From b759264ea35edcba856e187584a05e887aa46e58 Mon Sep 17 00:00:00 2001
From: Jonathan Lebon <jonathan@jlebon.com>
Date: Mon, 16 Mar 2020 12:15:58 -0400
Subject: [PATCH] image.yaml: enable sysroot-ro

We want to use the new read-only `/sysroot` feature of libostree. Opt-in
to that to tell cosa we support it and want it.

For more details, see:
https://github.com/ostreedev/ostree/issues/1265
https://github.com/coreos/coreos-assembler/pull/1235
---
 image.yaml | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/image.yaml b/image.yaml
index 48fc3fbd9a..4147517d3a 100644
--- a/image.yaml
+++ b/image.yaml
@@ -13,6 +13,10 @@ extra-kargs:
 # Optional remote by which to prefix the deployed OSTree ref
 ostree-remote: fedora
 
+# We want read-only /sysroot to protect from unintential damage.
+# https://github.com/ostreedev/ostree/issues/1265
+sysroot-ro: true
+
 # After this, we plan to add support for the Ignition
 # storage/filesystems sections.  (Although one can do
 # that on boot as well)