Re: the need for a discoverable sub-volumes specification

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

On Di, 09.11.21 19:48, Topi Miettinen (toiwoton@xxxxxxxxx) wrote:

> > i.e. we'd drop the counting suffix.
>
> Could we have this automatic versioning scheme extended also to service
> RootImages & RootDirectories as well? If the automatic versioning was also
> extended to services, we could have A/B testing also for RootImages with
> automatic fallback to last known good working version.

At least in the case of RootImage= this was my implied assumption:
we'd implement the same there, since that uses the exact same code as
systemd-nspawn's image dissection and we definitely want it there.

Doing this RootDirectory= would make a ton of sense too I guess, but
it's not as obvious there: we'd need to extend the setting a bit I
think to explicitly enable this logic. As opposed to the RootImage=
case (where the logic should be default on) I think any such logic for
RootDirectory= should be opt-in for security reasons because we cannot
safely detect environments where this logic is desirable and discern
them from those where it isn't. In RootImage= we can bind this to the
right GPT partition type being used to mark root file systems that are
arranged for this kind of setup. But in RootDirectory= we have no
concept like that and the stuff inside the image is (unlike a GPT
partition table) clearly untrusted territory, if you follow what I am
babbling.

Or in other words: to enable this for RootDirectory= we probably need
a new option RootDirectoryVersioned= or so that takes a boolean.

Lennart

--
Lennart Poettering, Berlin
[Index of Archives]     [LARTC]     [Bugtraq]     [Yosemite Forum]     [Photo]

  Powered by Linux