Re: /home and /root handling

From: Dan Nicholson <nicholson endlessm com>
To: Colin Walters <walters verbum org>
Cc: ostree-list gnome org
Subject: Re: /home and /root handling
Date: Sat, 23 Dec 2017 07:35:16 -0600

On Sat, Dec 23, 2017 at 3:26 AM, Colin Walters <walters verbum org> wrote:

On Fri, Dec 22, 2017, at 12:27 PM, Dan Nicholson wrote:

In https://developer.gnome.org/ostree/stable/layout.html, it's
suggested that /home be a symlink to /var/home, which is then a
symlink to /sysroot/home, and that /root be a symlink to
/var/roothome.

It seems to me like it would be simpler to just have /home be a
symlink to /sysroot/home and /root be a symlink to /sysroot/root. Both
directories are created by "ostree admin init-fs" and /sysroot is the
persistent system wide path. Both /sysroot and /var require special
bind mounts, so it's not like one or the other is safer in the event
of failures.


Obviously a lot of this is (and should be) flexible.  That said I personally
like the idea that all state is underneath /var.  It's a simple and easy story
to tell.


I agree that it's nice that most of the state is under /var, but
that's not actually how it is today since /home and /ostree resolve
into /sysroot. Putting things in /var also means that you lose the
system wide nature if you were to deploy multiple OSes. Having /home
and /root shared across those seems important to me, which is why we
have the current /home setup as it is.

See also: https://github.com/ostreedev/ostree/issues/1265
With your suggestions we couldn't easily make `/sysroot` read-only.


I think you're talking more about ostree container while I'm thinking
about ostree host. In an ostree host, you couldn't make /sysroot
read-only since that's where /sysroot/ostree lives and you'd never be
able to update. It's also more desirable to have a true system wide
/home and /root. In a container, you probably want to prevent writes
to /ostree entirely, but you also care a lot less about /home and
/root as long as they're persistent. Making /home and /root bound to
an "OS" probably does make sense in a container.

And I'd like to move `/tmp` to something like `/var/tmp/tmpfs` or something?


Why handle /tmp at all? Don't you just mount a tmpfs over it?

Now that I'm thinking about this some more, it think it would be an
improvement for ostree host if /ostree, /home and /root where bind
mounts from their /sysroot equivalents. I think you could extend
ostree-prepare-root/systemd-generator to make mount units for each of
those if they were a directory rather than a symlink. Then maybe you
could convert /sysroot to be read-only. Not sure if that's totally
possible to have a parent mount be ro and a child bind mount rw.

Follow-Ups:
- Re: /home and /root handling
  - From: Colin Walters

References:
- /home and /root handling
  - From: Dan Nicholson
- Re: /home and /root handling
  - From: Colin Walters

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]