Enabling composefs by default in IoT (Fedora 41 Change) - Githubissues

fedora-iot / iot-distro

Issue tracking for the Fedora IoT Edition

BSD 3-Clause "New" or "Revised" License

3 stars 0 forks source link

Enabling composefs by default in IoT (Fedora 41 Change) #52

Open pcdubs opened 4 months ago

pcdubs commented 4 months ago

From the F41 change:

Enabling composefs by default makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.

Full details: https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT

See: https://github.com/containers/composefs https://docs.kernel.org/filesystems/erofs.html https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt https://blogs.gnome.org/alexl/2024/01/15/testing-composefs-in-silverblue/

travier commented 3 months ago

This has been approved by FESCo: https://pagure.io/fesco/issue/3240