Jeff Mahoney wrote:
On 1/30/19 2:28 PM, Per Jessen wrote:
Martin Wilck wrote:
On Wed, 2019-01-30 at 20:05 +0100, Per Jessen wrote:
Martin Wilck wrote:
SUSE will blacklist a number of legacy and/or less frequently used file systems by default on SLES for security reasons.
The proposed list can be seen here:
https://github.com/openSUSE/suse-module-tools/pull/5/commits/8cb42fb6658f210...
The question is now whether we should do the same for openSUSE. I figure that while the above list is probably not controversial for enterprise customers, openSUSE users may have objections to some items on the list. Please speak up if you do. In any case, note that even if we do this, you can re-enable the filesystems you need by simply commenting out lines in the blacklist file.
As long as we can continue using those filesystems during an installation (not necessarily YaST supported), I see no issue.
Which of these would you want to use during installation?
Sorry, I should have been specific. jfs is the only one.
The proposed config file have nothing to do with YaST, they'd generally disable autoloading of filesystem modules.
Right, that's how I understood it too.
If you wanted to use this during installation, you'd need to use a DUD, or hand-edit the modprobe configuration during installation.
What we do is PXE boot a network install system, access by ssh, then format whatever we need manually, then start up yast. As long as jfs would be available at that point, I'm happy.
This only affects module autoloading, so if you're already in a shell environment and creating file systems by hand, just 'modprobe jfs' first. That doesn't consult the blacklist and will load the module normally. Then, before reboot, modify the blacklist and rebuild the initrd. This is assuming you're using it as a root fs. If it's not the root, it'll be enough to modify the blacklist.
At least that's how it would work with my PR.
Martin and I were talking offline about how to take into account some of the criticisms and suggestions on this thread. The solution we came up with was to use one file per blacklist entry, where removing the blacklist entry would mean just truncating the file or commenting its comments. We discussed a postinstall script doing that automatically for file systems in /proc/filesystems (ie: modules already loaded). So, if that works out, the only changes required to your workflow would be to modprobe the jfs module manually before the first mount after mkfs.
Thanks. One or two extra manual steps is no big deal, as long as jfs remains available. An automatic glance at /proc/filesystems during postinstall would be nice :-) -- Per Jessen, Zürich (-1.6°C) http://www.hostsuisse.com/ - dedicated server rental in Switzerland. -- To unsubscribe, e-mail: opensuse-factory+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-factory+owner@opensuse.org