Mount root filesystem as readonly instead of adding immutable attribute

[yummypeng]

Describe the enhancement

I'm curious why Fedora CoreOS adds an immutable attribute to the root directory / instead of just mounting the root device as read-only. I tried changing the kernel cmdline from rw to ro myself, and didn't see any problems; the system booted fine, and I could still install packages using rpm-ostree.

System details

No response

Additional information

No response

[jbtrystram]

This is solved by the recent enablement of composefs, which should hit stable very soon (next release, so in a couple of weeks)
https://docs.fedoraproject.org/en-US/fedora-coreos/composefs/

As to why the immutable bit rather than ro, it's probably for some historical reasons.. i did a quick search and I did not find an abvious answer, so I'll let someone else answer .

Maybe it's for coreos/rpm-ostree#337 but i am not sure

[yummypeng]

@jbtrystram, could you please provide an update on this issue? We're considering mounting the root filesystem read-only in our production Fedora CoreOS environment, and we need to fully understand the potential drawbacks before proceeding. What are the specific added risks associated with this change? A detailed explanation of the increased risks involved would be greatly appreciated. 🫶

[jbtrystram]

As I mentioned, the root will be read-only by default in the next release through a composefs mount.
Do you need it sooner ?

[yummypeng]

Okay, thanks for the feedback. Thing is, our product is still running on the older Fedora CoreOS 33, so I'm wondering what would happen if I changed rw to ro in the kernel cmdline on that version.

[dustymabe]

Okay, thanks for the feedback. Thing is, our product is still running on the older Fedora CoreOS 33, so I'm wondering what would happen if I changed rw to ro in the kernel cmdline on that version.

You're running a 3.5 year old release with no security updates since 2021 so you might as well YOLO it and find out?