/etc/overlayroot.conf is in overlayroot 0.27ubuntu1.
This file is owned by root:root, with mode 0o644.
The actual contents of the file can be viewed below.
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89 90 91 92 93 94 95 96 97 98 99 100 101 102 103 104 105 106 107 108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123 124 125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162 163 | # This is the overlayroot config file
# By default, overlayroot is not enabled.
# To enable overlayroot:
# 1) edit the 'overlayroot' definition below
# 2) reboot
#
# Supported values:
# * overlayroot=tmpfs or overlayroot=tmpfs:PARAMETERS
# write all changes to a temporary (ram only) backing device
# A tmpfs mount will be created, and usable filesystem can
# grow to 1/2 available memory.
#
# available parameters:
# * see COMMON PARAMETERS
#
# examples:
# overlayroot=tmpfs
# overlayroot=tmpfs:swap=1
#
# * overlayroot=DEVICE or overlayroot=device:PARAMETERS
# mount DEVICE as overlayfs and write changes there
# device must already have kernel mountalbe filesystem on it.
#
# available parameters are:
# * dev: default: "" [REQUIRED]
# use given device for backing filesystem.
# Note, 'overlayroot=/dev/vdb' is translated to
# 'overlayrooot=device:dev=/dev/vdb'
# * timeout: default: 0
# if 'dev' provided does not exist, wait up to many seconds for
# it to appear.
# * see COMMON PARAMETERS
#
# examples:
# overlayroot=/dev/xvdb
# overlayroot=/dev/vdb
# overlayroot=device:dev=/dev/sdb,timeout=180
# overlayroot=device:dev=LABEL=my-flashdrive,timeout=180
#
# * overlayroot=crypt:PARAMETERS
# use an encrypted [dmcrypt] device as the backing device. Parameters
# are comma delimited key=value pairs.
#
# available parameters are:
# * dev: default: "" [REQUIRED]
# use given device for backing filesystem.
# * mapname: default: "secure"
# the name of the map device to be created in /dev/mapper
# * pass: default: ""
# if not provided or empty, password is randomly generated
# * fstype: default: "ext4"
# mapname=mapper,pass=foo,fstype=ext4,mkfs=1
# * mkfs: default: 1
# 0: never create filesystem
# 1: if pass is given and mount fails, create a new one
# if no pass given, create new
# 2: if pass is given and mount fails, fail
# if no pass given, create new
# * timeout: default: 0
# if 'dev' provided does not exist, wait up to many seconds for
# it to appear.
# * see COMMON PARAMETERS
#
# examples:
# crypt:mapname=mapper,pass=foo,fstype=ext4,mkfs=1,dev=vdb
# crypt:mapname=mapper,pass=foo,fstype=ext3,mkfs=1,dev=/dev/disk/by-label/my-jumpdrive,timeout=120
# crypt:dev=xvdb
#
# * overlayroot=disabled
# if set explicitly to 'disabled', or an empty string, then
# overlayroot will do nothing.
#
#
# COMMON PARAMETERS:
# The following parameters are supported for each of overlayroot=
# values above.
# * swap: default: 0
# allowed values: 0, 1
# indicate if swap partitions should be allowed. By default swap entries
# are removed from /etc/fstab to disable swap.
# Swap *files* are always disabled, independent of this setting.
#
# * recurse: default: 1
# allowed values: 0, 1
# indicate if all mounts should be made read-only, or just /.
# if set to 1, then all filesystems will be mounted read-only.
# if set to 0, only root will be set to read-only, and changes
# to other filesystems will be permenant. For example, if
# /home is on a separate partition from / and recurse set to 0
# then changes to /home will go through to the original device.
#
# * debug: default: 0
# allowed values: 0, 1
# enable debug output if set to 1
#
# * dir: default: "/overlay"
# the directory under the filesystem to use for writes
# default is to use top level directory. For example, use
# 'dir=my-tests/run1' and later 'dir=my-tests/run2'
#
# overlayroot_cfgdisk:
# * default: 'disabled'
# If this variable is set, it references a disk/filesystem that
# may exist, and include a 'overlayroot.conf' file in it's root directory
# If a such a device exists, then it's overlayroot.conf file can
# set overlayroot as above.
#
# examples:
# * overlayroot_cfgdisk="LABEL=OROOTCFG"
# * overlayroot_cfgdisk="/dev/vdb"
#
# Note: if you enable this setting, then you must be careful to be sure
# that no filesystems are created that match this without your
# knowledge. This is because code on that filesystem is executed
# as root in the initramfs environment.
#
# Notes:
# * This file is managed by dpkg as a conffile, so changes to it
# will force dpkg config file prompts on package updates that contain a
# change. Instead of putting changes here, put them in
# /etc/overlayroot.local.conf
# * you can pass the same 'overlayroot=' parameters on the kernel
# command line, and they will override any values set here.
# This includes 'overlayroot=' or 'overlayroot=disabled' to disable
# a value set in this file.
# * if you specify crypt:dev=/dev/vdb, then DATA WILL BE LOST
# on /dev/vdb. A safer value would be to use
# crypt:dev=/dev/vdb,pass=somepassword,mkfs=0
# However, you would then have to have previously set up the luks device.
# Do that like the following:
# $ MAPNAME="secure"; DEV="/dev/vdg"; PASSWORD="foobar"
# $ sudo wipefs -a $DEV
# $ printf "%s" "$PASSWORD" |
# sudo cryptsetup luksFormat "${$DEV}" --key-file -
# $ printf "%s" "$PASSWORD" |
# sudo cryptsetup luksOpen "${DEV}" "${MAPNAME}" --key-file -
# $ sudo mke2fs -t "ext4" "/dev/mapper/${MAPNAME}"
#
# Security Note:
# IT IS INSECURE TO SET THIS PASSWORD HERE IN THIS CLEARTEXT CONFIGURATION
# FILE OR ON THE KERNEL COMMAND LINE.
# Randomly generated passwords are more secure, but you won't be able to
# read your encrypted disk on reboot.
# Randomly generated passwords are generated by calculating the sha512sum
# of a concatenation of:
# - stat -L /dev/* /proc/* /sys/*
# + some unpredictability of access/modify times of a number of kernel
# files, directories, and block devices
# - /proc/sys/kernel/random/boot_id
# + 16-bytes uuid, consider this a 'salt'
# - /proc/sys/kernel/random/uuid
# + 16-bytes uuid, consider this psuedo randomness
# - /dev/urandom
# + 4096-bytes of psuedo randomness
# - $DEV
# + 4096-bytes from the head of the disk
# + security-paranoid users can write 4096-bytes of randomness to
# this device and specify mkfs=1 before rebooting into an
# crypt+overlayroot setup
# The result is stored in r-------- /dev/.initramfs/overlayroot.XXXXXXX,
# which is a tmpfs in memory.
overlayroot_cfgdisk="disabled"
overlayroot=""
|