[systemd-devel] Hermetic-usr implementation on dracut
Emanuele Giuseppe Esposito
eesposit at redhat.com
Mon Mar 3 09:35:46 UTC 2025
Hello everyone,
As you might know already, I tried to submit a new dracut module that
implements the hermetic-usr approach described by Lennart in his
blogpost "Fitting everything together":
https://0pointer.net/blog/fitting-everything-together.html.
The PR is here: https://github.com/dracut-ng/dracut-ng/pull/1234
While there are some small things to fix, it works well, at least in the
environments that I tried.
It is able to recreate the whole root from scratch, provided that /usr
is existing in a separate partition.It creates a LUKS as well as
plaintext root, and supports plaintext /usr as well as dm-verity
protected one.
Zbigniew pointed me that a dracut module might not be the best way to
achieve this, and there might be work in progress already in systemd to
achieve the same goal with a separate systemd component.
Can you point me to the work that is being done in systemd? More
specifically, if there is something similar to what I implemented that
puts together systemd-repart with systemd-tmpfiles and sysusers and
creates a root. Is there some project already going on that does this?
My module uses only 3 systemd units, and most of this stuff could be
reused, if you want. Or maybe is it better to continue the work on dracut?
Let me know,
Emanuele
More information about the systemd-devel
mailing list