Skip to content

Commit

Permalink
Make more filesystem paths readonly (#496)
Browse files Browse the repository at this point in the history
* Add new default dataset for /root
* Make /opt readonly
* Make / readonly
  • Loading branch information
anodos325 authored Sep 28, 2023
1 parent 5610e23 commit d127911
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 0 deletions.
3 changes: 3 additions & 0 deletions truenas_install/__main__.py
Original file line number Diff line number Diff line change
Expand Up @@ -702,6 +702,9 @@ def main():
run_command(["zfs", "set", f"mountpoint={mp}", this_ds])
run_command(["zfs", "set", 'org.zectl:bootloader=""', this_ds])

run_command(["zfs", "set", "readonly=on", dataset_name])
run_command(["zfs", "snapshot", f"{dataset_name}@pristine"])

except Exception:
if old_bootfs_prop != "-":
run_command(["zpool", "set", f"bootfs={old_bootfs_prop}", pool_name])
Expand Down
6 changes: 6 additions & 0 deletions truenas_install/fhs.py
Original file line number Diff line number Diff line change
Expand Up @@ -119,7 +119,13 @@
},
{
'name': 'opt',
'options': ['NOSUID', 'NOACL', 'RO'],
'snap': True
},
{
'name': 'root',
'options': ['NOSUID', 'NOACL'],
'mode': 0o700,
'snap': True
},
{
Expand Down

0 comments on commit d127911

Please sign in to comment.