From 81ce55a1e511c5e6f46d108e3ddb237f037fd6f3 Mon Sep 17 00:00:00 2001 From: "Brian C. Lane" Date: Fri, 18 Jan 2019 12:06:18 -0800 Subject: [PATCH] lorax: Move default tmp dir to /var/tmp/lorax If systemd's tmpfiles.d timer is executed while lorax is running it will remove any files and directories older than 30 days. This is what has been causing the occasional error where /proc/ would seem to vanish during the install. Upstream has proposed this solution, https://github.com/systemd/systemd/pull/11482 but until that is released we need a work-around to protect the lorax files. This commit does several things: * Move the default tmpdir from /var/tmp/ to /var/tmp/lorax/ * Add a lorax.conf tmpfiles.d file that prevents systemd-tmpfiles from removing anything under /var/tmp/lorax/ * Add an exit handler to lorax so that temporary directories are removed on exit or on a python traceback. * Use flock to lock access to the tempdir while lorax is running. * Remove any unlocked tempdirs named /var/tmp/lorax/lorax.* at startup Note that the exit handler will not remove the tempdir if lorax is killed with a signal -- those are being caught by dnf and prevent the exit handler from running. systemd-tmpfiles cannot clean up the tempdirs at boot time because they contain files labeled as shadow_t, so we have to remove those when lorax runs. It uses the flock to prevent removing any directories created by parallel instances of lorax and only removes ones that are unlocked. Worst case they will be around until the first run of lorax after a reboot. If you want to keep the working directory around for debugging purposes use --workdir /var/tmp/lorax/my-workdir and it won't be removed by lorax. Resolves: rhbz#1668520 --- lorax.spec | 1 + setup.py | 3 ++- src/sbin/lorax | 60 ++++++++++++++++++++++++++++++++++++++++++++-- systemd/lorax.conf | 3 +++ 4 files changed, 64 insertions(+), 3 deletions(-) create mode 100644 systemd/lorax.conf diff --git a/lorax.spec b/lorax.spec index 96eb71eb..a650650b 100644 --- a/lorax.spec +++ b/lorax.spec @@ -117,6 +117,7 @@ rm -f $RPM_BUILD_ROOT/%{_tmpfilesdir}/lorax-composer.conf %{_datadir}/lorax/* %exclude %{_datadir}/lorax/composer %{_mandir}/man1/*.1* +%{_tmpfilesdir}/lorax.conf %changelog * Wed Aug 15 2018 Brian C. Lane 19.7.19-1 diff --git a/setup.py b/setup.py index 62e1ac10..da7d4e1c 100644 --- a/setup.py +++ b/setup.py @@ -10,7 +10,8 @@ data_files = [("/etc/lorax", ["etc/lorax.conf"]), ("/etc/lorax", ["etc/composer.conf"]), ("/usr/lib/systemd/system", ["systemd/lorax-composer.service", "systemd/lorax-composer.socket"]), - ("/usr/lib/tmpfiles.d/", ["systemd/lorax-composer.conf"])] + ("/usr/lib/tmpfiles.d/", ["systemd/lorax-composer.conf", + "systemd/lorax.conf"])] # shared files for root, dnames, fnames in os.walk("share"): diff --git a/src/sbin/lorax b/src/sbin/lorax index 41f07642..eacdecc5 100755 --- a/src/sbin/lorax +++ b/src/sbin/lorax @@ -30,6 +30,9 @@ pylorax_log = logging.getLogger("pylorax") yum_log = logging.getLogger("yum") +import atexit +import fcntl +from glob import glob import sys import os import shutil @@ -46,6 +49,42 @@ from pylorax import DRACUT_DEFAULT VERSION = "{0}-{1}".format(os.path.basename(sys.argv[0]), pylorax.vernum) +def exit_handler(tempdir): + """Handle cleanup of tmpdir, if it still exists + """ + if not tempdir: + return + if os.path.exists(tempdir): + log.info("Cleaning up tempdir - %s", tempdir) + shutil.rmtree(tempdir) + + +def remove_tempdirs(): + """Delete all unlocked tempdirs under tempfile.gettempdir + + When lorax crashes it can leave behind tempdirs, which cannot be cleaned up by + systemd-tmpfiles (SELinux restricts a complete cleanup). + + So we lock them while in use and cleanup all the ones that are not locked + when lorax starts. + """ + for d in glob(os.path.join(tempfile.gettempdir(), "lorax.*")): + if not os.path.isdir(d): + continue + try: + dir_fd = os.open(d, os.O_RDONLY|os.O_DIRECTORY) + fcntl.flock(dir_fd, fcntl.LOCK_EX | fcntl.LOCK_NB) + except IOError: + # lock failed, skip this directory + os.close(dir_fd) + continue + + # Lock succeeded, remove the directory + log.info("Removing old tempdir %s", d) + shutil.rmtree(d) + os.close(dir_fd) + + def setup_logging(opts): # Setup logging to console and to logfile log.setLevel(logging.DEBUG) @@ -134,7 +173,7 @@ def main(args): action="store_false", default=True, dest="doupgrade") optional.add_option("--logfile", default="./lorax.log", help="Path to logfile") - optional.add_option("--tmp", default="/var/tmp", + optional.add_option("--tmp", default="/var/tmp/lorax", help="Top level temporary directory" ) optional.add_option("--add-template", dest="add_templates", action="append", help="Additional template for runtime image", @@ -196,10 +235,20 @@ def main(args): setup_logging(opts) log.info("Lorax %s", pylorax.vernum) + + if not os.path.exists(opts.tmp): + os.makedirs(opts.tmp) + tempfile.tempdir = opts.tmp + # Remove any orphaned lorax tempdirs + remove_tempdirs() + # create the temporary directory for lorax - tempdir = tempfile.mkdtemp(prefix="lorax.", dir=tempfile.gettempdir()) + tempdir = tempfile.mkdtemp(prefix="lorax.") + + # register an exit handler to cleanup the temporary directory + atexit.register(exit_handler, tempdir) # create the yumbase object installtree = os.path.join(tempdir, "installtree") @@ -207,6 +256,10 @@ def main(args): yumtempdir = os.path.join(tempdir, "yum") os.mkdir(yumtempdir) + # Obtain an exclusive lock on the tempdir + dir_fd = os.open(tempdir, os.O_RDONLY|os.O_DIRECTORY) + fcntl.flock(dir_fd, fcntl.LOCK_EX | fcntl.LOCK_NB) + yb = get_yum_base_object(installtree, opts.source, opts.mirrorlist, opts.repo_files, yumtempdir, opts.proxy, opts.excludepkgs, @@ -246,6 +299,9 @@ def main(args): remove_temp=True, user_dracut_args=opts.dracut_args) + # Release the lock on the tempdir + os.close(dir_fd) + def get_yum_base_object(installroot, repositories, mirrorlists=None, repo_files=None, tempdir="/var/tmp", proxy=None, excludepkgs=None, diff --git a/systemd/lorax.conf b/systemd/lorax.conf new file mode 100644 index 00000000..f720ceb4 --- /dev/null +++ b/systemd/lorax.conf @@ -0,0 +1,3 @@ +# Prevent systemd from removing installtree files +# This should eventually be fixed by - https://github.com/systemd/systemd/pull/11482 +x /var/tmp/lorax 750 root root