** Description changed: [Impact] - * In cloud images, the ESP is currently mounted with default (0755) - permissions. This means anyone can read the ESP partition. This can - cause security issues as sensitive data might be put in this - partition[1] + * In cloud images, the ESP is currently mounted with default (0755) + permissions. This means anyone can read the ESP partition. This can + cause security issues as sensitive data might be put in this + partition[0] - * The root filesystem partition uses defaults mount options. In case - of filesystem error, it is safer to use `remount-ro`. Also for cloud - usage (where storage can be expensive) it makes sense to mount the - root filesystem with `discard`. This will also align cloud images - fstab with what we have elsewhere. + * The root filesystem partition uses defaults mount options. In case + of filesystem error, it is safer to use `remount-ro`. Also for cloud + usage (where storage can be expensive) it makes sense to mount the + root filesystem with `discard`. This will also align cloud images + fstab with what we have elsewhere. [Test Plan] - * Start a GCE or a KVM instance + * Start a GCE or a KVM instance - * Check `/etc/fstab` content + * Check `/etc/fstab` content [Where problems could occur] - * Some users can have automation in place change those defaults. This - change might break their automation. + * Some users can have automation in place change those defaults. This + change might break their automation. - * `error=remount-ro` might create issues for certain user. Especially if - the filesystem superblock default was set to `error=continue`. For - those users, any error that was previously ignored will make the - filesystem read-only. + * `error=remount-ro` might create issues for certain user. Especially if + the filesystem superblock default was set to `error=continue`. For + those users, any error that was previously ignored will make the + filesystem read-only. - * `discard` parameter might have an impact on i/o throughput and reduce - read/write speed. Also some particular disk might have issues with - TRIM commands[2]. - - [0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11 - [1] http://cloud-images.ubuntu.com/daily/server/focal/current/ - [2] https://wiki.debian.org/SSDOptimization#WARNING + * `discard` parameter might have an impact on i/o throughput and reduce + read/write speed. Also some particular disk might have issues with + TRIM commands[1]. [original description] The default fstab entries for ubuntu cloud images are: LABEL=cloudimg-rootfs / ext4 defaults 0 0 LABEL=UEFI /boot/efi vfat defaults 0 0 These entries do not align with the defaults that we use elsewhere. We should decide on the defaults for fstab, and apply those consistently across all Ubuntu images. -- quoted from ~xnox: I expect [these entries] to be: LABEL=cloudimg-rootfs / ext4 discard,errors=remount-ro 0 1 LABEL=UEFI /boot/efi vfat umask=0077 0 1 + + + [0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11 + [1] https://wiki.debian.org/SSDOptimization#WARNING
-- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1902103 Title: Ensure default fstab options are sane and consistent across all images To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1902103/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
