I will revert to the original description and move the SRU template to LP1881006.
** Description changed: - [Impact] - - * In cloud images, the ESP is currently mounted with default (0755) - permissions. This means anyone can read the ESP partition. This can - cause security issues as sensitive data might be put in this - partition[0] - - * The root filesystem partition uses defaults mount options. In case - of filesystem error, it is safer to use `remount-ro`. Also for cloud - usage (where storage can be expensive) it makes sense to mount the - root filesystem with `discard`. This will also align cloud images - fstab with what we have elsewhere. - - [Test Plan] - - * Build an uefi image from the ubuntu-cpc project in livecd-rootfs - - * Launch in KVM - - * Check `/etc/fstab` content - - * Check that mount options are reflected in 'mount' command output - - * Ensure a non-root user can not access /boot/efi - - * Check 'lsblk -D' output to see that there is a non-zero discard block - size for the root device (this check may be imperfect, the goal is to - check that discard from fstab is enabled if available from the - underlying block device) - - [Where problems could occur] - - * Some users can have automation in place change those defaults. This - change might break their automation. - - * `error=remount-ro` might create issues for certain user. Especially if - the filesystem superblock default was set to `error=continue`. For - those users, any error that was previously ignored will make the - filesystem read-only. - - * `discard` parameter might have an impact on i/o throughput and reduce - read/write speed. Also some particular disk might have issues with - TRIM commands[1]. - - [original description] The default fstab entries for ubuntu cloud images are: LABEL=cloudimg-rootfs / ext4 defaults 0 0 LABEL=UEFI /boot/efi vfat defaults 0 0 These entries do not align with the defaults that we use elsewhere. We should decide on the defaults for fstab, and apply those consistently across all Ubuntu images. -- - quoted from ~xnox: I expect [these entries] to be: + quoted from ~xnox: the expect [these entries] to be: LABEL=cloudimg-rootfs / ext4 discard,errors=remount-ro 0 1 LABEL=UEFI /boot/efi vfat umask=0077 0 1 - - [0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11 - [1] https://wiki.debian.org/SSDOptimization#WARNING -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1902103 Title: Ensure default fstab options are sane and consistent across all images To manage notifications about this bug go to: https://bugs.launchpad.net/cloud-images/+bug/1902103/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
