diff options
author | Colin Walters <walters@verbum.org> | 2020-05-17 18:17:37 +0000 |
---|---|---|
committer | Colin Walters <walters@verbum.org> | 2020-08-07 18:57:56 +0000 |
commit | f2773c1b55cdcc7eea0558e4f2505d4ecbd53d62 (patch) | |
tree | 9034ca0c3f2e37962cec4c895c78aa03f483598a /src/ostree | |
parent | 621e1d739444250db67fc685eb29d5665fbb1888 (diff) | |
download | ostree-f2773c1b55cdcc7eea0558e4f2505d4ecbd53d62.tar.gz |
Add "transient" unlock
I was thinking a bit more recently about the "live" changes
stuff https://github.com/coreos/rpm-ostree/issues/639
(particularly since https://github.com/coreos/rpm-ostree/pull/2060 )
and I realized reading the last debates in that issue that
there's really a much simpler solution; do exactly the same
thing we do for `ostree admin unlock`, except mount it read-only
by default.
Then, anything that wants to modify it does the same thing
libostree does for `/sysroot` and `/boot` as of recently; create
a new mount namespace and do the modifications there.
The advantages of this are numerous. First, we already have
all of the code, it's basically just plumbing through a new
entry in the state enumeration and passing `MS_RDONLY` into
the `mount()` system call.
"live" changes here also naturally don't persist, unlike what
we are currently doing in rpm-ostree.
Diffstat (limited to 'src/ostree')
-rw-r--r-- | src/ostree/ot-admin-builtin-unlock.c | 18 |
1 files changed, 17 insertions, 1 deletions
diff --git a/src/ostree/ot-admin-builtin-unlock.c b/src/ostree/ot-admin-builtin-unlock.c index cd466183..6c265f54 100644 --- a/src/ostree/ot-admin-builtin-unlock.c +++ b/src/ostree/ot-admin-builtin-unlock.c @@ -31,9 +31,11 @@ #include <err.h> static gboolean opt_hotfix; +static gboolean opt_transient; static GOptionEntry options[] = { { "hotfix", 0, 0, G_OPTION_ARG_NONE, &opt_hotfix, "Retain changes across reboots", NULL }, + { "transient", 0, 0, G_OPTION_ARG_NONE, &opt_transient, "Mount overlayfs read-only by default", NULL }, { NULL } }; @@ -67,7 +69,17 @@ ot_admin_builtin_unlock (int argc, char **argv, OstreeCommandInvocation *invocat goto out; } - target_state = opt_hotfix ? OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX : OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT; + if (opt_hotfix && opt_transient) + { + glnx_throw (error, "Cannot specify both --hotfix and --transient"); + goto out; + } + else if (opt_hotfix) + target_state = OSTREE_DEPLOYMENT_UNLOCKED_HOTFIX; + else if (opt_transient) + target_state = OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT; + else + target_state = OSTREE_DEPLOYMENT_UNLOCKED_DEVELOPMENT; if (!ostree_sysroot_deployment_unlock (sysroot, booted_deployment, target_state, cancellable, error)) @@ -87,6 +99,10 @@ ot_admin_builtin_unlock (int argc, char **argv, OstreeCommandInvocation *invocat g_print ("Development mode enabled. A writable overlayfs is now mounted on /usr.\n" "All changes there will be discarded on reboot.\n"); break; + case OSTREE_DEPLOYMENT_UNLOCKED_TRANSIENT: + g_print ("A writable overlayfs is prepared for /usr, but is mounted read-only by default.\n" + "All changes there will be discarded on reboot.\n"); + break; } ret = TRUE; |