projects / ostree.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 621e1d7) | patch
Add "transient" unlock
authorColin Walters <walters@verbum.org>
Sun, 17 May 2020 18:17:37 +0000 (18:17 +0000)
committerColin Walters <walters@verbum.org>
Fri, 7 Aug 2020 18:57:56 +0000 (18:57 +0000)
commitf2773c1b55cdcc7eea0558e4f2505d4ecbd53d62
tree9034ca0c3f2e37962cec4c895c78aa03f483598atree | snapshot
parent621e1d739444250db67fc685eb29d5665fbb1888commit | diff
Add "transient" unlock

I was thinking a bit more recently about the "live" changes
stuff https://github.com/coreos/rpm-ostree/issues/639
(particularly since https://github.com/coreos/rpm-ostree/pull/2060 )
and I realized reading the last debates in that issue that
there's really a much simpler solution; do exactly the same
thing we do for `ostree admin unlock`, except mount it read-only
by default.

Then, anything that wants to modify it does the same thing
libostree does for `/sysroot` and `/boot` as of recently; create
a new mount namespace and do the modifications there.

The advantages of this are numerous.  First, we already have
all of the code, it's basically just plumbing through a new
entry in the state enumeration and passing `MS_RDONLY` into
the `mount()` system call.

"live" changes here also naturally don't persist, unlike what
we are currently doing in rpm-ostree.
src/libostree/ostree-deployment.c diff | blob | history
src/libostree/ostree-deployment.h diff | blob | history
src/libostree/ostree-sysroot-private.h diff | blob | history
src/libostree/ostree-sysroot.c diff | blob | history
src/ostree/ot-admin-builtin-unlock.c diff | blob | history
tests/kolainst/destructive/unlock-transient.sh [new file with mode: 0755] blob
Unnamed repository; edit this file 'description' to name the repository.