Univention Bugzilla – Bug 30593
Thinclient image is writeable after installation/join
Last modified: 2014-06-12 09:19:34 CEST
After installing a fresh thinclient image the join takes place, which in turn updates the ucr policies for the computer. The problem is that the image is mounted r/w at this point, so all information gathered by 20univention-directory-policy.inst at this point is stored permanently. There is no overlayfs active after the installation: ~# mount /dev/loop0 on / type ext4 (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) /dev/sda3 on /ucc_root type ext4 (rw,relatime,user_xattr,barrier=1,data=ordered) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) /dev/sda2 on /boot type ext4 (rw) none on /tmp/guest-W6gA5B type tmpfs (rw,mode=700)
Maybe simply initiate an automatic reboot when join a thin client
This was apparently fixed alongside initramfs improvements during UCC 2.0 development. After the rollout and join, the thinclient image is mounted readonly and with overlayfs enabled.
I added a note to the UCC 2.0 rollout tests to ensure this is checked again for final release
Indeed, a current UCC 2.0 thin client uses an active overlayfs after rollout: root@testtest:~# mount overlayfs-root on / type overlayfs (rw,errors=remount-ro) proc on /proc type proc (rw,noexec,nosuid,nodev) sysfs on /sys type sysfs (rw,noexec,nosuid,nodev) udev on /dev type devtmpfs (rw,mode=0755) devpts on /dev/pts type devpts (rw,noexec,nosuid,gid=5,mode=0620) tmpfs on /run type tmpfs (rw,noexec,nosuid,size=10%,mode=0755) /dev/sda3 on /ucc_root type ext4 (rw,relatime,data=ordered) tmpfs-root on /root-rw type tmpfs (rw,relatime) /dev/loop0 on /root-ro type ext4 (ro,relatime,norecovery) none on /sys/fs/cgroup type tmpfs (rw) none on /sys/fs/fuse/connections type fusectl (rw) none on /sys/kernel/debug type debugfs (rw) none on /sys/kernel/security type securityfs (rw) none on /run/lock type tmpfs (rw,noexec,nosuid,nodev,size=5242880) none on /run/shm type tmpfs (rw,nosuid,nodev) none on /run/user type tmpfs (rw,noexec,nosuid,nodev,size=104857600,mode=0755) none on /sys/fs/pstore type pstore (rw) /dev/sda2 on /boot type ext4 (rw) systemd on /sys/fs/cgroup/systemd type cgroup (rw,noexec,nosuid,nodev,none,name=systemd)
UCC 2.0 has been released: http://docs.univention.de/release-notes-ucc-2.0.html If this error occurs again, please use "Clone This Bug".