From Fedora Project Wiki

< Changes

Revision as of 20:15, 24 January 2022 by Siosm (talk | contribs) (Update)


Enable read only /sysroot for Fedora Silverblue & Kinoite

Summary

Owner

Current status

  • Targeted release: Fedora Linux 37
  • Last updated: 2022-01-24
  • FESCo issue: <will be assigned by the Wrangler>
  • Tracker bug: <will be assigned by the Wrangler>
  • Release notes tracker: <will be assigned by the Wrangler>

Detailed Description

https://github.com/fedora-silverblue/issue-tracker/issues/232

Feedback

Benefit to Fedora

This will make Fedora Silverblue/Kinoite more robust to accidental damage from users.

Scope

  • Proposal owners:
  • Other developers:
  • Policies and guidelines: N/A (not needed for this Change)
  • Trademark approval: N/A (not needed for this Change)
  • Alignment with Objectives: N/A

Upgrade/compatibility impact

How To Test

Only try the following if you are confortable debugging an un-bootable system and have made backups!

$ sudo rpm-ostree kargs --append-if-missing=rw

$ sudo ostree config --repo=/sysroot/ostree/repo set "sysroot.readonly" "true"

$ sudo systemctl reboot

Note that you can not "rollback" to the previous deployment to undo this change. You will have to boot into a Live ISO and edit the config file in the ostree repo to remove this config option.

User Experience

There should be no visible change in user experience.

Dependencies

Requires changes in Anaconda (config?) to set default kargs and property on ostree repo.

Contingency Plan

Revert the change before the release.

Documentation

N/A (not a System Wide Change)

Release Notes

TODO


Retrieved from "https://fedoraproject.org/w/index.php?title=Changes/Silverblue_Kinoite_readonly_sysroot&oldid=635269"