Enabling composefs by default in IoT (Fedora 41 Change)

Question

Enabling composefs by default in IoT (Fedora 41 Change)

pcdubs opened this issue 5 months ago · 1 comments

From the F41 change:

Enabling composefs by default makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.

Full details:
https://fedoraproject.org/wiki/Changes/ComposefsAtomicCoreOSIoT

See:
https://github.com/containers/composefs
https://docs.kernel.org/filesystems/erofs.html
https://www.kernel.org/doc/Documentation/filesystems/overlayfs.txt
https://blogs.gnome.org/alexl/2024/01/15/testing-composefs-in-silverblue/

Answer 1 · 2024-07-17T10:36:11.000Z

This has been approved by FESCo: https://pagure.io/fesco/issue/3240