diff options
author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-12-20 11:37:41 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-20 11:37:41 +0100 |
commit | 6ea05ac99fd2a59ccc326290abd8ba9b7a85bd26 (patch) | |
tree | 0595a7d2ba587acd4390db762bd0bae500128a09 | |
parent | Merge pull request #11215 from poettering/gpt-auto-no-udev (diff) | |
parent | update TODO (diff) | |
download | systemd-6ea05ac99fd2a59ccc326290abd8ba9b7a85bd26.tar.gz systemd-6ea05ac99fd2a59ccc326290abd8ba9b7a85bd26.tar.bz2 systemd-6ea05ac99fd2a59ccc326290abd8ba9b7a85bd26.zip |
Merge pull request #10912 from poettering/gpt-root-rw
make sure to propagate GPT root partition r/w flag into mount r/w flag
-rw-r--r-- | TODO | 3 | ||||
-rw-r--r-- | docs/ENVIRONMENT.md | 8 | ||||
-rw-r--r-- | src/gpt-auto-generator/gpt-auto-generator.c | 58 | ||||
-rw-r--r-- | src/remount-fs/remount-fs.c | 132 |
4 files changed, 145 insertions, 56 deletions
@@ -46,9 +46,6 @@ Features: inserting them into the kernel keyring. Maybe SecretsDirectory= similar to ConfigurationDirectory=. -* systemd-gpt-auto: if we find the root dir mounted read-only and the gpt flag - doesn't say so generate job that remounts it writable - * when no locale is configured, default to UEFI's PlatformLang variable * When logind.conf contains HandleLidSwitch=suspend-then-hibernate and we can't diff --git a/docs/ENVIRONMENT.md b/docs/ENVIRONMENT.md index 038f3d2d1..619a57eb3 100644 --- a/docs/ENVIRONMENT.md +++ b/docs/ENVIRONMENT.md @@ -165,3 +165,11 @@ systemd itself: * `$SYSTEMD_ACTIVATION_SCOPE` — closely related to `$SYSTEMD_ACTIVATION_UNIT`, it is either set to `system` or `user` depending on whether the NSS/PAM module is called by systemd in `--system` or `--user` mode. + +systemd-remount-fs: + +* `$SYSTEMD_REMOUNT_ROOT_RW=1` — if set and and no entry for the root directory + exists in /etc/fstab (this file always takes precedence), then the root + directory is remounted writable. This is primarily used by + systemd-gpt-auto-generator to ensure the root partition is mounted writable + in accordance to the GPT partition flags. diff --git a/src/gpt-auto-generator/gpt-auto-generator.c b/src/gpt-auto-generator/gpt-auto-generator.c index e9f3d7dab..d9e29c47f 100644 --- a/src/gpt-auto-generator/gpt-auto-generator.c +++ b/src/gpt-auto-generator/gpt-auto-generator.c @@ -39,7 +39,7 @@ static const char *arg_dest = NULL; static bool arg_enabled = true; static bool arg_root_enabled = true; -static bool arg_root_rw = false; +static int arg_root_rw = -1; static int add_cryptsetup(const char *id, const char *what, bool rw, bool require, char **device) { _cleanup_free_ char *e = NULL, *n = NULL, *d = NULL, *id_escaped = NULL, *what_escaped = NULL; @@ -446,6 +446,43 @@ static int add_esp(DissectedPartition *p) { } #endif +static int add_root_rw(DissectedPartition *p) { + const char *path; + int r; + + assert(p); + + if (in_initrd()) { + log_debug("In initrd, not generating drop-in for systemd-remount-fs.service."); + return 0; + } + + if (arg_root_rw >= 0) { + log_debug("Parameter ro/rw specified on kernel command line, not generating drop-in for systemd-remount-fs.service."); + return 0; + } + + if (!p->rw) { + log_debug("Root partition marked read-only in GPT partition table, not generating drop-in for systemd-remount-fs.service."); + return 0; + } + + path = strjoina(arg_dest, "/systemd-remount-fs.service.d/50-remount-rw.conf"); + (void) mkdir_parents(path, 0755); + + r = write_string_file(path, + "# Automatically generated by systemd-gpt-generator\n\n" + "[Unit]\n" + "ConditionPathExists=\n\n" /* We need to turn off the ConditionPathExist= in the main unit file */ + "[Service]\n" + "Environment=SYSTEMD_REMOUNT_ROOT_RW=1\n", + WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_NOFOLLOW); + if (r < 0) + return log_error_errno(r, "Failed to write drop-in file %s: %m", path); + + return 0; +} + static int open_parent(dev_t devnum, int *ret) { _cleanup_(sd_device_unrefp) sd_device *d = NULL; const char *name, *devtype, *node; @@ -550,6 +587,12 @@ static int enumerate_partitions(dev_t devnum) { r = k; } + if (m->partitions[PARTITION_ROOT].found) { + k = add_root_rw(m->partitions + PARTITION_ROOT); + if (k < 0) + r = k; + } + return r; } @@ -558,7 +601,8 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat assert(key); - if (STR_IN_SET(key, "systemd.gpt_auto", "rd.systemd.gpt_auto")) { + if (proc_cmdline_key_streq(key, "systemd.gpt_auto") || + proc_cmdline_key_streq(key, "rd.systemd.gpt_auto")) { r = value ? parse_boolean(value) : 1; if (r < 0) @@ -566,7 +610,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat else arg_enabled = r; - } else if (streq(key, "root")) { + } else if (proc_cmdline_key_streq(key, "root")) { if (proc_cmdline_value_missing(key, value)) return 0; @@ -576,7 +620,7 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat arg_root_enabled = streq(value, "gpt-auto"); - } else if (streq(key, "roothash")) { + } else if (proc_cmdline_key_streq(key, "roothash")) { if (proc_cmdline_value_missing(key, value)) return 0; @@ -585,9 +629,9 @@ static int parse_proc_cmdline_item(const char *key, const char *value, void *dat arg_root_enabled = false; - } else if (streq(key, "rw") && !value) + } else if (proc_cmdline_key_streq(key, "rw") && !value) arg_root_rw = true; - else if (streq(key, "ro") && !value) + else if (proc_cmdline_key_streq(key, "ro") && !value) arg_root_rw = false; return 0; @@ -639,7 +683,7 @@ static int add_root_mount(void) { "/dev/gpt-auto-root", in_initrd() ? "/sysroot" : "/", NULL, - arg_root_rw, + arg_root_rw > 0, NULL, "Root Partition", in_initrd() ? SPECIAL_INITRD_ROOT_FS_TARGET : SPECIAL_LOCAL_FS_TARGET); diff --git a/src/remount-fs/remount-fs.c b/src/remount-fs/remount-fs.c index af92ddb96..0bac355e0 100644 --- a/src/remount-fs/remount-fs.c +++ b/src/remount-fs/remount-fs.c @@ -8,6 +8,7 @@ #include <sys/wait.h> #include <unistd.h> +#include "env-util.h" #include "exit-status.h" #include "log.h" #include "main-func.h" @@ -19,13 +20,37 @@ #include "strv.h" #include "util.h" -/* Goes through /etc/fstab and remounts all API file systems, applying - * options that are in /etc/fstab that systemd might not have - * respected */ +/* Goes through /etc/fstab and remounts all API file systems, applying options that are in /etc/fstab that systemd + * might not have respected */ + +static int track_pid(Hashmap **h, const char *path, pid_t pid) { + _cleanup_free_ char *c = NULL; + int r; + + assert(h); + assert(path); + assert(pid_is_valid(pid)); + + r = hashmap_ensure_allocated(h, NULL); + if (r < 0) + return log_oom(); + + c = strdup(path); + if (!c) + return log_oom(); + + r = hashmap_put(*h, PID_TO_PTR(pid), c); + if (r < 0) + return log_oom(); + + TAKE_PTR(c); + return 0; +} static int run(int argc, char *argv[]) { _cleanup_hashmap_free_free_ Hashmap *pids = NULL; _cleanup_endmntent_ FILE *f = NULL; + bool has_root = false; struct mntent* me; int r; @@ -39,57 +64,72 @@ static int run(int argc, char *argv[]) { f = setmntent("/etc/fstab", "re"); if (!f) { - if (errno == ENOENT) - return 0; - - return log_error_errno(errno, "Failed to open /etc/fstab: %m"); - } - - pids = hashmap_new(NULL); - if (!pids) - return log_oom(); - - while ((me = getmntent(f))) { - _cleanup_free_ char *s = NULL; - pid_t pid; - int k; - - /* Remount the root fs, /usr and all API VFS */ - if (!mount_point_is_api(me->mnt_dir) && - !path_equal(me->mnt_dir, "/") && - !path_equal(me->mnt_dir, "/usr")) - continue; - - log_debug("Remounting %s", me->mnt_dir); - - r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid); - if (r < 0) - return r; - if (r == 0) { - /* Child */ - - execv(MOUNT_PATH, STRV_MAKE(MOUNT_PATH, me->mnt_dir, "-o", "remount")); + if (errno != ENOENT) + return log_error_errno(errno, "Failed to open /etc/fstab: %m"); + } else { + while ((me = getmntent(f))) { + pid_t pid; + + /* Remount the root fs, /usr and all API VFS */ + if (!mount_point_is_api(me->mnt_dir) && + !PATH_IN_SET(me->mnt_dir, "/", "/usr")) + continue; - log_error_errno(errno, "Failed to execute " MOUNT_PATH ": %m"); - _exit(EXIT_FAILURE); + log_debug("Remounting %s...", me->mnt_dir); + + if (path_equal(me->mnt_dir, "/")) + has_root = true; + + r = safe_fork("(remount)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_RLIMIT_NOFILE_SAFE|FORK_LOG, &pid); + if (r < 0) + return r; + if (r == 0) { + /* Child */ + execv(MOUNT_PATH, STRV_MAKE(MOUNT_PATH, me->mnt_dir, "-o", "remount")); + log_error_errno(errno, "Failed to execute " MOUNT_PATH ": %m"); + _exit(EXIT_FAILURE); + } + + /* Parent */ + r = track_pid(&pids, me->mnt_dir, pid); + if (r < 0) + return r; } + } - /* Parent */ - - s = strdup(me->mnt_dir); - if (!s) - return log_oom(); - - k = hashmap_put(pids, PID_TO_PTR(pid), s); - if (k < 0) - return log_oom(); - TAKE_PTR(s); + if (!has_root) { + /* The $SYSTEMD_REMOUNT_ROOT_RW environment variable is set by systemd-gpt-auto-generator to tell us + * whether to remount things. We honour it only if there's no explicit line in /etc/fstab configured + * which takes precedence. */ + + r = getenv_bool("SYSTEMD_REMOUNT_ROOT_RW"); + if (r > 0) { + pid_t pid; + + log_debug("Remounting / writable..."); + + r = safe_fork("(remount-rw)", FORK_RESET_SIGNALS|FORK_DEATHSIG|FORK_LOG, &pid); + if (r < 0) + return r; + if (r == 0) { + /* Child */ + execv(MOUNT_PATH, STRV_MAKE(MOUNT_PATH, "/", "-o", "remount,rw")); + log_error_errno(errno, "Failed to execute " MOUNT_PATH ": %m"); + _exit(EXIT_FAILURE); + } + + r = track_pid(&pids, "/", pid); + if (r < 0) + return r; + + } else if (r < 0 && r != -ENXIO) + log_warning_errno(r, "Failed to parse $SYSTEMD_REMOUNT_ROOT_RW, ignoring: %m"); } r = 0; while (!hashmap_isempty(pids)) { - siginfo_t si = {}; _cleanup_free_ char *s = NULL; + siginfo_t si = {}; if (waitid(P_ALL, 0, &si, WEXITED) < 0) { if (errno == EINTR) |