btrfs snapshots, rollbacks

Hubert Kario hkario at redhat.com
Thu Feb 13 17:11:25 UTC 2014 

----- Original Message -----
> From: "Chris Murphy" <lists at colorremedies.com>
> To: "Hubert Kario" <hkario at redhat.com>
> Cc: security at lists.fedoraproject.org
> Sent: Thursday, 13 February, 2014 5:58:45 PM
> Subject: Re: btrfs snapshots, rollbacks
> 
> 
> On Feb 13, 2014, at 9:27 AM, Hubert Kario <hkario at redhat.com> wrote:
> > 
> >>> The logs are a different matter, we should aim to preserve them. Dunno
> >>> where
> >>> journald is in this picture (binary log forward and backward
> >>> compatibility).
> >> 
> >> If by preserve you mean a single contiguous log location, then that
> >> implies
> >> needing a subvolume for logs. For example:
> >> 
> >> http://lists.freedesktop.org/archives/systemd-devel/2014-January/016253.html
> >> 
> >> I have implemented this and it appears to work, although probably it
> >> should
> >> be a log subvolume mounted at /var/log so that all logs can be kept
> >> contiguous, not just the journal.
> > 
> > Yes, that's what I was thinking about.
> > 
> > If we're going to support update rollback through snapshots I think that
> > /var/log should be kept separate in default install.
> 
> I don't know where Fedora is at with Btrfs by default, let alone how the
> Workstation PRD envisions implementing "Better upgrade/rollback control" or
> how any other Fedora product considers such functionality should work. There
> is this:
> 
> http://fedoraproject.org/wiki/Changes/Rollback
> 
> But that only mentions LVM thin provisioning. Not Btrfs.
> 
> Yet the same concern with logs applies to LVM snapshotting and rollback. So
> if /var/log should be kept separate in a default install then it sounds like
> you'd support an RFE for anaconda that calls for automatic partitioning
> creating a log subvolume/LV to be mounted at /var/log. True?

yes
 
> I think the rule would be something like "if rootfs is on Btrfs or a virtual
> LV, then automatically create a "log" subvolume/LV and mount it at
> /var/log". Ack/nack/patch?

Sounds reasonable

-- 
Regards,
Hubert Kario
Quality Engineer, QE BaseOS Security team
http://wiki.brq.redhat.com/hkario
Email: hkario at redhat.com
Web: www.cz.redhat.com
Red Hat Czech s.r.o., Purkyňova 99/71, 612 45, Brno, Czech Republic

More information about the security mailing list