Hi, Thank you for the report.
On 02/06/2019 20:43, Dark Penguin wrote: > In lockfs mode, if there are any vfat mounts to be protected, they are > ignored and simply mounted as read-write. Everything else is properly > protected with overlayfs. > > Isn't it kind of dangerous?.. The user is expecting everything to be safe! Currently, lockfs-notify is expected to advertise the user that some mounts are not locked. > If it is not possible to protect a vfat filesystem due to overlayfs > limitations, then maybe it should be mounted read-only instead of > read-write? At least then the user will notice it before breaking > something, and add it to the whitelist if they want it read-write, > easily replicating the current behaviour. And currently, there is no way > to do the opposite - which is, "in lockfs mode, mount everything that > can not be properly protected as read-only". Yes, it is not possible to protect a vfat filesystem due to overlayfs limitations. Installing aufs-dkms, and automatically using aufs module instead of overlay module solves the issue. But you're right, this points to a more general issue about the mount fallback implementation: in case of mount error, the filesystem is mounted as is (i.e. as it were without lockfs). But blindly mount it read-only may also break things, and the user should keep the last word. So this issue will probably be fixed in the next release of bilibop, with a bilibop.conf option (and its corresponding boot commandline parameter to override it), as for example: BILIBOP_LOCKFS_MOUNT_FALLBACK="ro" (or 'rw' or 'skip' or...) Thanks, quidame
signature.asc
Description: OpenPGP digital signature
