Installing stuff in a chroot should not fail because efivars are
not available. When running in a container touching efivars is
completely disabled, but there are some cases (recovery) where
it is needed to touch them in a chroot, so don't disable them but
avoid failing the run instead.
<term><option>--graceful</option></term>
<listitem><para>Ignore failure when the EFI System Partition cannot be found, when EFI variables
cannot be written, or a different or newer boot loader is already installed. Currently only applies
- to <command>is-installed</command>, <command>update</command>, and <command>random-seed</command>
- verbs.</para>
+ to <command>is-installed</command>, <command>update</command>, <command>random-seed</command> and
+ <command>install</command> verbs. Since version v258, it is implicitly enabled when running inside a
+ chroot.</para>
<xi:include href="version-info.xml" xpointer="v244"/></listitem>
</varlistentry>
#include "varlink-io.systemd.BootControl.h"
#include "varlink-util.h"
#include "verbs.h"
+#include "virt.h"
/* EFI_BOOT_OPTION_DESCRIPTION_MAX sets the maximum length for the boot option description
* stored in NVRAM. The UEFI spec does not specify a minimum or maximum length for this
if (arg_secure_boot_auto_enroll && !arg_private_key)
return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Secure boot auto-enrollment requested but no private key provided");
+ if (!arg_graceful && running_in_chroot() > 0) {
+ log_full(arg_quiet ? LOG_DEBUG : LOG_INFO, "Running in a chroot, enabling --graceful.");
+ arg_graceful = true;
+ }
+
r = sd_varlink_invocation(SD_VARLINK_ALLOW_ACCEPT);
if (r < 0)
return log_error_errno(r, "Failed to check if invoked in Varlink mode: %m");
projects / thirdparty / systemd.git / commitdiff
