Open pcdubs opened 4 months ago
From the F41 change:
Enabling composefs by default makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.
composefs
Full details: https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT
See: https://github.com/containers/composefs https://docs.kernel.org/filesystems/erofs.html https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt https://blogs.gnome.org/alexl/2024/01/15/testing-composefs-in-silverblue/
This has been approved by FESCo: https://pagure.io/fesco/issue/3240
From the F41 change:
Enabling
composefs
by default makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.Full details: https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT
See: https://github.com/containers/composefs https://docs.kernel.org/filesystems/erofs.html https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt https://blogs.gnome.org/alexl/2024/01/15/testing-composefs-in-silverblue/