Skip to content

Commit 57983e8

Browse files
jlebonjlebon
committed
docs/filesystem: Rework state overlay and /opt messaging a bit
Tweak the changes in #1191 to more clearly lay out the tradeoffs of state overlays. Contrast it with transient root (since that was one of the primary motivations for it), and generalize the "alternatives" to be about both approaches.
1 parent 57adb67 commit 57983e8

File tree

1 file changed

+13
-7
lines changed

1 file changed

+13
-7
lines changed

docs/src/filesystem.md

Lines changed: 13 additions & 7 deletions
Original file line numberDiff line numberDiff line change
@@ -231,9 +231,13 @@ The semantics here are somewhat nuanced:
231231
- Changes persist across reboots by default
232232
- During updates, new files from the container image override any locally modified version
233233

234-
A disadvantage of this approach is that there is no equivalent to this feature in the
235-
Docker/podman ecosystem, and while its semantics can often trivially enable many applications that
236-
install into `/opt`, it can still be prone to "state drift".
234+
The advantages are:
235+
- It makes it very easy to make compatible applications that install into `/opt`.
236+
- In contrast to transient root (above), a smaller surface of the filesystem is mutable.
237+
238+
The disadvantages are:
239+
- There is no equivalent to this feature in the Docker/Podman ecosystem.
240+
- It allows for some temporary state drift until the next update.
237241

238242
To enable this feature, instantiate the `[email protected]`
239243
unit template on the target path. For example, for `/opt`:
@@ -242,8 +246,10 @@ unit template on the target path. For example, for `/opt`:
242246
RUN systemctl enable [email protected]
243247
```
244248

245-
### Alternatives to state overlays
249+
## More generally dealing with `/opt`
246250

247-
See the section on `/opt` in [Image building and configuration guidance](building/guidance.md).
248-
Essentially, add a redirect such as a symbolic link from `/opt/someapp/logs` or other
249-
directories that should be writable+persistent to `/var/someapp/logs` instead.
251+
Both transient root and state overlays above provide ways for packages
252+
that install in `/opt` to operate. However, for maximum immutability the
253+
best approach is simply to symlink just the parts of the `/opt` needed
254+
into `/var`. See the section on `/opt` in [Image building and configuration
255+
guidance](building/guidance.md) for a more concrete example.

0 commit comments

Comments
 (0)