mirror of
https://git.yoctoproject.org/meta-security
synced 2026-01-12 03:10:13 +00:00
1cb3f6988a
Adding to your local.conf right out of the gate: EXTRA_IMAGE_FEATURES = "read-only-rootfs" while you are trying to sort out other things can be just another complication to an already steep learning curve. For example, I found simply enabling this with systemd caused: systemd[1]: Failed to fork off sandboxing environment for executing generators: Protocol error [!!!!!!] Failed to start up manager. systemd[1]: Freezing execution. While I'd like to get to the root cause of that, it doesn't change that things boot fine w/o adding to EXTRA_IMAGE_FEATURES, even though the rootfs is still read-only courtesy of dm-verity. Reword things so as to make it clear it isn't strictly a hard requirement and hence can be delayed as people work through their implementation. Signed-off-by: Paul Gortmaker <paul.gortmaker@windriver.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>