Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enabling composefs by default in IoT (Fedora 41 Change) #52

Open
pcdubs opened this issue Jun 19, 2024 · 1 comment
Open

Enabling composefs by default in IoT (Fedora 41 Change) #52

pcdubs opened this issue Jun 19, 2024 · 1 comment
Labels
enhancement New feature or request f41 Fedora 41

Comments

@pcdubs
Copy link
Member

pcdubs commented Jun 19, 2024

From the F41 change:

Enabling composefs by default makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.

Full details:
https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT

See:
https://github.com/containers/composefs
https://docs.kernel.org/filesystems/erofs.html
https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt
https://blogs.gnome.org/alexl/2024/01/15/testing-composefs-in-silverblue/
@pcdubs pcdubs added enhancement New feature or request f41 Fedora 41 labels Jun 19, 2024
@travier
Copy link

travier commented Jul 17, 2024

This has been approved by FESCo: https://pagure.io/fesco/issue/3240

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request f41 Fedora 41
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@pcdubs @travier