Commit 1bffc0c7 authored by omni's avatar omni Committed by Natanael Copa
Browse files

make overlaytmpfs configurable with overlaytmpfsflags

- default mode=0755 for overlaytmpfs, setting with overlaytmpfsflags
  overrides
- enable rootflags & rootfstype options for underlying rootfs
- force read-only mount of "lowerdir" (root-ro) and read-write mode of
  "upperdir" (root-rw) to mitigate user foot gunnery
parent 0316297f
......@@ -346,8 +346,8 @@ set -- $(cat /proc/cmdline)
myopts="alpine_dev autodetect autoraid chart cryptroot cryptdm cryptheader cryptoffset
cryptdiscards cryptkey debug_init dma init init_args keep_apk_new modules ovl_dev
pkgs quiet root_size root usbdelay ip alpine_repo apkovl alpine_start splash
blacklist overlaytmpfs rootfstype rootflags nbd resume s390x_net dasd ssh_key
BOOTIF zfcp"
blacklist overlaytmpfs overlaytmpfsflags rootfstype rootflags nbd resume s390x_net
dasd ssh_key BOOTIF zfcp"
for opt; do
case "$opt" in
......@@ -526,12 +526,21 @@ if [ -n "$KOPT_root" ]; then
fi
if [ "$KOPT_overlaytmpfs" = "yes" ]; then
# Create mountpoints
mkdir -p /media/root-ro /media/root-rw $sysroot/media/root-ro \
$sysroot/media/root-rw
mount -o ro $KOPT_root /media/root-ro
mount -t tmpfs root-tmpfs /media/root-rw
# Mount read-only underlying rootfs
rootflags="${KOPT_rootflags:+$KOPT_rootflags,}ro"
mount ${KOPT_rootfstype:+-t $KOPT_rootfstype} -o $rootflags \
$KOPT_root /media/root-ro
# Mount writable overlay tmpfs
overlaytmpfsflags="mode=0755,${KOPT_overlaytmpfsflags:+$KOPT_overlaytmpfsflags,}rw"
mount -t tmpfs -o $overlaytmpfsflags root-tmpfs /media/root-rw
# Create additional mountpoints and do the overlay mount
mkdir -p /media/root-rw/work /media/root-rw/root
mount -t overlay -o lowerdir=/media/root-ro,upperdir=/media/root-rw/root,workdir=/media/root-rw/work overlayfs $sysroot
mount -t overlay -o \
lowerdir=/media/root-ro,upperdir=/media/root-rw/root,workdir=/media/root-rw/work \
overlayfs $sysroot
else
if [ "$rootfstype" = "zfs" ]; then
prepare_zfs_root
......
......@@ -67,8 +67,13 @@ this parameter.
Comma-sparated list of kernel modules to load explicitly.
.TP
\fBoverlaytmpfs\fR
When booting from an read-only partition, you can specify this flag to have
your changes written to an in-memory overlayfs.
When booting from a read-only filesystem, you can specify this flag to have
your changes written to an in-memory temporary overlayfs. The underlying
filesystem will always be mounted read-only, the overlay always writable.
.TP
\fBoverlaytmpfsflags=\fIOPTIONS\fR
Optional comma-separated list of tmpfs(5) mount options when \fBoverlaytmpfs\fR
is used. The default is \fBmode=0755,rw\fR, you cannot override \fBrw\fR.
.TP
\fBquiet\fR
Generate less output.
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment