status: Show /usr overlay status

evan-goode · cgwalters · commit 6450c47f2e41 · 2026-03-03T11:27:41.000-05:00
Resolves #474 For #1044 Signed-off-by: Evan Goode <mail@evangoo.de>
diff --git a/crates/lib/src/bootc_composefs/state.rs b/crates/lib/src/bootc_composefs/state.rs
@@ -18,7 +18,8 @@ use fn_error_context::context;
 
 use ostree_ext::container::deploy::ORIGIN_CONTAINER;
 use rustix::{
-    fs::{Mode, OFlags, open},
+    fd::AsFd,
+    fs::{Mode, OFlags, StatVfsMountFlags, open},
     path::Arg,
 };
 
@@ -37,6 +38,7 @@ use crate::{
     },
     parsers::bls_config::BLSConfig,
     spec::ImageReference,
+    spec::{FilesystemOverlay, FilesystemOverlayAccessMode, FilesystemOverlayPersistence},
     utils::path_relative_to,
 };
 
@@ -328,19 +330,14 @@ pub(crate) async fn write_composefs_state(
 }
 
 pub(crate) fn composefs_usr_overlay() -> Result<()> {
-    let usr = Dir::open_ambient_dir("/usr", ambient_authority()).context("Opening /usr")?;
-    let is_usr_mounted = usr
-        .is_mountpoint(".")
-        .context("Failed to get mount details for /usr")?;
-
-    let is_usr_mounted =
-        is_usr_mounted.ok_or_else(|| anyhow::anyhow!("Failed to get mountinfo"))?;
-
-    if is_usr_mounted {
-        println!("A writeable overlayfs is already mounted on /usr");
+    let status = get_composefs_usr_overlay_status()?;
+    if status.is_some() {
+        println!("An overlayfs is already mounted on /usr");
         return Ok(());
     }
 
+    let usr = Dir::open_ambient_dir("/usr", ambient_authority()).context("Opening /usr")?;
+
     // Get the mode from the underlying /usr directory
     let usr_metadata = usr.metadata(".").context("Getting /usr metadata")?;
     let usr_mode = Mode::from_raw_mode(usr_metadata.permissions().mode());
@@ -352,3 +349,28 @@ pub(crate) fn composefs_usr_overlay() -> Result<()> {
 
     Ok(())
 }
+
+pub(crate) fn get_composefs_usr_overlay_status() -> Result<Option<FilesystemOverlay>> {
+    let usr = Dir::open_ambient_dir("/usr", ambient_authority()).context("Opening /usr")?;
+    let is_usr_mounted = usr
+        .is_mountpoint(".")
+        .context("Failed to get mount details for /usr")?
+        .ok_or_else(|| anyhow::anyhow!("Failed to get mountinfo"))?;
+
+    if is_usr_mounted {
+        let st =
+            rustix::fs::fstatvfs(usr.as_fd()).context("Failed to get filesystem info for /usr")?;
+        let permissions = if st.f_flag.contains(StatVfsMountFlags::RDONLY) {
+            FilesystemOverlayAccessMode::ReadOnly
+        } else {
+            FilesystemOverlayAccessMode::ReadWrite
+        };
+        // For the composefs backend, assume the /usr overlay is always transient.
+        Ok(Some(FilesystemOverlay {
+            access_mode: permissions,
+            persistence: FilesystemOverlayPersistence::Transient,
+        }))
+    } else {
+        Ok(None)
+    }
+}
diff --git a/crates/lib/src/bootc_composefs/status.rs b/crates/lib/src/bootc_composefs/status.rs
@@ -11,6 +11,7 @@ use crate::{
         boot::BootType,
         repo::get_imgref,
         selinux::are_selinux_policies_compatible,
+        state::get_composefs_usr_overlay_status,
         utils::{compute_store_boot_digest_for_uki, get_uki_cmdline},
     },
     composefs_consts::{
@@ -806,6 +807,8 @@ pub(crate) async fn composefs_deployment_status_from(
         host.spec.boot_order = BootOrder::Rollback
     };
 
+    host.status.usr_overlay = get_composefs_usr_overlay_status().ok().flatten();
+
     set_soft_reboot_capability(storage, &mut host, sorted_bls_config, cmdline)?;
 
     Ok(host)
diff --git a/crates/lib/src/spec.rs b/crates/lib/src/spec.rs
@@ -8,7 +8,7 @@ use anyhow::Result;
 use ostree_ext::container::Transport;
 use ostree_ext::oci_spec::distribution::Reference;
 use ostree_ext::oci_spec::image::Digest;
-use ostree_ext::{container::OstreeImageReference, oci_spec};
+use ostree_ext::{container::OstreeImageReference, oci_spec, ostree::DeploymentUnlockedState};
 use schemars::JsonSchema;
 use serde::{Deserialize, Serialize};
 
@@ -274,6 +274,83 @@ pub enum HostType {
     BootcHost,
 }
 
+/// Details of an overlay filesystem: read-only or read/write, persistent or transient.
+#[derive(Serialize, Deserialize, Copy, Clone, Debug, PartialEq, Eq, JsonSchema)]
+#[serde(rename_all = "camelCase")]
+pub struct FilesystemOverlay {
+    /// Whether the overlay is read-only or read/write
+    pub access_mode: FilesystemOverlayAccessMode,
+    /// Whether the overlay will persist across reboots
+    pub persistence: FilesystemOverlayPersistence,
+}
+
+/// The permissions mode of a /usr overlay
+#[derive(Serialize, Deserialize, Copy, Clone, Debug, PartialEq, Eq, JsonSchema)]
+#[serde(rename_all = "camelCase")]
+pub enum FilesystemOverlayAccessMode {
+    /// The overlay is mounted read-only
+    ReadOnly,
+    /// The overlay is mounted read/write
+    ReadWrite,
+}
+
+impl Display for FilesystemOverlayAccessMode {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            FilesystemOverlayAccessMode::ReadOnly => write!(f, "read-only"),
+            FilesystemOverlayAccessMode::ReadWrite => write!(f, "read/write"),
+        }
+    }
+}
+
+/// The persistence mode of a /usr overlay
+#[derive(Serialize, Deserialize, Copy, Clone, Debug, PartialEq, Eq, JsonSchema)]
+#[serde(rename_all = "camelCase")]
+pub enum FilesystemOverlayPersistence {
+    /// Changes are temporary and will be lost on reboot
+    Transient,
+    /// Changes persist across reboots
+    Persistent,
+}
+
+impl Display for FilesystemOverlayPersistence {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        match self {
+            FilesystemOverlayPersistence::Transient => write!(f, "transient"),
+            FilesystemOverlayPersistence::Persistent => write!(f, "persistent"),
+        }
+    }
+}
+
+pub(crate) fn deployment_unlocked_state_to_usr_overlay(
+    state: DeploymentUnlockedState,
+) -> Option<FilesystemOverlay> {
+    use FilesystemOverlayAccessMode::*;
+    use FilesystemOverlayPersistence::*;
+    match state {
+        DeploymentUnlockedState::None => None,
+        DeploymentUnlockedState::Development => Some(FilesystemOverlay {
+            access_mode: ReadWrite,
+            persistence: Transient,
+        }),
+        DeploymentUnlockedState::Hotfix => Some(FilesystemOverlay {
+            access_mode: ReadWrite,
+            persistence: Persistent,
+        }),
+        DeploymentUnlockedState::Transient => Some(FilesystemOverlay {
+            access_mode: ReadOnly,
+            persistence: Transient,
+        }),
+        _ => None,
+    }
+}
+
+impl Display for FilesystemOverlay {
+    fn fmt(&self, f: &mut std::fmt::Formatter<'_>) -> std::fmt::Result {
+        write!(f, "{}, {}", self.persistence, self.access_mode)
+    }
+}
+
 /// The status of the host system
 #[derive(Debug, Clone, Serialize, Default, Deserialize, PartialEq, Eq, JsonSchema)]
 #[serde(rename_all = "camelCase")]
@@ -295,6 +372,9 @@ pub struct HostStatus {
     /// The detected type of system
     #[serde(rename = "type")]
     pub ty: Option<HostType>,
+
+    /// The state of the overlay mounted on /usr
+    pub usr_overlay: Option<FilesystemOverlay>,
 }
 
 pub(crate) struct DeploymentEntry<'a> {
diff --git a/crates/lib/src/status.rs b/crates/lib/src/status.rs
@@ -423,6 +423,11 @@ pub(crate) fn get_status(
         None
     };
 
+    let usr_overlay = booted_deployment
+        .as_ref()
+        .map(|d| d.unlocked())
+        .and_then(crate::spec::deployment_unlocked_state_to_usr_overlay);
+
     let mut host = Host::new(spec);
     host.status = HostStatus {
         staged,
@@ -431,6 +436,7 @@ pub(crate) fn get_status(
         other_deployments,
         rollback_queued,
         ty,
+        usr_overlay,
     };
     Ok((deployments, host))
 }
@@ -598,6 +604,7 @@ fn human_render_slot(
     slot: Option<Slot>,
     entry: &crate::spec::BootEntry,
     image: &crate::spec::ImageStatus,
+    host_status: &crate::spec::HostStatus,
     verbose: bool,
 ) -> Result<()> {
     let transport = &image.image.transport;
@@ -655,6 +662,9 @@ fn human_render_slot(
         writeln!(out, "yes")?;
     }
 
+    // Show /usr overlay status
+    write_usr_overlay(&mut out, slot, host_status, prefix_len)?;
+
     if verbose {
         // Show additional information in verbose mode similar to rpm-ostree
         if let Some(ostree) = &entry.ostree {
@@ -693,12 +703,31 @@ fn human_render_slot(
     Ok(())
 }
 
+/// Helper function to render usr overlay status
+fn write_usr_overlay(
+    mut out: impl Write,
+    slot: Option<Slot>,
+    host_status: &crate::spec::HostStatus,
+    prefix_len: usize,
+) -> Result<()> {
+    // Only booted deployments can have /usr overlay status
+    if matches!(slot, Some(Slot::Booted)) {
+        // Only print row if overlay is present
+        if let Some(ref overlay) = host_status.usr_overlay {
+            write_row_name(&mut out, "/usr overlay", prefix_len)?;
+            writeln!(out, "{}", overlay)?;
+        }
+    }
+    Ok(())
+}
+
 /// Output a rendering of a non-container boot entry.
 fn human_render_slot_ostree(
     mut out: impl Write,
     slot: Option<Slot>,
     entry: &crate::spec::BootEntry,
     ostree_commit: &str,
+    host_status: &crate::spec::HostStatus,
     verbose: bool,
 ) -> Result<()> {
     // TODO consider rendering more ostree stuff here like rpm-ostree status does
@@ -718,6 +747,9 @@ fn human_render_slot_ostree(
         writeln!(out, "yes")?;
     }
 
+    // Show /usr overlay status
+    write_usr_overlay(&mut out, slot, host_status, prefix_len)?;
+
     if verbose {
         // Show additional information in verbose mode similar to rpm-ostree
         if let Some(ostree) = &entry.ostree {
@@ -771,13 +803,21 @@ fn human_readable_output_booted(mut out: impl Write, host: &Host, verbose: bool)
             }
 
             if let Some(image) = &host_status.image {
-                human_render_slot(&mut out, Some(slot_name), host_status, image, verbose)?;
+                human_render_slot(
+                    &mut out,
+                    Some(slot_name),
+                    host_status,
+                    image,
+                    &host.status,
+                    verbose,
+                )?;
             } else if let Some(ostree) = host_status.ostree.as_ref() {
                 human_render_slot_ostree(
                     &mut out,
                     Some(slot_name),
                     host_status,
                     &ostree.checksum,
+                    &host.status,
                     verbose,
                 )?;
             } else if let Some(composefs) = &host_status.composefs {
@@ -793,9 +833,16 @@ fn human_readable_output_booted(mut out: impl Write, host: &Host, verbose: bool)
             writeln!(out)?;
 
             if let Some(image) = &entry.image {
-                human_render_slot(&mut out, None, entry, image, verbose)?;
+                human_render_slot(&mut out, None, entry, image, &host.status, verbose)?;
             } else if let Some(ostree) = entry.ostree.as_ref() {
-                human_render_slot_ostree(&mut out, None, entry, &ostree.checksum, verbose)?;
+                human_render_slot_ostree(
+                    &mut out,
+                    None,
+                    entry,
+                    &ostree.checksum,
+                    &host.status,
+                    verbose,
+                )?;
             }
         }
     }
