mirror of
https://github.com/ostreedev/ostree.git
synced 2025-01-10 05:18:30 +03:00
f617a341f3
If the `prepare-root.conf` file contains: ``` [etc] transient=yes ``` Then during prepare-root, an overlayfs is mounted as /etc, with the upper dir being in /run. If composefs is used, the lower dir is `usr/etc` from the composefs image , or it is the deployed `$deploydir/usr/etc`. Note that for this to work with selinux, the commit must have been built with OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC. Otherwise the lowerdir (/usr/etc) will have the wrong selinux contexts for the final location of the mount (/etc). We also set the transient-etc key in the ostree-booted file, pointing it to the directory that is used for the overlayfs. There are some additional work happening in ostree-remount, mostly related to selinux (as this needs to happen post selinux policy load): * Recent versions of selinux-poliy have issues with the overlayfs mount being kernel_t, and that is not allowed to manage files as needed. This is fixed in https://github.com/fedora-selinux/selinux-policy/pull/1893 * Any /etc files created in the initramfs will not be labeled, because the selinux policy has not been loaded. In addition, the upper dir is on a tmpfs, and any manually set xattr-based selinux labels on those are reset during policy load. To work around this ostree-remount will relabel all files on /etc that have corresponding files in overlayfs upper dir. * During early boot, systemd mounts /run/machine-id on top of /etc/machine-id (as /etc is readonly). Later during boot, when etc is readwrite, systemd-machine-id-commit.service will remove the mount and update the real file under it with the right content. To ensure that this keeps working, we need to ensure that when we relabel /etc/machine-id we relabel the real (covered) file, not the temporary bind-mount. * ostree-remount no longer needs to remount /etc read-only in the transient-etc case. Signed-off-by: Alexander Larsson <alexl@redhat.com> |
||
|---|---|---|
| .. | ||
| html.xsl | ||
| index.xml | ||
| ostree-admin-cleanup.xml | ||
| ostree-admin-config-diff.xml | ||
| ostree-admin-deploy.xml | ||
| ostree-admin-init-fs.xml | ||
| ostree-admin-instutil.xml | ||
| ostree-admin-os-init.xml | ||
| ostree-admin-pin.xml | ||
| ostree-admin-set-default.xml | ||
| ostree-admin-set-origin.xml | ||
| ostree-admin-stateroot-init.xml | ||
| ostree-admin-status.xml | ||
| ostree-admin-switch.xml | ||
| ostree-admin-undeploy.xml | ||
| ostree-admin-unlock.xml | ||
| ostree-admin-upgrade.xml | ||
| ostree-admin.xml | ||
| ostree-cat.xml | ||
| ostree-checkout.xml | ||
| ostree-checksum.xml | ||
| ostree-commit.xml | ||
| ostree-config.xml | ||
| ostree-create-usb.xml | ||
| ostree-diff.xml | ||
| ostree-export.xml | ||
| ostree-find-remotes.xml | ||
| ostree-fsck.xml | ||
| ostree-gpg-sign.xml | ||
| ostree-init.xml | ||
| ostree-log.xml | ||
| ostree-ls.xml | ||
| ostree-prepare-root.xml | ||
| ostree-prune.xml | ||
| ostree-pull-local.xml | ||
| ostree-pull.xml | ||
| ostree-refs.xml | ||
| ostree-remote.xml | ||
| ostree-reset.xml | ||
| ostree-rev-parse.xml | ||
| ostree-show.xml | ||
| ostree-sign.xml | ||
| ostree-static-delta.xml | ||
| ostree-summary.xml | ||
| ostree.repo-config.xml | ||
| ostree.repo.xml | ||
| ostree.xml | ||
| rofiles-fuse.xml | ||