| Commit message (Collapse) | Author | Age | Files | Lines |
| |
|
|
|
|
|
|
|
|
| |
Let's ensure things are right from the start in the initramfs;
this closes off various race conditions. Followup to
https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077
Closes: https://github.com/ostreedev/ostree/issues/2115
|
|
|
|
|
|
|
|
| |
This moves read-only sysroot checks upfront, so that they are not
intermixed with mount operations.
It has no immediate side-effects, but allow these check to be
independent from the rest of the mounting logic (and future changes
to it).
|
|\ |
|
| |
| |
| |
| |
| | |
This adds checks around all `snprintf` calls in order to detect
failures and gracefully abort.
|
|/
|
|
|
| |
This moves a global mutable variable to a smaller local scope,
as it is not really used outside of that.
|
|
|
|
|
|
|
| |
This adds a `MS_SILENT` flag to all `mount(2)` calls, reducing the
amount of kernel logs produced on each boot.
Those messages do not contain actionable details, and in the "mount
plus read-only remount" case they can easily become highly redundant.
|
|
|
|
|
|
|
|
| |
This rewords errors and log messages in the functions which take care
of preparing sysroot in initramfs.
Depending on the boot flow, it is possible to reach this logic
with a sysroot mounted (unexpectedly) as read-only.
In that case, let's clearly point out the problematic mountpoint.
|
|
|
|
|
|
| |
This matches what systemd does and should work fine on all platforms.
Possibly resolves: https://bugzilla.redhat.com/show_bug.cgi?id=1888436
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When we remount `/sysroot` as read-only, we also make `/etc` read-only.
This is usually OK because we then remount `/var` read-write, which also
flips `/etc` back to read-write... unless `/var` is a separate
filesystem and not a bind-mount to the stateroot `/var`.
Fix this by just remounting `/etc` read-write in the read-only sysroot
case.
Eventually, I think we should rework this to set everything up the way
we want from the initramfs (#2115). This would also eliminate the window
during which `/etc` is read-only while `ostree-remount` runs.
|
|
|
|
|
|
| |
We were bind-mounting the initramfs' `/etc` (to itself) instead of the
target deployment `/etc` (to itself). Since we're already `chdir`'ed
into it, we can just drop the leading slash.
|
|
|
|
| |
Should quiet Coverity.
|
|
|
|
|
|
|
|
| |
Regression from https://github.com/ostreedev/ostree/pull/2113/commits/35642259175973617da937f3cab6ce5f13c95077
BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1862568
We still need to remount writable if it's not configured on;
because it may need OS adjustments it needs to be opt-in.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We recently disabled the read-only /sysroot handling:
https://github.com/ostreedev/ostree/pull/2108/commits/e35b82fb891daee823fcce421ae8f1442b630ea2
The core problem was that a lot of services run early in the
real root and want write access to things like `/var` and `/etc`.
In trying to do remounts while the system is running we introduce
too many race conditions.
Instead, just make the `/etc` bind mount in the initramfs right
after we set up the main root. This is much more natural really,
and avoids all race conditions since nothing is running in the
sysroot yet.
The main awkward part is that since we're not linking
`ostree-prepare-root` to GLib (yet) we have a hacky parser
for the config file. But, this is going to be fine I think.
In order to avoid parsing the config twice, pass state from
`ostree-prepare-root` to `ostree-remount` via a file in `/run`.
|
|
|
|
|
|
|
|
| |
We're hitting issues with the read-only remounts racing with various
services coming up. Let's neuter it for now until we rework how it
works.
See: https://github.com/coreos/fedora-coreos-tracker/issues/488
|
|
|
|
| |
Came up on an IRC question, docs for this are scattered around.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to support extending the read-only state to cover `/sysroot`
and `/boot`, since conceptually all of the data there should only
be written via libostree. Or at least for `/boot` should *mostly*
just be written by ostree.
This change needs to be opt-in though to avoid breaking anyone.
Add a `sysroot/readonly` key to the repository config which instructs
`ostree-remount.service` to ensure `/sysroot` is read-only. This
requires a bit of a dance because `/sysroot` is actually the same
filesystem as `/`; so we make `/etc` a writable bind mount in this case.
We also need to handle `/var` in the "OSTree default" case of a bind
mount; the systemd generator now looks at the writability state of
`/sysroot` and uses that to determine whether it should have the
`var.mount` unit happen before or after `ostree-remount.service.`
Also add an API to instruct the libostree shared library
that the caller has created a new mount namespace. This way
we can freely remount read-write.
This approach extends upon in a much better way previous work
we did to support remounting `/boot` read-write.
Closes: https://github.com/ostreedev/ostree/issues/1265
|
|
|
|
|
|
|
|
|
| |
Without this, rerunning ostree-prepare-root will fail in mkdir()
because /sysroot.tmp already exists, which complicates debugging from
the dracut emergency shell.
Closes: #1919
Approved by: cgwalters
|
|
|
|
|
|
|
| |
Since Linux 2.4 this is no longer required and the flag is ignored.
Closes: #1851
Approved by: cgwalters
|
|
|
|
|
|
|
| |
Closes: https://github.com/ostreedev/ostree/issues/1845
Closes: #1846
Approved by: akiernan
|
|
|
|
|
|
|
|
|
| |
Log a structured journal message when resolving the deployment path.
This will be used by the `rpm-ostree history` command to find past
deployments the system has booted into.
Closes: #1842
Approved by: cgwalters
|
|
|
|
|
|
|
|
| |
Prep for further work. It was silly to use a loop on
a static array of two elements.
Closes: #1760
Approved by: jlebon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When ostree-prepare-root is pid 1, ostree-prepare-boot defers creation of
/run/ostree-booted, which happens in ostree-remount, but that's too late
if we need ostree-system-generator to bind /var. Add the creation of the
/run/ostree-booted marker to ostree-system-generator based on the
existence of the ostree= kernel command line argument (which matches the
condition that ostree-remount uses).
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Closes: #1675
Approved by: cgwalters
|
|
|
|
|
| |
Closes: #1676
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
I made a logical error in #1617 which resulted in the exact *opposite*
behaviour we want when `/var` is a separate mount.
Split this out and lower the number of negations to make it more obvious
that it's correct.
Closes: #1667
Closes: #1668
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
| |
In some scenarios, it might make sense to let `ostree-prepare-root` do
the `/var` mount from the state root as before. For example, one may
want to do some system configuration before the switch root. This of
course comes at the expense of supporting `/var` as a mount point in
`/etc/fstab`.
Closes: #1617
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If we're running as pid1, avoid printing anything in the normal
success paths as we don't want to affect the physical console by
default; the device may be using a splash screen, etc.
Also cleanup the code a bit to use a single variable
`running_as_pid1`, declare-and-initialize, use the
`bool` type, etc.
Closes: #1531
Approved by: jlebon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
See https://mail.gnome.org/archives/ostree-list/2018-March/msg00012.html
If ostree-prepare-root is run as pid 1 (i.e we're not using an initramfs), then
anything we write outside the target sysroot (such as `/run/ostree-booted`) will
be lost.
Since `ostree-remount.service` runs fairly early in boot, and is triggered via
`ConditionKernelCommandLine=ostree`, we can just touch the file there in
addition.
Closes: #1508
Approved by: akiernan
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
SPDX License List is a list of (common) open source
licenses that can be referred to by a “short identifier”.
It has several advantages compared to the common "license header texts"
usually found in source files.
Some of the advantages:
* It is precise; there is no ambiguity due to variations in license header
text
* It is language neutral
* It is easy to machine process
* It is concise
* It is simple and can be used without much cost in interpreted
environments like java Script, etc.
* An SPDX license identifier is immutable.
* It provides simple guidance for developers who want to make sure the
license for their code is respected
See http://spdx.org for further reading.
Signed-off-by: Marcus Folkesson <marcus.folkesson@gmail.com>
Closes: #1439
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Downstream BZ: https://bugzilla.redhat.com/show_bug.cgi?id=1498281
This came up as a problem with `oci-umount` which was trying to ensure some host
mounts like `/var/lib/containers` don't leak into privileged containers. But
since our `/sysroot` mount wasn't private we also got a copy there.
We should have done this from the very start - it makes `findmnt` way, way less
ugly and is just the obviously right thing to do, will possibly create world
peace etc.
Closes: #1438
Approved by: rhvgoyal
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
With the current approach, when ostree-prepare-root is used
on the kernel command line as init=, it always assumes that
the next value in the argument list is a path to the sysroot.
The code for falling back to a default path (if none is provided),
would only work if init= is the last arg in the argument list.
We can not rely on that and have to explicitly provide the
path to the sysroot. Which defeats the purpose of a default
path selection code.
To keep command line neater assume that sysroot is on / when
using ostree-prepare-root as init. This probably is what most
people want anyways. Also _ostree_kernel_args* API assumes
that args are space separated list. Which is problematic for:
"init=${ostree}/usr/lib/ostree/ostree-prepare-root /" as it
gets split in two.
Closes: #1401
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
| |
g_autoptr was new in GLib 2.44, but we officially only require 2.40,
so we need to use the backport in libglnx.
Signed-off-by: Simon McVittie <smcv@collabora.com>
Closes: #1310
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
| |
We added a `.dir-locals.el` in commit: 9a77017d87b74c5e2895cdd64ad098018929403f
There's no need to have it per-file, with that people might think
to add other editors, which is the wrong direction.
Closes: #1206
Approved by: jlebon
|
|
|
|
|
|
|
|
|
| |
I noticed an instance of this while working on https://github.com/ostreedev/ostree/pull/861
Which apparently I cargo-culted into the new system generator bits.
Let's break this out as a small concise change.
Closes: #866
Approved by: jlebon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
If one wants to set up a mount for `/var` in `/etc/fstab`, it
won't be mounted since `ostree-prepare-root` set up a bind mount for
`/var` to `/sysroot/ostree/$stateroot/var`, and systemd will take
the already extant mount over what's in `/etc/fstab`.
There are a few options to fix this, but what I settled on is parsing
`/etc/fstab` in a generator (exactly like `systemd-fstab-generator` does),
except here we look for an explicit mount for `/var`, and if one *isn't* found,
synthesize the default ostree mount to the stateroot. Another nice property is
that if an admin creates a `var.mount` unit in `/etc` for example, that will
also override our mount.
Note that today ostree doesn't hard depend on systemd, so this behavior only
kicks in if we're built with systemd *and* libmount support (for parsing
`/etc/fstab`). I didn't really test that case though.
Initially I started writing this as a "pure libc" program, but at one point
decided to use `libostree.so` to find the booted deployment. That didn't work
out because `/boot` wasn't necessarily mounted and hence we couldn't find the
bootloader config. A leftover artifact from this is that the generator code
calls into libostree via the "cmd private" infrastructure. But it's an easy way
to share code, and doesn't hurt.
Closes: #859
Approved by: jlebon
|
|
|
|
|
|
|
|
|
| |
By checking the mount status, we avoid remounting things if we don't
need to. And printing a single line per mount helps debugging when
things go wrong.
Closes: #859
Approved by: jlebon
|
|
|
|
|
|
|
|
|
|
|
|
| |
I really have no idea what I was thinking with that list of mount points. It
seems arbitrary. Sadly `git log` doesn't help, and there's no comments.
Basically, the only mounts we should care about are those that libostree
creates. Which are just `/sysroot` and `/var`. Systemd will handle the other
things like `/tmp`, it's not our job, and we shouldn't touch them.
Closes: #859
Approved by: jlebon
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
In current systemd, there is:
[systemd-volatile-root](https://www.freedesktop.org/software/systemd/man/systemd-volatile-root.service.html)
which was introduced by [this commit](https://github.com/systemd/systemd/commit/91214a37ef4eb8042d2598aa89bae52b410d11a7).
I'd like to make further changes to how we handle `/var`, and I don't
want to reason about the interaction of our "tmpfs var" with too many
other things.
The comment about having "all /var handling in one place" was always inaccurate
given that we rely on systemd for mounting. And in general, I don't want to
duplicate too many things systemd does - it does them well, documents them, etc.
As far as I know, it was basically just Owen who was using this for the GNOME
hardware testing effort, and I'm sure he could easily switch over to
`systemd.volatile=state`.
Closes: #856
Approved by: owtaylor
|
|
|
|
|
|
|
|
|
|
|
|
| |
As $DEITY intended.
I was reading the `prepare-root.c` code and the indentation damage was
distracting. Squash tabs that have leaked into various places in the code. I
didn't yet touch the `src/libostree` bits as that has higher potential for
conflict.
Closes: #852
Approved by: jlebon
|
|
|
|
|
|
|
|
|
|
| |
This could help others who want to integrate with other init
systems/initramfs.
Commit-message-by: Colin Walters <walters@verbum.org>
Closes: #784
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
musl libc's implementation of `realpath` works by opening the path and then
doing a lookup in `/proc/self/fd` to find the canonical path. This fails
if `/proc` is not mounted. This causes problems for us if
`ostree-prepare-root` is `init` as `/proc` won't be mounted.
We have to mount `/proc` anyway for `/proc/cmdline` so this fix just
expands the scope over which `/proc` is mounted to include both our
`realpath` calls.
See also:
* http://www.openwall.com/lists/musl/2016/06/08/2 and
* http://git.musl-libc.org/cgit/musl/tree/src/misc/realpath.c?id=e738b8cbe64b6dd3ed9f47b6d4cd7eb2c422b38d
Closes: #485
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
| |
I've seen it fail with musl which needs `/proc` to be mounted for it to
work. The error messages we're rather confusing before. At least this
now points to the right location.
Closes: #485
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
| |
This simplifies the build system by removing the need for
`libswitchroot-mountutil.la`.
Original idea by @cgwalters in #477.
Closes: #478
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
The `warn()` libc extension has exactly the same behaviour as our own
`perrorv` function, but is available in (at least) glibc and musl. As an
added bonus the similar function `err()` which will exit with an error
code afterwards.
This implementation is tidier and allows us to get rid of our own
`perrorv`. It paves the way to removing `ostree-mount-util.c` to simplify
the build scripts.
Original idea by @cgwalters in #477.
Closes: #478
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
POSIX and GNU define conflicting versions of `strerror_r`. The GNU
version returns the string but doesn't necessilary write into buf.
The POSIX version writes into buf and returns the length but doesn't
necessilary append a terminate the string with a NUL if it's too long
to fit in buf.
This commit fixes building ostree-prepare-root with musl libc. The
stripped static build with musl on my machine is 30K vs. 724K with glibc
static and 11K with glibc shared.
Closes: #477
Approved by: cgwalters
|
|
|
|
|
| |
Closes: #403
Approved by: cgwalters
|
|
|
|
|
|
|
|
| |
There seemed to be more lower case first letters so I've standardised
on that.
Closes: #403
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
| |
This allows ostree-prepare-root outside of the initramfs context where the
real rootfs is already mounted at /. We can't use `mount --move` in this
case because we would be trying to move / into a subdirectory of itself.
Closes: #403
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
| |
...for simplicity. This way we don't need to keep concatenating
deploy_path to everything. We can just refer relative to the current
working directory.
We need to do this after bind-mounting it over itself otherwise our cwd
is still on the non-bind-mounted filesystem below.
Closes: #403
Approved by: cgwalters
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Typically we have our ready made-up up root at
`/sysroot/ostree/deploy/.../` (`deploy_path`) and the real rootfs at
`/sysroot` (`root_mountpoint`). We want to end up with our made-up root
at `/sysroot/` and the real rootfs under `/sysroot/sysroot` as systemd
will be responsible for moving `/sysroot` to `/`.
We need to do this in 3 moves to avoid trying to move `/sysroot` under
itself:
1. `/sysroot/ostree/deploy/...` -> `/sysroot.tmp`
2. `/sysroot` -> `/sysroot.tmp/sysroot`
3. `/sysroot.tmp` -> `/sysroot`
This is a refactoring to group all these operations together so I can
implement an alternative in terms of `pivot_root`.
Closes: #403
Approved by: cgwalters
|