Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[RFE] Read-only root partition after first boot #1605

Open
sergey-cheperis opened this issue Dec 30, 2024 · 0 comments
Open

[RFE] Read-only root partition after first boot #1605

sergey-cheperis opened this issue Dec 30, 2024 · 0 comments
Labels
kind/feature A feature request

Comments

@sergey-cheperis
Copy link

Current situation

For improved security I was trying to run Flatcar VM in an environment where:

  • /var is located on a writable image.
  • The Flatcar image which includes the boot partition, ROOT, OEM, USR-* becomes read-only on the second (non-ignition) boot.

This environment does not use auto-updates, instead the whole VM image is rebuilt with up-to-date Flatcar, so making it read only seems reasonable according to the least privilege principle.

I've found out that, even on the second and subsequent boots, the system tries to write something in /etc and thus fails to boot.

Impact

I am not able to run the VM from using a read only root image.

Ideal future situation

I would able to run it in an environment where only /var is writable.

Implementation options

I think that the functionality which depends on writing /etc on second and subsequent boots is minor and might probably have an option to be turned off. I assume this may be even already possible at the moment but not documented.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/feature A feature request
Projects
Flatcar tactical, release planning, and roadmap
Status: 📝 Needs Triage
Milestone
No milestone
Development

No branches or pull requests
1 participant
@sergey-cheperis