Skip to content

Allow writable /var and /etc directories #2522

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
helsaawy merged 1 commit into from
Oct 30, 2025
Merged

Allow writable /var and /etc directories #2522

helsaawy merged 1 commit into from
Oct 30, 2025

Conversation

@helsaawy
Copy link
Contributor

@helsaawy helsaawy commented Sep 18, 2025

Binaries in the uVM can require writing to (or be configured by) files in /var (or /etc, respectively).

An LCOW uVM VHD-backed rootfs, however, is readonly (as opposed to WCOW, which creates a new snapshot and therefor scratch VHD per uVM). Remedy this by creating overlay mounts for the two directories, enabled by the /init flag -w.

Use overlay instead of creating a tmpfs mount directly over the directories (which is done for /run and /tmp) to preserve existing content in the rootfs.

Add a new WritableOverlayDirs annotation to enable the feature. Make the annotation internal (unpublished) since:

  • it is implementation dependent (i.e., how LCOW uVMs are run could conceivably change in the future); and
  • the feature is aimed at more advanced use cases where users are modifying the LCOW uVMs rootfs and should be familiar with hcshims's inner workings

@helsaawy helsaawy requested a review from a team as a code owner September 18, 2025 17:52
apurv15
apurv15 reviewed Sep 19, 2025
View reviewed changes
init/init.c
#define VAR_OVERLAY_PATH OVERLAY_PATH "/var"
#define ETC_OVERLAY_PATH OVERLAY_PATH "/etc"

const struct InitOp overlay_ops[] = {
Copy link
Contributor

@apurv15 apurv15 Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Would hard-coding this be restrictive?
Say tomorrow somebody wants to write logs to /tmp and want it to be overlay.

Copy link
Contributor Author

@helsaawy helsaawy Sep 19, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

yes, but the flipside would be the complexity of C code needed to handle parsing and validating a list of user-provided directories from the command line

Copy link
Contributor

@apurv15 apurv15 Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

True, but we will future proof this so that we don't need code change every time new directory needs to be writable.
Should we pass something like "--overlay-dirs=/etc,/var,/opt" to init process?

Copy link
Contributor Author

@helsaawy helsaawy Sep 22, 2025

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

we can always add that in the future, but i think the long option parsing and additional path validation would over-complicate this already complicated PR

@helsaawy helsaawy force-pushed the ms-rel-init-overlay-rw branch from b518f5d to 9772b9c Compare October 20, 2025 16:51
@helsaawy helsaawy changed the base branch from ms/release/0.1 to main October 20, 2025 16:52
@helsaawy helsaawy force-pushed the ms-rel-init-overlay-rw branch from 9772b9c to 3d71f98 Compare October 21, 2025 14:59
@helsaawy
Allow writable /var and /etc directories
d9dcfe2 
Binaries in the uVM can require writing to (or be configured by) files
in `/var` (or `/etc`, respectively).

An LCOW uVM VHD-backed rootfs, however, is readonly (as opposed to
WCOW, which creates a new snapshot and therefor scratch VHD per uVM).
Remedy this by creating `overlay` mounts for the two directories,
enabled by the `/init` flag `-w`.

Use `overlay` instead of creating a `tmpfs` mount directly over the
directories (which is done for `/run` and `/tmp`) to preserve existing
content in the rootfs.

Add a new `WritableOverlayDirs` annotation to enable the feature.
Make the annotation internal (unpublished) since:
 - it is implementation dependent (i.e., how LCOW uVMs are run could
   conceivably change in the future); and
 - the feature is aimed at more advanced use cases where users are
   modifying the LCOW uVMs rootfs and should be familiar with
   `hcshims`'s inner workings

Signed-off-by: Hamza El-Saawy <hamzaelsaawy@microsoft.com>
@helsaawy helsaawy force-pushed the ms-rel-init-overlay-rw branch from 3d71f98 to d9dcfe2 Compare October 30, 2025 15:29
@helsaawy helsaawy merged commit 46a5382 into microsoft:main Oct 30, 2025
17 checks passed
@helsaawy helsaawy deleted the ms-rel-init-overlay-rw branch October 30, 2025 15:58
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@apurv15 apurv15 apurv15 left review comments

@jterry75 jterry75 jterry75 approved these changes

@jiechen0826 jiechen0826 jiechen0826 approved these changes

Assignees

@jterry75 jterry75

@jiechen0826 jiechen0826

@apurv15 apurv15

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@helsaawy @jterry75 @jiechen0826 @apurv15