Thank you for the report.

On 02/06/2019 20:43, Dark Penguin wrote:
> In lockfs mode, if there are any vfat mounts to be protected, they are
> ignored and simply mounted as read-write. Everything else is properly
> protected with overlayfs.
> Isn't it kind of dangerous?.. The user is expecting everything to be safe!

Currently, lockfs-notify is expected to advertise the user that some
mounts are not locked.

> If it is not possible to protect a vfat filesystem due to overlayfs
> limitations, then maybe it should be mounted read-only instead of
> read-write? At least then the user will notice it before breaking
> something, and add it to the whitelist if they want it read-write,
> easily replicating the current behaviour. And currently, there is no way
> to do the opposite - which is, "in lockfs mode, mount everything that
> can not be properly protected as read-only".

Yes, it is not possible to protect a vfat filesystem due to overlayfs
limitations. Installing aufs-dkms, and automatically using aufs module
instead of overlay module solves the issue.

But you're right, this points to a more general issue about the mount
fallback implementation: in case of mount error, the filesystem is
mounted as is (i.e. as it were without lockfs). But blindly mount it
read-only may also break things, and the user should keep the last word.

So this issue will probably be fixed in the next release of bilibop,
with a bilibop.conf option (and its corresponding boot commandline
parameter to override it), as for example:
BILIBOP_LOCKFS_MOUNT_FALLBACK="ro" (or 'rw' or 'skip' or...)


Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to