import CS ostree-2025.6-1.el10
This commit is contained in:
parent
5f7d80edcc
commit
c2487166b4
186
0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
Normal file
186
0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
Normal file
@ -0,0 +1,186 @@
|
||||
From d0c454c23637dceda6d7395dd2141b564e3efa47 Mon Sep 17 00:00:00 2001
|
||||
From: Colin Walters <walters@verbum.org>
|
||||
Date: Thu, 28 Aug 2025 13:53:14 -0400
|
||||
Subject: [PATCH] Add ostree-shutdown.service: hide /sysroot and make /etc
|
||||
read-only
|
||||
|
||||
We have a lot of bind mounts; these are usually set up in the initramfs.
|
||||
So far during shutdown we've let systemd just try to sort things out
|
||||
via auto-generated mount units i.e. `sysroot.mount` and `etc.mount`
|
||||
and so on.
|
||||
|
||||
systemd has some special casing for `-.mount` (i.e. `/`) and `etc.mount`
|
||||
https://github.com/systemd/systemd/blob/e91bfad241799b449df73efc30d833b9c5937001/src/shared/fstab-util.c#L72
|
||||
|
||||
However it doesn't special case `/sysroot` - which is currently
|
||||
an ostree-specific invention (when used in the real root).
|
||||
We cannot actually unmount `/sysroot` while it's in use, and it
|
||||
is because `/etc` is a bind mount into it. And we can't tear
|
||||
down `/etc` because it's just expected that e.g. pid 1 and other
|
||||
things hold open references to it - until things finally
|
||||
transition into systemd-shutdown.
|
||||
|
||||
What we can do though is explicitly detach it during the shutdown
|
||||
phase; this ensures that systemd won't try to clean it up then,
|
||||
suppressing errors about its inability to do so.
|
||||
|
||||
While we're here, let's also remount `/etc` read-only; while
|
||||
systemd itself will try to do so during systemd-shutdown.
|
||||
Per comments if this service fails, it's a bug in something
|
||||
else to be fixed.
|
||||
|
||||
Closes: https://github.com/ostreedev/ostree/issues/3513
|
||||
Signed-off-by: Colin Walters <walters@verbum.org>
|
||||
---
|
||||
Makefile-boot.am | 2 +
|
||||
src/boot/ostree-shutdown.service | 22 ++++++++
|
||||
src/libostree/ostree-impl-system-generator.c | 4 ++
|
||||
src/switchroot/ostree-remount.c | 57 ++++++++++++++++++++
|
||||
4 files changed, 85 insertions(+)
|
||||
create mode 100644 src/boot/ostree-shutdown.service
|
||||
|
||||
diff --git a/Makefile-boot.am b/Makefile-boot.am
|
||||
index 7b7cb892..e26c1816 100644
|
||||
--- a/Makefile-boot.am
|
||||
+++ b/Makefile-boot.am
|
||||
@@ -38,6 +38,7 @@ endif
|
||||
if BUILDOPT_SYSTEMD
|
||||
systemdsystemunit_DATA = src/boot/ostree-prepare-root.service \
|
||||
src/boot/ostree-remount.service \
|
||||
+ src/boot/ostree-shutdown.service \
|
||||
src/boot/ostree-boot-complete.service \
|
||||
src/boot/ostree-finalize-staged.service \
|
||||
src/boot/ostree-finalize-staged-hold.service \
|
||||
@@ -69,6 +70,7 @@ EXTRA_DIST += src/boot/dracut/module-setup.sh \
|
||||
src/boot/ostree-boot-complete.service \
|
||||
src/boot/ostree-prepare-root.service \
|
||||
src/boot/ostree-remount.service \
|
||||
+ src/boot/ostree-shutdown.service \
|
||||
src/boot/ostree-finalize-staged.service \
|
||||
src/boot/ostree-finalize-staged-hold.service \
|
||||
src/boot/ostree-state-overlay@.service \
|
||||
diff --git a/src/boot/ostree-shutdown.service b/src/boot/ostree-shutdown.service
|
||||
new file mode 100644
|
||||
index 00000000..24919ec5
|
||||
--- /dev/null
|
||||
+++ b/src/boot/ostree-shutdown.service
|
||||
@@ -0,0 +1,22 @@
|
||||
+# SPDX-License-Identifier: LGPL-2.0+
|
||||
+
|
||||
+[Unit]
|
||||
+Description=OSTree Shutdown
|
||||
+Documentation=man:ostree(1)
|
||||
+DefaultDependencies=no
|
||||
+# Only enabled via generator, but for good measure
|
||||
+ConditionKernelCommandLine=ostree
|
||||
+# Run after core mounts
|
||||
+RequiresMountsFor=/etc /sysroot
|
||||
+# However, we want to only shut down after `/var` has been umounted.
|
||||
+# Since this runs via ExecStop, this Before= is actually After= at shutdown
|
||||
+Before=var.mount
|
||||
+Conflicts=umount.target
|
||||
+Before=umount.target
|
||||
+
|
||||
+[Service]
|
||||
+Type=oneshot
|
||||
+RemainAfterExit=yes
|
||||
+ExecStop=/usr/lib/ostree/ostree-remount --shutdown
|
||||
+
|
||||
+# No [Install] section - we're only enabled via generator
|
||||
diff --git a/src/libostree/ostree-impl-system-generator.c b/src/libostree/ostree-impl-system-generator.c
|
||||
index f0116251..65f07fd5 100644
|
||||
--- a/src/libostree/ostree-impl-system-generator.c
|
||||
+++ b/src/libostree/ostree-impl-system-generator.c
|
||||
@@ -108,6 +108,10 @@ require_internal_units (const char *normal_dir, const char *early_dir, const cha
|
||||
"local-fs.target.requires/ostree-remount.service")
|
||||
< 0)
|
||||
return glnx_throw_errno_prefix (error, "symlinkat");
|
||||
+ if (symlinkat (SYSTEM_DATA_UNIT_PATH "/ostree-shutdown.service", normal_dir_dfd,
|
||||
+ "local-fs.target.wants/ostree-shutdown.service")
|
||||
+ < 0)
|
||||
+ return glnx_throw_errno_prefix (error, "symlinkat");
|
||||
|
||||
if (!glnx_shutil_mkdir_p_at (normal_dir_dfd, "multi-user.target.wants", 0755, cancellable, error))
|
||||
return FALSE;
|
||||
diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c
|
||||
index f0a4b3d9..b1c829ea 100644
|
||||
--- a/src/switchroot/ostree-remount.c
|
||||
+++ b/src/switchroot/ostree-remount.c
|
||||
@@ -42,6 +42,12 @@
|
||||
#include "ostree-mount-util.h"
|
||||
#include "otcore.h"
|
||||
|
||||
+static gboolean opt_shutdown;
|
||||
+
|
||||
+static GOptionEntry options[] = { { "shutdown", 'S', 0, G_OPTION_ARG_NONE, &opt_shutdown,
|
||||
+ "Perform shutdown unmounting", NULL },
|
||||
+ { NULL } };
|
||||
+
|
||||
static void
|
||||
do_remount (const char *target, bool writable)
|
||||
{
|
||||
@@ -133,10 +139,61 @@ relabel_dir_for_upper (const char *upper_path, const char *real_path, gboolean i
|
||||
#endif
|
||||
}
|
||||
|
||||
+// ostree-prepare-root sets things up so that /sysroot points to the "physical" (real) root in the
|
||||
+// initramfs, and then with composefs `/` is an overlay+EROFS that holds references to content in
|
||||
+// that physical filesystem.
|
||||
+//
|
||||
+// In a typical mutable system where the OS is in a mutable `/` (or `/usr), systemd explicitly
|
||||
+// skips unmounting both `/` and `/usr`. It will remount them read-only though - and that's
|
||||
+// the semantic we want to match here.
|
||||
+static void
|
||||
+do_shutdown (void)
|
||||
+{
|
||||
+ const char *sysroot = "/sysroot";
|
||||
+ if (mount (sysroot, sysroot, NULL, MS_REMOUNT | MS_SILENT | MS_RDONLY, NULL) < 0)
|
||||
+ {
|
||||
+ // Hopefully at this point nothing has any write references, but if they
|
||||
+ // do we still want to continue.
|
||||
+ perror ("Remounting /sysroot read-only");
|
||||
+ }
|
||||
+ // And fully detach it from the mountns because otherwise systemd thinks
|
||||
+ // it can be unmounted, but it can't - it's required by `/` (and in a
|
||||
+ // composefs setup `/etc`) and possibly `/var`. Again, we only really
|
||||
+ // care that it got mounted read-only and hence outstanding data flushed.
|
||||
+ // A better fix in the future would be to teach systemd to honor `-.mount`
|
||||
+ // having a `Requires=sysroot.mount` meaning we can't unmount the latter.
|
||||
+ if (umount2 (sysroot, MNT_DETACH) < 0)
|
||||
+ err (EXIT_FAILURE, "umount(/sysroot)");
|
||||
+
|
||||
+ // And finally: /etc
|
||||
+ // NOTE! This one is intentionally last in that we want to try to make
|
||||
+ // this read-only, but if it fails, systemd-shutdown will have another
|
||||
+ // attempt after a process killing spree. If anything happens to be
|
||||
+ // holding a writable fd at this point, conceptually it would have
|
||||
+ // created race conditions vs ostree-finalize-staged.service, and so
|
||||
+ // having this service fail will be a signal that those things need
|
||||
+ // to be fixed.
|
||||
+ do_remount ("/etc", false);
|
||||
+ // Don't add anything else after this.
|
||||
+}
|
||||
+
|
||||
int
|
||||
main (int argc, char *argv[])
|
||||
{
|
||||
g_autoptr (GError) error = NULL;
|
||||
+ g_autoptr (GOptionContext) context = g_option_context_new ("");
|
||||
+ g_option_context_add_main_entries (context, options, NULL);
|
||||
+ if (!g_option_context_parse (context, &argc, &argv, &error))
|
||||
+ errx (EXIT_FAILURE, "Error parsing options: %s", error->message);
|
||||
+
|
||||
+ // Handle the shutdown option
|
||||
+ if (opt_shutdown)
|
||||
+ {
|
||||
+ do_shutdown ();
|
||||
+ return 0;
|
||||
+ }
|
||||
+ // Otherwise fall through to the default startup
|
||||
+
|
||||
g_autoptr (GVariant) ostree_run_metadata_v = NULL;
|
||||
{
|
||||
glnx_autofd int fd = open (OTCORE_RUN_BOOTED, O_RDONLY | O_CLOEXEC);
|
||||
--
|
||||
2.50.1
|
||||
|
||||
13
ostree.spec
13
ostree.spec
@ -23,6 +23,9 @@ Source0: https://github.com/ostreedev/%{name}/releases/download/v%{version}/libo
|
||||
License: LGPL-2.0-or-later
|
||||
URL: https://ostree.readthedocs.io/en/latest/
|
||||
|
||||
# https://issues.redhat.com/browse/RHEL-112719
|
||||
Patch0: 0001-Add-ostree-shutdown.service-hide-sysroot-and-make-et.patch
|
||||
|
||||
# Conditional to ELN right now to reduce blast radius; xref
|
||||
# https://github.com/containers/composefs/pull/229#issuecomment-1838735764
|
||||
%if 0%{?rhel} >= 10
|
||||
@ -193,8 +196,14 @@ find %{buildroot} -name '*.la' -delete
|
||||
|
||||
%changelog
|
||||
## START: Generated by rpmautospec
|
||||
* Thu Sep 11 2025 Joseph Marrero Corchado <jmarrero@redhat.com> - 2025.6-1
|
||||
- Rebase to 2025.6
|
||||
* Tue Sep 09 2025 Colin Walters <walters@verbum.org> - 2025.6-1
|
||||
- Release v2025.6
|
||||
|
||||
* Thu Sep 04 2025 Colin Walters <walters@verbum.org> - 2025.5-3
|
||||
- Remove unused patches
|
||||
|
||||
* Thu Sep 04 2025 Colin Walters <walters@verbum.org> - 2025.5-2
|
||||
- Cherry pick https://github.com/ostreedev/ostree/pull/3516
|
||||
|
||||
* Mon Aug 25 2025 Colin Walters <walters@verbum.org> - 2025.5-1
|
||||
- Release v2025.5
|
||||
|
||||
Loading…
Reference in New Issue
Block a user