On Fri, Jul 3, 2020, at 9:32 AM, Zbigniew Jędrzejewski-Szmek wrote:
On Fri, Jul 03, 2020 at 09:18:42AM -0400, Colin Walters wrote:
> On Thu, Jul 2, 2020, at 11:53 AM, Zbigniew Jędrzejewski-Szmek wrote:
>
> > It would be great if we could fairly reliably boot with a read-only
> > root file system,
>
> Eh, just mount a tmpfs for /var, and an overlayfs for /etc (backed by a tmpfs).
I see that this thread is one massive communication failure on my part :(
I wrote about "booting successfully with a read-only file system", but I
see that I didn't say "... when the disk cannot be mounted rw because of
file system errors". I thought it'd be clear from the context, but it's
clearly not. Anyway, while I'm a big fan of coreos and read-only-on-purpose,
It's really unfortunate how much confusion there is on the "read only"
topic...
I know there's a fair amount of subtley here but I would hope at least
a few more people in the Fedora community take the time to actually
dive in to the ostree model and understand things.
What I was pointing at is the Fedora CoreOS *LIVE* ISO, which is definitely
fully read only (or phased more usefully), does not support persistence
at all because physical ISOs don't - same as any other "Live" system
from Anaconda to all the others.
But that's a totally distinct thing from merely having /usr mounted ro
by default, while still supporting persistence for /etc and /var (i.e. the ostree model).
I was writing about traditional systems in a read-only-by-accident
scenario,
i.e. about the system behaving gracefully when the disk is ***unexpectedly***
read-only.
That is an important detail indeed =)
To be clear I agree with the effort! I think it's going to get really messy
to take it very far...and that's what I was getting at in arguing for
using overlayfs backed by tmpfs basically.
Or maybe it should be more like a "recovery shell" - rather than trying
to log in as your regular user and watch e.g. Firefox fail because it can't
write to /home and wonder just how much of the next years of your
life is going to involve patching software to make this work ;)
get enough to get the a desktop launched for a separate ephemeral
"live" user with sudo rights or so.