Start nspawn containers with read/write permissions

Don't set the --read-only flag for nspawn containers if just the root partition is read-only.
Don't set the --volatile=overlay flag for images created with usr-only or a generated root.
If the --volatile=overlay flag is set the container won't find the shell or init program.

diff --git a/mkosi/__init__.py b/mkosi/__init__.py
index 333a3ea53df0ed4545c8c546bfc466e928f8ebb2..0afc9ef1916f06059787952282da0ea86cb8e91b 100644 (file)
--- a/mkosi/__init__.py
+++ b/mkosi/__init__.py
@@ -7534,9 +7534,6 @@ def run_shell_cmdline(config: MkosiConfig, pipe: bool = False, commands: Optiona
 
     cmdline = [nspawn_executable(), "--quiet", target]
 
-    if config.read_only:
-        cmdline += ["--read-only"]
-
     # If we copied in a .nspawn file, make sure it's actually honoured
     if config.nspawn_settings is not None:
         cmdline += ["--settings=trusted"]
@@ -7551,9 +7548,6 @@ def run_shell_cmdline(config: MkosiConfig, pipe: bool = False, commands: Optiona
         if nspawn_knows_arg(console_arg):
             cmdline += [console_arg]
 
-    if is_generated_root(config) or config.verity:
-        cmdline += ["--volatile=overlay"]
-
     if config.netdev:
         if ensure_networkd(config):
             cmdline += ["--network-veth"]