[Bug 1902103] Re: Ensure default fstab options are sane and consistent across all images
Gauthier Jolly
1902103 at bugs.launchpad.net
Wed Mar 17 14:59:34 UTC 2021
I will revert to the original description and move the SRU template to
LP1881006.
** Description changed:
- [Impact]
-
- * In cloud images, the ESP is currently mounted with default (0755)
- permissions. This means anyone can read the ESP partition. This can
- cause security issues as sensitive data might be put in this
- partition[0]
-
- * The root filesystem partition uses defaults mount options. In case
- of filesystem error, it is safer to use `remount-ro`. Also for cloud
- usage (where storage can be expensive) it makes sense to mount the
- root filesystem with `discard`. This will also align cloud images
- fstab with what we have elsewhere.
-
- [Test Plan]
-
- * Build an uefi image from the ubuntu-cpc project in livecd-rootfs
-
- * Launch in KVM
-
- * Check `/etc/fstab` content
-
- * Check that mount options are reflected in 'mount' command output
-
- * Ensure a non-root user can not access /boot/efi
-
- * Check 'lsblk -D' output to see that there is a non-zero discard block
- size for the root device (this check may be imperfect, the goal is to
- check that discard from fstab is enabled if available from the
- underlying block device)
-
- [Where problems could occur]
-
- * Some users can have automation in place change those defaults. This
- change might break their automation.
-
- * `error=remount-ro` might create issues for certain user. Especially if
- the filesystem superblock default was set to `error=continue`. For
- those users, any error that was previously ignored will make the
- filesystem read-only.
-
- * `discard` parameter might have an impact on i/o throughput and reduce
- read/write speed. Also some particular disk might have issues with
- TRIM commands[1].
-
- [original description]
The default fstab entries for ubuntu cloud images are:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
These entries do not align with the defaults that we use elsewhere. We
should decide on the defaults for fstab, and apply those consistently
across all Ubuntu images.
--
- quoted from ~xnox: I expect [these entries] to be:
+ quoted from ~xnox: the expect [these entries] to be:
LABEL=cloudimg-rootfs / ext4 discard,errors=remount-ro 0 1
LABEL=UEFI /boot/efi vfat umask=0077 0 1
-
- [0] https://bugs.launchpad.net/cloud-images/+bug/1881006/comments/11
- [1] https://wiki.debian.org/SSDOptimization#WARNING
--
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to livecd-rootfs in Ubuntu.
https://bugs.launchpad.net/bugs/1902103
Title:
Ensure default fstab options are sane and consistent across all images
Status in cloud-images:
New
Status in curtin package in Ubuntu:
Confirmed
Status in livecd-rootfs package in Ubuntu:
Fix Released
Status in maas package in Ubuntu:
Confirmed
Status in subiquity package in Ubuntu:
Confirmed
Status in ubiquity package in Ubuntu:
Confirmed
Bug description:
The default fstab entries for ubuntu cloud images are:
LABEL=cloudimg-rootfs / ext4 defaults 0 0
LABEL=UEFI /boot/efi vfat defaults 0 0
These entries do not align with the defaults that we use elsewhere. We
should decide on the defaults for fstab, and apply those consistently
across all Ubuntu images.
--
quoted from ~xnox: the expect [these entries] to be:
LABEL=cloudimg-rootfs / ext4 discard,errors=remount-ro 0 1
LABEL=UEFI /boot/efi vfat umask=0077 0 1
To manage notifications about this bug go to:
https://bugs.launchpad.net/cloud-images/+bug/1902103/+subscriptions
More information about the foundations-bugs
mailing list