You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This breaks coreos-ignition-setup-user.sh which is used in various flows to copy the Ignition config to /usr/lib/ignition/.
Let's have Ignition also support sourcing from /run and /etc, which is standard nowadays for a lot of services. I think coreos-ignition-setup-user would probably want to use /etc since it's lifecycled with the initramfs, so we don't have to worry about cleaning it up.
The text was updated successfully, but these errors were encountered:
jlebon
added a commit
to jlebon/fedora-coreos-config
that referenced
this issue
Jun 18, 2024
systemd v256 now runs the initrd with `ProtectSystem=yes`, which makes
`/usr` read-only:
https://github.com/systemd/systemd/blob/07748c53df5a72111d8b3eef49d275210d6018cd/NEWS#L168-L175
This breaks coreos-ignition-setup-user which wants to copy the Ignition
config to `/usr/lib/ignition`.
I think the right fix for this is to have Ignition learn to also source
from `/etc` and `/run`, which is the standard nowadays:
coreos/ignition#1891
But for now at least, we can safely remount `/usr` read-write ourselves
without affecting the rest of the system since we're already running
with `MountFlags=slave`.
systemd v256 now runs the initrd with `ProtectSystem=yes`, which makes
`/usr` read-only:
https://github.com/systemd/systemd/blob/07748c53df5a72111d8b3eef49d275210d6018cd/NEWS#L168-L175
This breaks coreos-ignition-setup-user which wants to copy the Ignition
config to `/usr/lib/ignition`.
I think the right fix for this is to have Ignition learn to also source
from `/etc` and `/run`, which is the standard nowadays:
coreos/ignition#1891
But for now at least, we can safely remount `/usr` read-write ourselves
without affecting the rest of the system since we're already running
with `MountFlags=slave`.
Starting from systemd v256, systemd units in the initramfs run with
ProtectSystem=
by default. This means that/usr
is now mounted read-only there:https://github.com/systemd/systemd/blob/07748c53df5a72111d8b3eef49d275210d6018cd/NEWS#L168-L175
This breaks
coreos-ignition-setup-user.sh
which is used in various flows to copy the Ignition config to/usr/lib/ignition/
.Let's have Ignition also support sourcing from
/run
and/etc
, which is standard nowadays for a lot of services. I thinkcoreos-ignition-setup-user
would probably want to use/etc
since it's lifecycled with the initramfs, so we don't have to worry about cleaning it up.The text was updated successfully, but these errors were encountered: