picnoir
/
Systemd
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Merge pull request #10912 from poettering/gpt-root-rw 

make sure to propagate GPT root partition r/w flag into mount r/w flag
This commit is contained in:
Zbigniew Jędrzejewski-Szmek 2018-12-20 11:37:41 +01:00 committed by GitHub
parent faf9e4426c 7d1353ccf2
commit 6ea05ac99f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
4 changed files with 140 additions and 51 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
TODO
View File

@ -46,9 +46,6 @@ Features:
inserting them into the kernel keyring. Maybe SecretsDirectory= similar to
ConfigurationDirectory=.
* systemd-gpt-auto: if we find the root dir mounted read-only and the gpt flag
doesn't say so generate job that remounts it writable
* when no locale is configured, default to UEFI's PlatformLang variable
* When logind.conf contains HandleLidSwitch=suspend-then-hibernate and we can't

8
docs/ENVIRONMENT.md
View File

@ -165,3 +165,11 @@ systemd itself:
* `$SYSTEMD_ACTIVATION_SCOPE` — closely related to `$SYSTEMD_ACTIVATION_UNIT`,
it is either set to `system` or `user` depending on whether the NSS/PAM
module is called by systemd in `--system` or `--user` mode.
systemd-remount-fs:
* `$SYSTEMD_REMOUNT_ROOT_RW=1` — if set and and no entry for the root directory
exists in /etc/fstab (this file always takes precedence), then the root
directory is remounted writable. This is primarily used by
systemd-gpt-auto-generator to ensure the root partition is mounted writable
in accordance to the GPT partition flags.

58
src/gpt-auto-generator/gpt-auto-generator.c
View File

@ -39,7 +39,7 @@
static const char *arg_dest = NULL;
static bool arg_enabled = true;
static bool arg_root_enabled = true;
static bool arg_root_rw = false;
static int arg_root_rw = -1;
static int add_cryptsetup(const char *id, const char *what, bool rw, bool require, char **device) {
_cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *id_escaped = NULL, *what_escaped = NULL;
@ -446,6 +446,43 @@ static int add_esp(DissectedPartition *p) {
}
#endif
static int add_root_rw(DissectedPartition *p) {
const char *path;
int r;
assert(p);
if (in_initrd()) {
log_debug("In initrd, not generating drop-in for systemd-remount-fs.service.");
return 0;
}
if (arg_root_rw >= 0) {
log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service.");
return 0;
}
if (!p->rw) {
log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service.");
return 0;
}
path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf");
(void) mkdir_parents(path, 0755);
r = write_string_file(path,
"# Automatically generated by systemd-gpt-generator\n\n"
"[Unit]\n"
"ConditionPathExists=\n\n" /* We need to turn off the ConditionPathExist= in the main unit file */
"[Service]\n"
"Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n",
WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW);
if (r < 0)
return log_error_errno(r, "Failed to write drop-in file %s: %m", path);
return 0;
}
static int open_parent(dev_t devnum, int *ret) {
_cleanup_(sd_device_unrefp) sd_device *d = NULL;
const char *name, *devtype, *node;
@ -550,6 +587,12 @@ static int enumerate_partitions(dev_t devnum) {
r = k;
}
if (m->partitions[PARTITION_ROOT].found) {
k = add_root_rw(m->partitions + PARTITION_ROOT);
if (k < 0)
r = k;
}
return r;
}
@ -558,7 +601,8 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
assert(key);
if (STR_IN_SET(key, "systemd.gpt_auto", "rd.systemd.gpt_auto")) {
if (proc_cmdline_key_streq(key, "systemd.gpt_auto") ||
proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) {
r = value ? parse_boolean(value) : 1;
if (r < 0)
@ -566,7 +610,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
else
arg_enabled = r;
} else if (streq(key, "root")) {
} else if (proc_cmdline_key_streq(key, "root")) {
if (proc_cmdline_value_missing(key, value))
return 0;
@ -576,7 +620,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
arg_root_enabled = streq(value, "gpt-auto");
} else if (streq(key, "roothash")) {
} else if (proc_cmdline_key_streq(key, "roothash")) {
if (proc_cmdline_value_missing(key, value))
return 0;
@ -585,9 +629,9 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat
arg_root_enabled = false;
} else if (streq(key, "rw") && !value)
} else if (proc_cmdline_key_streq(key, "rw") && !value)
arg_root_rw = true;
else if (streq(key, "ro") && !value)
else if (proc_cmdline_key_streq(key, "ro") && !value)
arg_root_rw = false;
return 0;
@ -639,7 +683,7 @@ static int add_root_mount(void) {
"/dev/gpt-auto-root",
in_initrd() ? "/sysroot" : "/",
NULL,
arg_root_rw,
arg_root_rw > 0,
NULL,
"Root Partition",
in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET);

122
src/remount-fs/remount-fs.c
View File

@ -8,6 +8,7 @@
#include <sys/wait.h>
#include <unistd.h>
#include "env-util.h"
#include "exit-status.h"
#include "log.h"
#include "main-func.h"
@ -19,13 +20,37 @@
#include "strv.h"
#include "util.h"
/* Goes through /etc/fstab and remounts all API file systems, applying
* options that are in /etc/fstab that systemd might not have
* respected */
/* Goes through /etc/fstab and remounts all API file systems, applying options that are in /etc/fstab that systemd
* might not have respected */
static int track_pid(Hashmap **h, const char *path, pid_t pid) {
_cleanup_free_ char *c = NULL;
int r;
assert(h);
assert(path);
assert(pid_is_valid(pid));
r = hashmap_ensure_allocated(h, NULL);
if (r < 0)
return log_oom();
c = strdup(path);
if (!c)
return log_oom();
r = hashmap_put(*h, PID_TO_PTR(pid), c);
if (r < 0)
return log_oom();
TAKE_PTR(c);
return 0;
}
static int run(int argc, char *argv[]) {
_cleanup_hashmap_free_free_ Hashmap *pids = NULL;
_cleanup_endmntent_ FILE *f = NULL;
bool has_root = false;
struct mntent* me;
int r;
@ -39,57 +64,72 @@ static int run(int argc, char *argv[]) {
f = setmntent("/etc/fstab", "re");
if (!f) {
if (errno == ENOENT)
return 0;
if (errno != ENOENT)
return log_error_errno(errno, "Failed to open /etc/fstab: %m");
} else {
while ((me = getmntent(f))) {
pid_t pid;
return log_error_errno(errno, "Failed to open /etc/fstab: %m");
/* Remount the root fs, /usr and all API VFS */
if (!mount_point_is_api(me->mnt_dir) &&
!PATH_IN_SET(me->mnt_dir, "/", "/usr"))
continue;
log_debug("Remounting %s...", me->mnt_dir);
if (path_equal(me->mnt_dir, "/"))
has_root = true;
r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
/* Child */
execv(MOUNT_PATH, STRV_MAKE(MOUNT_PATH, me->mnt_dir, "-o", "remount"));
log_error_errno(errno, "Failed to execute " MOUNT_PATH ": %m");
_exit(EXIT_FAILURE);
}
/* Parent */
r = track_pid(&pids, me->mnt_dir, pid);
if (r < 0)
return r;
}
}
pids = hashmap_new(NULL);
if (!pids)
return log_oom();
if (!has_root) {
/* The $SYSTEMD_REMOUNT_ROOT_RW environment variable is set by systemd-gpt-auto-generator to tell us
* whether to remount things. We honour it only if there's no explicit line in /etc/fstab configured
* which takes precedence. */
while ((me = getmntent(f))) {
_cleanup_free_ char *s = NULL;
pid_t pid;
int k;
r = getenv_bool("SYSTEMD_REMOUNT_ROOT_RW");
if (r > 0) {
pid_t pid;
/* Remount the root fs, /usr and all API VFS */
if (!mount_point_is_api(me->mnt_dir) &&
!path_equal(me->mnt_dir, "/") &&
!path_equal(me->mnt_dir, "/usr"))
continue;
log_debug("Remounting / writable...");
log_debug("Remounting %s", me->mnt_dir);
r = safe_fork("(remount-rw)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
/* Child */
execv(MOUNT_PATH, STRV_MAKE(MOUNT_PATH, "/", "-o", "remount,rw"));
log_error_errno(errno, "Failed to execute " MOUNT_PATH ": %m");
_exit(EXIT_FAILURE);
}
r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid);
if (r < 0)
return r;
if (r == 0) {
/* Child */
r = track_pid(&pids, "/", pid);
if (r < 0)
return r;
execv(MOUNT_PATH, STRV_MAKE(MOUNT_PATH, me->mnt_dir, "-o", "remount"));
log_error_errno(errno, "Failed to execute " MOUNT_PATH ": %m");
_exit(EXIT_FAILURE);
}
/* Parent */
s = strdup(me->mnt_dir);
if (!s)
return log_oom();
k = hashmap_put(pids, PID_TO_PTR(pid), s);
if (k < 0)
return log_oom();
TAKE_PTR(s);
} else if (r < 0 && r != -ENXIO)
log_warning_errno(r, "Failed to parse $SYSTEMD_REMOUNT_ROOT_RW, ignoring: %m");
}
r = 0;
while (!hashmap_isempty(pids)) {
siginfo_t si = {};
_cleanup_free_ char *s = NULL;
siginfo_t si = {};
if (waitid(P_ALL, 0, &si, WEXITED) < 0) {
if (errno == EINTR)