Use composefs by default
Composefs is the next step toward better integrity guarantees on Atomic Desktops.
We want to enable it for Fedora Atomic Desktops, for both classic and Bootable Containers systems.
Note: The initial version of this change was targeting only the bootable containers.
It is also already enabled by default on Fedora Bootable Containers (bootc) images.
Change page: https://fedoraproject.org/wiki/Changes/ComposefsAtomicDesktops
This work is part of the roadmap to Fedora Bootable Containers:
- #26
- fedora/bootc/tracker#11 (closed)
- Fedora CoreOS tracker: https://github.com/coreos/fedora-coreos-tracker/issues/1718
Current limits:
- Issues with ostree-grub:
- https://github.com/containers/composefs/issues/280
- https://github.com/ostreedev/ostree/issues/3198
- https://github.com/coreos/rpm-ostree/issues/4664
- We should consider removing ostree-grub in ostree-containers: https://github.com/fedora-silverblue/issue-tracker/issues/120
- This means moving to static GRUB configs: https://github.com/fedora-silverblue/issue-tracker/issues/530
- This means that we need to complete the bootupd support: #1 (closed)
- And complete the dual boot story: https://github.com/fedora-silverblue/issue-tracker/issues/530
- No longer possible to create root level direcotries (
chattr -iworkaround):- Requires derivation, thus the container flow
- https://github.com/coreos/rpm-ostree/issues/337
- Alternative: https://github.com/ostreedev/ostree/pull/3114
- Issues with kdump:
Edited by Timothée Ravier