mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
f2773c1b55
I was thinking a bit more recently about the "live" changes stuff https://github.com/coreos/rpm-ostree/issues/639 (particularly since https://github.com/coreos/rpm-ostree/pull/2060 ) and I realized reading the last debates in that issue that there's really a much simpler solution; do exactly the same thing we do for `ostree admin unlock`, except mount it read-only by default. Then, anything that wants to modify it does the same thing libostree does for `/sysroot` and `/boot` as of recently; create a new mount namespace and do the modifications there. The advantages of this are numerous. First, we already have all of the code, it's basically just plumbing through a new entry in the state enumeration and passing `MS_RDONLY` into the `mount()` system call. "live" changes here also naturally don't persist, unlike what we are currently doing in rpm-ostree.
35 lines
1010 B
Bash
Executable File
35 lines
1010 B
Bash
Executable File
#!/bin/bash
|
|
# Test unlock --transient
|
|
set -xeuo pipefail
|
|
|
|
. ${KOLA_EXT_DATA}/libinsttest.sh
|
|
|
|
testfile=/usr/share/writable-usr-test
|
|
|
|
case "${AUTOPKGTEST_REBOOT_MARK:-}" in
|
|
"")
|
|
require_writable_sysroot
|
|
assert_not_has_file "${testfile}"
|
|
ostree admin unlock --transient
|
|
# It's still read-only
|
|
if touch ${testfile}; then
|
|
fatal "modified /usr"
|
|
fi
|
|
# But, we can affect it in a new mount namespace
|
|
unshare -m -- /bin/sh -c 'mount -o remount,rw /usr && echo hello from transient unlock >'"${testfile}"
|
|
assert_file_has_content "${testfile}" "hello from transient unlock"
|
|
# Still can't write to it from the outer namespace
|
|
if touch ${testfile} || rm -v "${testfile}" 2>/dev/null; then
|
|
fatal "modified ${testfile}"
|
|
fi
|
|
/tmp/autopkgtest-reboot 2
|
|
;;
|
|
"2")
|
|
if test -f "${testfile}"; then
|
|
fatal "${testfile} persisted across reboot?"
|
|
fi
|
|
echo "ok unlock transient"
|
|
;;
|
|
*) fatal "Unexpected boot mark ${AUTOPKGTEST_REBOOT_MARK}"
|
|
esac
|