#3240 Change: Enabling composefs by default for Atomic Desktops, CoreOS and IoT
Closed: Accepted 3 months ago by salimma. Opened 3 months ago by amoloney.

We want to enable composefs by default for Fedora Atomic Desktops, Fedora CoreOS and Fedora IoT. This makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.

This change will be enabled only for the Bootable Container images of Fedora Atomic Desktops and not the classic ostree ones.
Change proposal
devel-announce post
Discourse discussion
Owners: @siosm @pwhalen @jbtrystram

Owners, do not implement this work until the FESCo vote has explicitly ended.
The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed.
See the FESCo ticket policy and the Changes policy for more information.

REMINDER: This ticket is for FESCo members to vote on the proposal. Further discussion should happen in the devel list thread linked above.


I'm concerned this is going to wind up in a similar state as what keeps happening with bootupd enablement, but sure, I guess. +1

APPROVED after a week (+5, 0, 0)

Metadata Update from @salimma:
- Issue tagged with: pending announcement

3 months ago

Metadata Update from @salimma:
- Issue untagged with: pending announcement
- Issue close_status updated to: Accepted
- Issue status updated to: Closed (was: Open)

3 months ago

Log in to comment on this ticket.

Metadata