, $latest_version) == -1) {
 			update_status(gettext("Downloading updates") . "...");
-			conf_mount_rw();
 			if ($g['platform'] == "nanobsd") {
 				$update_filename = "latest{$nanosize}.img.gz";
 			} else {
@@ -161,7 +160,6 @@ if(!$latest_version) {
 			}
 			$status = download_file_with_progress_bar("{$updater_url}/{$update_filename}", "{$g['upload_path']}/latest.tgz", "read_body_firmware");
 			$status = download_file_with_progress_bar("{$updater_url}/{$update_filename}.sha256", "{$g['upload_path']}/latest.tgz.sha256");
-			conf_mount_ro();
 			update_output_window("{$g['product_name']} " . gettext("download complete."));
 		} else {
 			update_output_window(gettext("You are on the latest version."));
@@ -195,9 +193,7 @@ if (!verify_gzip_file("{$g['upload_path']}/latest.tgz")) {
 	update_status(gettext("The image file is corrupt."));
 	update_output_window(gettext("Update cannot continue"));
 	if (file_exists("{$g['upload_path']}/latest.tgz")) {
-		conf_mount_rw();
 		unlink("{$g['upload_path']}/latest.tgz");
-		conf_mount_ro();
 	}
 	require("fend.inc");
 	exit;

--- a/src/www/system_groupmanager.php
+++ b/src/www/system_groupmanager.php
@@ -50,9 +50,7 @@ if ($act == "delgroup") {
 		exit;
 	}
-	conf_mount_rw();
 	local_group_del($a_group[$id]);
-	conf_mount_ro();
 	$groupdeleted = $a_group[$id]['name'];
 	unset($a_group[$id]);
 	write_config();
@@ -142,9 +140,7 @@ if (isset($_POST['save'])) {
 			$a_group[] = $group;
 		}
-		conf_mount_rw();
 		local_group_set($group);
-		conf_mount_ro();
 		/* Refresh users in this group since their privileges may have changed. */
 		if (is_array($group['member'])) {

--- a/src/www/system_usermanager.php
+++ b/src/www/system_usermanager.php
@@ -69,9 +69,7 @@ if ($_POST['act'] == "deluser") {
 		exit;
 	}
-	conf_mount_rw();
 	local_user_del($a_user[$id]);
-	conf_mount_ro();
 	$userdeleted = $a_user[$id]['name'];
 	unset($a_user[$id]);
 	write_config();
@@ -249,7 +247,6 @@ if ($_POST['save']) {
 	}
 	if (!$input_errors) {
-		conf_mount_rw();
 		$userent = array();
 		if (isset($id) && $a_user[$id])
 			$userent = $a_user[$id];
@@ -326,7 +323,6 @@ if ($_POST['save']) {
 		//if(is_dir("/usr/local/etc/inc/privhooks"))
 		//	run_plugins("/usr/local/etc/inc/privhooks");
-		conf_mount_ro();
 		pfSenseHeader("system_usermanager.php");
 	}

--- a/src/www/system_usermanager_addprivs.php
+++ b/src/www/system_usermanager_addprivs.php
@@ -50,8 +50,6 @@ if (!is_array($a_user['priv']))
 	$a_user['priv'] = array();
 if ($_POST) {
-	conf_mount_rw();
 	unset($input_errors);
 	$pconfig = $_POST;
@@ -81,13 +79,11 @@ if ($_POST) {
 		local_user_set($a_user);
 		$retval = write_config();
 		$savemsg = get_std_save_message($retval);
-		conf_mount_ro();
 		post_redirect("system_usermanager.php", array('act' => 'edit', 'userid' => $userid));
 		exit;
 	}
-	conf_mount_ro();
 }
 /* if ajax is calling, give them an update message */

--- a/src/www/wizards/setup_wizard.xml
+++ b/src/www/wizards/setup_wizard.xml
@@ -41,9 +41,7 @@
 		</field>
 	</fields>
 	<stepbeforeformdisplay>
-		conf_mount_rw();
 		unlink_if_exists('/conf/trigger_initial_wizard');
-		conf_mount_ro();
 	</stepbeforeformdisplay>
 </step>
 <step>