Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Enable opt-usrlocal-overlays by default #1681

Closed
travier opened this issue Feb 29, 2024 · 5 comments
Closed

Enable opt-usrlocal-overlays by default #1681

travier opened this issue Feb 29, 2024 · 5 comments
Labels
kind/enhancement

Comments

@travier
Copy link
Member

travier commented Feb 29, 2024
edited
Loading

Describe the enhancement

opt-usrlocal-overlays: boolean, optional: Defaults to false. By default, /opt and /usr/local are symlinks to subdirectories in / var. This prevents the ability to compose with packages that install in those directories. If enabled, RPMs with /opt and /usr/local content are allowed; client-side, both paths are writable overlay directories on. Requires libostree v2023.9+.

See:

System details

N/A

Additional information

For Atomic Desktops, see: https://gitlab.com/fedora/ostree/sig/-/issues/20
@cgwalters
Copy link
Member

Enabling by default would definitely escalate the divergence in things.

@cgwalters
Copy link
Member

I think we need to start with telling anyone who wants to use package layering client side with opt to enable the service.

@jlebon
Copy link
Member

jlebon commented Feb 29, 2024

Yeah, I don't think it's ready to enable by default yet. We really need more testing on this in real-world use cases to see how it fares. We can definitely document how to enable it for now client-side or in a derived container build (working on that right now).

@AuraHerreroRuiz AuraHerreroRuiz mentioned this issue Apr 9, 2024
Closed
@xynydev xynydev mentioned this issue May 5, 2024
Open
@xynydev
Copy link

xynydev commented May 5, 2024

We can definitely document how to enable it for now client-side or in a derived container build (working on that right now).

If that is possible, I would appreciate the docs before this issue is completed, as I (/we) currently resort to a pretty ugly workaround for installing packages into /opt/ when building a derived container image.

@jlebon
Copy link
Member

jlebon commented Jul 5, 2024
edited
Loading

Just circling back here. Currently, we are no longer considering turning on state overlays by default. The ideal fix for /opt packages is to add symlinks to /var subdirs for the subpaths of /opt that need to be writable. That gives you the most immutability where possible, while poking holes only as needed. But it of course requires knowing what to symlink, which is software-dependent.

Both state overlays and transient root are easier alternatives which will make things Just Work, but with the tradeoff of allowing more mutability than necessary. This is documented in https://containers.github.io/bootc/filesystem.html#opt, in which I'm working to add the state overlay option (containers/bootc#668).

Note that in FCOS, all of this is gated on #1718.

@jlebon jlebon closed this as not planned Won't fix, can't repro, duplicate, stale Jul 5, 2024
This was referenced Jul 5, 2024
Open
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
kind/enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cgwalters @jlebon @xynydev @travier