adapt usroverlay for composefs #3177
Comments
|
Yeah, it is not possible to modify the layer structure of an overlayfs mount after initial mount. However, I'm not 100% sure you can even modify the upper mount like you propose, because I think overlayfs makes a snapshot of the mount for the upper and lower at the point of mount. Maybe you can always have a writable upper, but make the entire overlayfs mount read-only? |
Yeah, this works fine. I guess what I'm somewhat uncertain about is whether we enable that by default...it feels like some use cases will want to be able to statically verify that the rootfs stack is read-only. Hmm...maybe or something? Or maybe it's confusing to have separate values for Dunno...maybe we should actually support a systemd |
|
Yeah, having this always on seems a bit weird for a use case like automotive where it brings nothing but increased risk. Thatever we decide it should be possible to at least opt out completely. |
|
I am curious though...is there really a huge risk difference between the ability to mount a transient overlayfs on top of the root at runtime, versus making an already extant root's tmpfs writable? I'm not arguing against the ability to turn it off, to be clear - I'm just thinking that it does make sense to enable by default. |
This just enables composefs. Per discussion for now we will just document the existing `bootc usroverlay` etc., but we also need to fix ostreedev/ostree#3177
In a composefs world,
usroverlayisn't wrong, but it's less applicable. We should adapt this to just make a writable overlay for/- or can we actually dynamically reconfigure overlayfs to add an upper? Hmm, that appears to not be possible. I wonder if we should always mount a tmpfs upper, but leave it read-only by default? Then we can trivially remount that tmpfs rw to go from ro to rw.cc @alexlarsson
The text was updated successfully, but these errors were encountered: