Well, I gave it a quick try and it worked just fine.
/ /dev/mapper/cr_root[/@/.snapshots/5/snapshot] btrfs ro,relatime,seclabel,discard=async,space_cache=v2,subvolid=268,subvol=/@/.snapshots/5/snapshot
├─/srv /dev/mapper/cr_root[/@/srv] btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=262,subvol=/@/srv
├─/.snapshots /dev/mapper/cr_root[/@/.snapshots] btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=257,subvol=/@/.snapshots
├─/home /dev/mapper/cr_root[/@/home] btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=259,subvol=/@/home
├─/opt /dev/mapper/cr_root[/@/opt] btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=260,subvol=/@/opt
├─/usr/local /dev/mapper/cr_root[/@/usr/local] btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=264,subvol=/@/usr/local
├─/root /dev/mapper/cr_root[/@/root] btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=261,subvol=/@/root
├─/var /dev/vdb1 btrfs rw,relatime,seclabel,discard=async,space_cache=v2,subvolid=5,subvol=/
└─/etc overlay overlay rw,relatime,seclabel,lowerdir=/sysroot/var/lib/overlay/4/etc:/sysroot/etc,upperdir=/sysroot/var/lib/overlay/5/etc,workdir=/sysroot/var/lib/overlay/5/work-etc,uuid=on
I checked in transactional-update shell
and apparently it merges the current writable /etc
content into the new snapshot because it already had the right line for new /var
. But you must generate new snapshot with new /etc
after changing /etc/fstab
.
I did not use btrfs send/receive
, just tar -c | tar -x
. I explicitly enabled SELinux support in tar to make sure SELinux labels are correct (I superficially checked that different files have different labels). It could potentially be a problem, I do not know if btrfs send/receive
preserves SELinux labels.
The steps (from memory) were
- Create new btrfs filesystem
- Mount it on the temporary mount point
/tmp/var
- Use
cd /var; tar -c --selinux . | tar -C /tmp/var -x --selinux
- Edit
/etc/fstab
, change /var
line
- Run
transactional-update shell
. I did not change anything, just checked that /etc/fstab
was correct.
- Reboot.
I did not have anything using /var
except systemd-journald
and auditd
so I did not bother with snapshots.
So it seems to work and you need you troubleshoot why it does not work for you following the normal steps starting with reading logs.
P.S. off-topic, but - this VM is image with systemd-boot
and FDE using systemd-pcrlock
. When I added the second disk it apparently invalidated TPM2 policy and now I cannot update it. Anyone knows how to reinitialize policies and enroll root again?