Enable read only
/sysroot for Fedora Silverblue & Kinoite
This change is about enabling an opt-in ostree feature that re-mounts
/sysroot as read only to avoid accidental changes.
Users and administrators are not expected to directly interact with the content available there and should instead use the interface offered by rpm-ostree, GNOME Software or (soon) Plasma Discover to manage their system.
This change applies to new and existing installations of Fedora Silverblue and Kinoite and only to new installations of Fedora IoT.
- Name: Timothée Ravier, Tomáš Popela, Jiří Konečný
- Email: firstname.lastname@example.org, email@example.com, firstname.lastname@example.org
- FESCo shepherd: Neal Gompa email@example.com
- Targeted release: Fedora Linux 37
- Last updated: 2022-08-21
- devel thread
- FESCo issue: #2767
- Tracker bug: #2060976
- Release notes tracker: #811
On rpm-ostree based systems, the real root (the root directory of the root partition on the disk) is mounted under the
/sysroot path. By default it contains the state of the system (the content of
etc) as well as the system versions themselves (each versioned copy of
/usr) in the ostree repository (
Example of issue: https://github.com/fedora-silverblue/issue-tracker/issues/232
This change replicates for Fedora Silverblue/Kinoite what has been done in Fedora CoreOS in a previous release.
None so far.
Benefit to Fedora
This will make Fedora Silverblue/Kinoite more robust to accidental damage from users.
- Proposal owners:
- Work on the changes requires for new installations (potentially Anaconda configuration changes) and support for in place updates for existing installations (requires a two step process).
- Other developers:
- Potential Anaconda changes required.
- Release engineering: N/A
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives: N/A
We will create a systemd unit that perform the updates in place for existing systems. This will require a two step process:
rwto kernel arguments
- Enable the
Once the feature is enabled, user won't be able to rollback to previous deployments where the kernel argument is not set. We will have to clearly document that in the documentation for easier troubleshooting.
To avoid that we can either:
- unconditionally add the argument to all deployments. Slightly more risky as we won't benefit from the protection offered by rpm-ostree.
- or have the transition script wait until all deployments have been updated. This will likely happen over one or two update for most users as we have two deployments by default.
Fedora Silverblue and Kinoite will update existing installations to read only. This script is not included in Fedora IoT thus only new installations will be set read only.
How To Test
Only try the following if you are comfortable debugging an un-bootable system and have made backups!
$ sudo rpm-ostree kargs --append-if-missing=rw
$ sudo ostree config --repo=/sysroot/ostree/repo set "sysroot.readonly" "true"
$ sudo systemctl reboot
Note that you can not "rollback" to the previous deployment to undo this change. You will have to either manually append
rw to the kernel command line if missing or boot into a Live ISO and edit the config file in the ostree repo to remove this config option.
There should be no visible change in user experience.
Requires changes in Anaconda to set default kargs and property on ostree repo for new installations.
Revert the change before the release.
N/A (not a System Wide Change)