Package: bilibop-lockfs Version: 0.5.6 In lockfs mode, if there are any vfat mounts to be protected, they are ignored and simply mounted as read-write. Everything else is properly protected with overlayfs.
Isn't it kind of dangerous?.. The user is expecting everything to be safe! If it is not possible to protect a vfat filesystem due to overlayfs limitations, then maybe it should be mounted read-only instead of read-write? At least then the user will notice it before breaking something, and add it to the whitelist if they want it read-write, easily replicating the current behaviour. And currently, there is no way to do the opposite - which is, "in lockfs mode, mount everything that can not be properly protected as read-only". This is reproducible on Debian Buster amd64 , and also on Raspbian Stretch with bilibop 0.5.6 from Debian Buster armhf. -- darkpenguin