Skip to content

feat: krun_set_rootfs_read_only #347

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

feat: krun_set_rootfs_read_only #347

wants to merge 1 commit into from

Conversation

ggoodman
Copy link
Contributor

@ggoodman ggoodman commented Jun 6, 2025

Introduce krun_set_rootfs_read_only which affects the "ro" or "rw" flags being injected into kernel command-line arguments.

This should be mutually exclusive from krun_set_kernel. I'm happy to refine this to add some validation for that situation. I think I'd have to make the flag an Option<bool> or it wouldn't be possible to distinguish someone actively setting the rootfs to rw (by passing false) from the default situation in a later call to krun_set_kernel.

Fixes #343

@ggoodman
feat: krun_set_rootfs_read_only
466f953 
Introduce `krun_set_rootfs_read_only` which affects the `"ro"` or `"rw"` flags being injected into kernel command-line arguments.

This should be mutually exclusive from `krun_set_kernel`. I'm happy to refine this to add some validation for that situation. I think I'd have to make the flag an `Option<bool>` or it wouldn't be possible to distinguish someone actively setting the rootfs to rw (by passing `false`) from the default situation in a later call to `krun_set_kernel`.

Fixes containers#343

Signed-off-by: Geoffrey Goodman <geoff@goodman.dev>
ggoodman
ggoodman commented Jun 6, 2025
View reviewed changes
src/vmm/src/builder.rs
Comment on lines +534 to +536
kernel_cmdline
.insert_str(format!("{DEFAULT_KERNEL_CMDLINE} rw"))
.unwrap();
Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Since I took rw out of both architectures' DEFAULT_KERNEL_CMDLINE, I figured I had to put it back in here. Not sure how this is consumed though.

@slp
Copy link
Collaborator

slp commented Jun 12, 2025

Thanks for the PR! A couple comments:

  • Instead of trusting the guest kernel to not write to the virtiofs-exposed filesystem, we should implement a read-only mode in virtiofs itself, as virtiofsd does.
  • For consistency with other changes in the API, instead of adding krun_set_rootfs_read_only we should add krun_set_root2, with an additional bool read_only argument.

slp
slp requested changes Jun 12, 2025
View reviewed changes
Copy link
Collaborator

@slp slp left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • Instead of trusting the guest kernel to not write to the virtiofs-exposed filesystem, we should implement a read-only mode in virtiofs itself, as virtiofsd does.
  • For consistency with other changes in the API, instead of adding krun_set_rootfs_read_only we should add krun_set_root2, with an additional bool read_only argument.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@slp slp slp requested changes

@jakecorrenti jakecorrenti Awaiting requested review from jakecorrenti jakecorrenti is a code owner

@MatiasVara MatiasVara Awaiting requested review from MatiasVara MatiasVara is a code owner

@mtjhrc mtjhrc Awaiting requested review from mtjhrc mtjhrc is a code owner

@tylerfanelli tylerfanelli Awaiting requested review from tylerfanelli tylerfanelli is a code owner

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Read-only root filesystem / root filesystem from image
2 participants
@ggoodman @slp