ROSA Freeze
Contents
Intro
ROSA is a constantly evolving distribution which regularly gets large amounts of updates. By these updates, we try to add new features to your systems and improve existing ones. However, sometimes (very rare!) it happens that these updates are not completely correct and break something. In addition, many ROSA users and community members are enthusiasts who often try different new programs. In particular, they can install programs from repositories that have nothing common with ROSA ones. Sooner or later, such programs can cause conflicts with system packages or policies and even break the system or some of its applications. As a result, for many users it is important to have a way to safely rollback the system to a working state.
If you are familiar with RPM packages then you can perform package rollback by means of [1] or [2]. However, these tools can’t guarantee that the whole system will be returned to a working state — since the breakage can be caused not by a package update, and in addition some packages can’t be safely downgraded.
If you expect that breaking changes will occur to your system during your session that you will likely want to rollback, you can try ROSA Freeze. When using ROSA Freeze, your operating system can act in one of two modes — a usual one and a «frozen» one. When using a frozen mode, ROSA Freeze mounts an «interceptor» over every top-level directory (/bin, /etc, /usr and others; this list can be changed y administrator) by means of aufs. These interceptors can be located in either tmpfs or on a separate partition. Any modification made in a «frozen» folder in reality goes to its interceptor, while the state of original folder remains the same. After system reboot all the content of these interceptors is automatically removed and thus the system is rolled back to its initial state. Note that after reboot the system will remain frozen; you should explicitly disable this mode by means of rfreeze tool. And to be sure, while working in a frozen mode, at any moment you can merge all the changes made into aufs to the original folders.
Basic Functionality
ROSA Freeze tool is located in the rosa-freeze package. Currently the tool should be launched in console with root privileges. To check its functionality, you can ask the tool about current status of ROSA Freeze:
# rfreeze status
To enter the «frozen» mode, run
# rfreeze enable
Be default, while freeze mode is enabled, all modifications for the frozen folders are redirected to tmpfs. You can also redirect them to a separate disk partition by means of -s option or to a separate folder on a root partition by means of -f option.
The system will be frozen immediately, no reboot is required. Note however that our approach doesn't guarantee freeze for files that were opened for writing at the moment when freeze mode was enabled. For safety\, it is recommended to reboot the system - it is guaranteed that all protected folders are be frozen during the boot before any program has an ability to write to them.
To unfreeze the system, launch
# rfreeze disable
After this command it is necessary to reboot the machine.
while the system is run in the frozen mode, all changes made by user to the frozen folders will be automatically discarded after system reboot. But if you suddenly understands that you want to save all your changes, you can merge them by launching
# rfreeze merge
After this command, the current state of your system will become the base one.
Note that the «merge» command is considered to be experimental at the moment. If you have really important changes, it can make sense to safe them inside some place which is not frozen.
What Is Actually Frozen?
By default, ROSA Freeze freezes all top-level folders except the following:
- /dev
- /home
- /lost+found
- /media
- /mnt
- /proc
- /run
- /sys
- /tmp
A set of folder that should not be subjected to freeze can be specified manually when invoking rfreeze enable by means of -d option. Folder names should be separated by colon and should not contain slashes, e.g.:
rfreeze enable -d home:media:mnt
Also note that rfreeze currently only supports freeze of folders located on the root partition. When the frozen mode is being enabled, the tool will try to automatically detect folders where other devices or partitions are mounted and will exclude such folders from the frozen list.
For every other top-level folder a separate interceptor is created inside in either tmpfs or separate folder on a root partition or separate disk partition. In any case, the storage where interceptors are located is mounted to the /tmp/sysroot-rw directory. After that, every interceptor is mounted using aufs over the original folder so all the changes go to /tmp/sysroot-rw.
For example, by means of aufs we mount /tmp/sysroot-rw/bin over /bin. If user modifies something inside /bin then the actual changes happen in /tmp/sysroot-rw/bin, while the original /bin remains the same. But thanks to aufs, user doesn’t notice this during his session and sees all his changes in /bin until reboot.
Original versions of all frozen folders can be checked at any moment inside the /tmp/sysroot-ro directory.
Graphicsl User Interface
All manipulation with ROSA Freeze can be performed by means of GUI application — ROSA Freeze UI.
Configuration File
Freeze mode settings used by default can be set in the «freeze» section of /etc/rfreeze.cfg file. For example:
[freeze] type = folder device = folder = /rfreeze skip_dirs = dev home lost+found media mnt proc run sys tmp
The «type» parameter accepts folder, tmpfs and device values. device and folder are used if type is set to device or folder correspondingly.
skip_dirs parameter contains a list of space-separated folder names that should not be frozen.
Additional Information
To get all options and features supported by the version of ROSA Freeze installed in your system, launch
# rfreeze --help
Source code of the program is distributed under the BSD license and is available at https://abf.rosalinux.ru/soft/rosa-freeze
Limitations
- All folders subjected to the freeze should be located on a root partition
- Freeze of /home is not supported even if it is located on a root partition