Problem enabling transient /etc in fedora-based bootc image: rpm-ostree-fix-shadow-mode.service failed

[maringuyot]

Hello,

I am trying to enable transient /etc in my bootc image build, however it doesn't seem to work.

I have followed the documentation, and implemented the example from the gitlab repository, as well as read a bunch of issues/discussions more or less relating to my problem.

Here is my Containerfile:

FROM quay.io/fedora/fedora-bootc AS debug

COPY root /

RUN set -x; kver=$(cd /usr/lib/modules && echo *); dracut -vf /usr/lib/modules/$kver/initramfs.img $kver

My local root/ directory contains the ostree configuration (with transient etc enabled) and a few configuration files relating to the creation of a development user, including an authorized ssh key, sysusers.d file and a systemd unit responsible for chowning the developer's home directory.

I generate the base install image using bootc-image-builder, with the qcow2 format, and run the VM using virt-manager.

Upon launch, my VM enters recovery mode, and the generated /run/initramfs/rdsosreport.txt file doesn't seem to contain any useful information (at first glance).

Here's a screenshot of the VM:

Journal logs show that the "ostree-prepare-root" service has failed; it can't seem to create the /run/os directory:

Going back to the Containerfile build, dracut seems to have an error, but generates the initramfs image anyways:

dracut[E]: No '/dev/log' or 'logger' included for syslog logging
dracut[I]: Executing: /usr/bin/dracut -vf /usr/lib/modules/6.15.6-200.fc42.x86_64/initramfs.img 6.15.6-200.fc42.x86_64
dracut-install: ERROR: installing '/root'
dracut[E]: FAILED: /usr/lib/dracut/dracut-install -D /var/tmp/dracut.xHgUgV/initramfs -f /root

This is a very strange bug, and as far as I know does not seem to come from my configurations. Hopefully that's not true :).

Any help is greatly appreciated, thanks in advance!

[cgwalters]

We're going to fix this soon, it is a recent regression ostreedev/ostree#3476

[maringuyot]

Thanks for your answer, I see the fix has been merged, when will the changes be integrated in rpm-ostree and then bootc?

[maringuyot]

Hello again @cgwalters, it appears that transient etc still doesn't work, but for a different reason. The ostree patch has resolved the OS not being able to boot, however upon booting two systemd units relating to bootc and its ecosystem fail (in order):

1. rpm-ostree-fix-shadow-mode.service
2. bootc-fetch-apply-updates.service

After investigating a bit on my end, the only error message I was able to extract was the following:

[root@fedora]# rpm-ostree fix-shadow-perms
error: Remounting /boot read-write: Invalid argument

The same error appears when executing bootc upgrade --apply:

[root@fedora] # bootc upgrade --apply
error: Upgrading: Initializing storage: Acquiring sysroot: Remounting /boot read-write: Invalid argument

From what I gathered it looks more like an argument parsing issue than an actual /boot mount error. Digging into the rpm-ostree source code, the only place I think the error may be coming from is in the "fix_shadow_perms_entrypoint" function of the passwd.rs file. I stopped looking there, as that function calls some low level C/C++ bindings.

Additional information:

Fedora version: 42
Bootc version: 1.8.0
ostree/rpm-ostree versions: 2025.6

Would it be possible for your team to investigate on your end? /etc is crucial for us, and it is strongly recommended in your documentation.

Thanks in advance!