[Ubuntu-phone] Can we make renames work?

Thu May 21 10:16:48 UTC 2015

Oliver Grawert [2015-05-20 17:22 +0200]:
> given the majority (90%) of files in these dirs is *not* writeable
> today, you would prefer to maintain this majority with a hack instead of
> the 30 (or so) writeable files we have in the list today ? even if that
> triples up that#s still a lot less maintenance than having to maintain
> all the non-writeable bits manually ...

Right, I never said it was *easy* to do -- if it was, we would have
done it already :-) But the difference is that writable files will
keep growing and keep breaking file system semantics; this is bearable
in Touch and Snappy still, but it will completely break down if you
want to apply this to e. g. servers, charming, etc., and will be a
loooot of work even on desktops. Consider how many weeks we had to
spend on something as "simple" (in terms of installed packages and
exposed services) as snappy already to make system-image with
read-only /etc/ work there; I can only imagine how long it would take
on desktop (aka "snappy personal").

Sure, we currently have a lot more read-only files in /etc, but the
point/motivation is that this is a list which we should shrink over
time, not enlarge. There is a lot of stuff which shouldn't be there at
all, like init.d scripts, upstart jobs, SSL certificates, etc.  These
should go into /usr (or /lib in the case of system upstart jobs,
although this will be moot soon anyway), and the admin can overwrite
them in /etcs (much like udev rules or systemd units). Then /etc will
only ever contain the local customizations which we don't touch on
upgrades, while all the system defaults are in the read-only /usr (or
/lib).

There's also a "bulk hack" solution here: During image build, we move
everythign in /etc/ to /usr/share/etc (or similar).
The first time you boot a device it has an empty /etc, and then we
copy everything from /usr/share/etc/ to /etc/. Of course this should
be cleaned up over time, but it avoids having to wait for cleaning up
everything until we can make the switch to a "proper" /etc/.

> couldn't we do something with ACLs here ... leave the dirs writeable,
> apply a read only ACL setup to all files with a small set of
> exceptions ?

Yes, I like that idea. AppArmor is a lot simpler to grok and maintain
(globs!) than bind mount farms ;-) With a "pristine" /usr/share/etc/
we can even autogenerate this.

So, this is a proposal for now, which certainly needs some more
discussion. AFAIK we've never had an UOS or similar discussion how to
improve the design of system-image, maybe it's time for that?

Yes, fixing it properly will be lots of work. But it'll also be lots
of work to perpetuate this hack for larger/other use cases, and that
kind of work is just frustrating (at least to me).

Thanks,

Martin

-- 
Martin Pitt                        | http://www.piware.de
Ubuntu Developer (www.ubuntu.com)  | Debian Developer  (www.debian.org)