Hello everyone, As you might know already, I tried to submit a new dracut module that implements the hermetic-usr approach described by Lennart in his blogpost "Fitting everything together": https://0pointer.net/blog/fitting-everything-together.html. The PR is here: https://github.com/dracut-ng/dracut-ng/pull/1234 While there are some small things to fix, it works well, at least in the environments that I tried. It is able to recreate the whole root from scratch, provided that /usr is existing in a separate partition.It creates a LUKS as well as plaintext root, and supports plaintext /usr as well as dm-verity protected one. Zbigniew pointed me that a dracut module might not be the best way to achieve this, and there might be work in progress already in systemd to achieve the same goal with a separate systemd component. Can you point me to the work that is being done in systemd? More specifically, if there is something similar to what I implemented that puts together systemd-repart with systemd-tmpfiles and sysusers and creates a root. Is there some project already going on that does this? My module uses only 3 systemd units, and most of this stuff could be reused, if you want. Or maybe is it better to continue the work on dracut? Let me know, Emanuele
Hermetic-usr implementation on dracut
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
- Subject: Hermetic-usr implementation on dracut
- From: Emanuele Giuseppe Esposito <eesposit@xxxxxxxxxx>
- Date: Mon, 3 Mar 2025 10:35:46 +0100
- Cc: Zbigniew Jedrzejewski Szmek <zjedrzej@xxxxxxxxxx>
- User-agent: Mozilla Thunderbird
- Follow-Ups:
- Re: Hermetic-usr implementation on dracut
- From: Nils Kattenbeck
- Re: Hermetic-usr implementation on dracut
- Prev by Date: Re: Limit resources of a group of users
- Next by Date: Re: Hermetic-usr implementation on dracut
- Previous by thread: Limit resources of a group of users
- Next by thread: Re: Hermetic-usr implementation on dracut
- Index(es):
 |