-
Notifications
You must be signed in to change notification settings - Fork 33
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Support a mutable mode for systemd-sysext/confext #986
Comments
Notes from our discussions with upstream. A note on expectation management: the below is strongly work-in-progress, nothing is committed to. This is a snapshot in time of our discussions with the systemd folks. To ease migration of existing workloads to (ultimately) immutable /etc, /usr, and /opt as well as to provide an intermediate option that allows operating hybrid systems that support both traditional software deployments as well as sysext/confext, the system may support three modes:
|
uapi-group pr here: uapi-group/specifications#78 Please reference this when discussing mutability with upstream systemd (PRs, issues, and otherwise). |
Some distros like Flatcar enable it by default through the kernel option even if the mount option isn't passed. I tried the "undefined" behavior and it's basically that when removing the original folder in the lowerdir, the upper folder won't show the contents of the lowerdir anymore but only those present in the moved folder of the upperdir. That's a sane behavior and I think we should always pass the |
This PR brings in patches for mutable overlays into Flatcar: flatcar/scripts#1753. The patches are already upstreamed, should be a part of systemd v256 release. |
The migration of A follow-up note on the |
Closing as per discussion during the October 2024 community meeting |
Support a mutable mode for systemd-sysext and systemd-confext. For systemd-sysext this mutable mode will help traditional distro users on Debian or Fedora become accustomed to systemd-confext. See systemd/systemd#24864 for the current discussion.
For systemd-confext we could use this mutable mode for our
/etc
overlay mount, making/usr/share/flatcar/etc
a syscfg directory and setting up a symlink to it from/usr/lib/confexts/
.The mount command we use is
mount -t overlay overlay -o lowerdir=/sysroot/usr/share/flatcar/etc,upperdir=/sysroot/etc,workdir=/sysroot/.etc-work,redirect_dir=on,metacopy=off,noatime /sysroot/etc
(TODO: check implications ofredirect_dir
enabled vs disabled).We've noticed that systemd-tmpfiles causes upcopies for C, L, d, Z rules which may be something to fix if the sysext would ship a file that is also covered by a systemd-tmpfiles rules (which could even be indirect if
/etc
is set up for selinux relabeling withZ
).The text was updated successfully, but these errors were encountered: