Skip to content

Commit

Permalink
Mount /boot ro by default
Browse files Browse the repository at this point in the history
See containers/bootc#294
This is particularly motivated by CentOS/centos-bootc-dev#27
because with that suddenly `dnf` will appear to start working
but trying to do anything involving the kernel (i.e. mutating `/boot`)
will end in sadness, and this puts a stop to that.

(This also relates of course to ye olde osbuild#18
 where we want the partitioning setup in the default case
 to come from the container)

Signed-off-by: Colin Walters <[email protected]>
  • Loading branch information
cgwalters committed Feb 14, 2024
1 parent 4bfb69b commit 0da5251
Showing 1 changed file with 7 additions and 2 deletions.
9 changes: 7 additions & 2 deletions bib/cmd/bootc-image-builder/partition_tables.go
Original file line number Diff line number Diff line change
Expand Up @@ -9,6 +9,11 @@ import (
const (
MebiByte = 1024 * 1024 // MiB
GibiByte = 1024 * 1024 * 1024 // GiB
// BootOptions defines the mountpoint options for /boot
// See https://github.com/containers/bootc/pull/341 for the rationale for
// using `ro` by default. Briefly it protects against corruption
// by non-ostree aware tools.
BootOptions = "ro"
)

var partitionTables = distro.BasePartitionTableMap{
Expand Down Expand Up @@ -44,7 +49,7 @@ var partitionTables = distro.BasePartitionTableMap{
Type: "ext4",
Mountpoint: "/boot",
Label: "boot",
FSTabOptions: "defaults",
FSTabOptions: BootOptions,
FSTabFreq: 1,
FSTabPassNo: 2,
},
Expand Down Expand Up @@ -89,7 +94,7 @@ var partitionTables = distro.BasePartitionTableMap{
Type: "ext4",
Mountpoint: "/boot",
Label: "boot",
FSTabOptions: "defaults",
FSTabOptions: BootOptions,
FSTabFreq: 1,
FSTabPassNo: 2,
},
Expand Down

0 comments on commit 0da5251

Please sign in to comment.