We want to enable composefs by default for Fedora Atomic Desktops, Fedora CoreOS and Fedora IoT. This makes the root mount of the system (/) a truly read only filesystem, increasing the system integrity and robustness. This is the first step toward a full at runtime verification of filesystem integrity.
This change will be enabled only for the Bootable Container images of Fedora Atomic Desktops and not the classic ostree ones. Change proposal devel-announce post Discourse discussion Owners: @siosm @pwhalen @jbtrystram
Owners, do not implement this work until the FESCo vote has explicitly ended. The Fedora Program Manager will create a tracking bug in Bugzilla for this Change, which is your indication to proceed. See the FESCo ticket policy and the Changes policy for more information.
REMINDER: This ticket is for FESCo members to vote on the proposal. Further discussion should happen in the devel list thread linked above.
I'm concerned this is going to wind up in a similar state as what keeps happening with bootupd enablement, but sure, I guess. +1
+1
APPROVED after a week (+5, 0, 0)
Metadata Update from @salimma: - Issue tagged with: pending announcement
Announced in https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/GCJFGO4X2UUFDLNTOAI7SK5ODBQ6JBYK/#72M3MGF6YXXRPFT6ZEUQ5LSSQG6QQKD2
Metadata Update from @salimma: - Issue untagged with: pending announcement - Issue close_status updated to: Accepted - Issue status updated to: Closed (was: Open)
Log in to comment on this ticket.