Rewrite livefs (in Rust) #2293
Merged
Rewrite livefs (in Rust) #2293
Commits on Nov 15, 2020
-
Now always based on an overlayfs: ostreedev/ostree@f2773c1 This fixes a whole swath of problems with the previous design, including the danger in replacing `/usr/lib/ostree-boot` which broke booting for some people. Further, we don't need to push a rollback deployment; the livefs changes are always transient. So now we store livefs state in `/run` instead of in the origin file. Since we're doing a rewrite, it's now in Rust for much more safety. We also always work in terms of incremental diffs between commits; the previous huge hammer of swapping `/usr` was way too dangerous.
-
service: Enable ProtectHome=true
We have no business accessing `/var/roothome` or `/var/home`. In general the ostree design clearly avoids touching those, but since systemd offers us easy tools to toggle on protection, let's use them. In the future it'd be nice to do something like using `DynamicUser=yes` for the main service, and have a system `rpm-ostreed-transaction.service` that runs privileged but as a subprocess.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.