I have read-only root file system, protected with dm-verity and clean read-write user data storage. Nevertheless, I need to make a tiny set of files on rootfs which require persistent storage modifiable. As far as I know, the common approach for this is to use unionfs like file-systems, for example overlayfs. The problem with overlayfs, is that it seems it doesn't provide file-level granularity. What do I mean: for example if I want to make /etc/resolv.conf modifiable, I need to mount entire /etc/ folder accordingly.
mount -t overlay overlay -o lowerdir=/etc,upperdir=/opt/storage/etc-up,workdir=/opt/storage/etc-wd,noexec /etc
I tried then to use file bind mounts instead of overlayfs, to overcome this, so the idea was to copy target file to read write storage at the boot time, and then bind-mount to original place. However it seems in some cases, for example user add, software also tries to create some temporary files in /etc folder (f.e. lock files), so that didn't work for me (file creation of course failed because original rootfs mounted ro)
I'm wondering if there is a solution which will help me to do what I want. The requirements could be summarized as:
- The most of the rootfs is left forever readonly (implemented already, the rootfs shall be mounted ro)
- I can statically define at the image build time that file1, file2 ... file_n are excluded from this "forever-readonly" data list.
- I can define that new files can be created in folder1, folder2 ... folder_n
