From: Lennart Poettering Date: Thu, 1 Jun 2023 12:40:38 +0000 (+0200) Subject: cryptsetup-generator: imply x-initrd.attach for "usr" and "root" volumes X-Git-Tag: v254-rc1~305^2~6 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=8ce02b87cece09797c1030c778db4180e1e2ce2e;p=thirdparty%2Fsystemd.git cryptsetup-generator: imply x-initrd.attach for "usr" and "root" volumes Let's imply "x-initrd.attach" for "usr" and "root" volumes, so that we do not attempt to umount them anymore during shutdown. The names of these volumes have been mandated by the Discoverable Partition Spec: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/#suggested-mode-of-operation Hence it appears reasonably safe to special case these volume names. Note that a similar logic is implemented in fstab-generator and in fact PID 1 to treat the root mount and /usr/ mount specially too, to avoid trying to umount it at shutdown. (This is what fstab_is_extrinsic() checks). This should ensure that if /usr/ or / is for some reason a LUKS medium we won't try to detach it during runtime, which likely fails, since we run off it. Note this also moves an ordering dep towards umount.target under the x-initrd.attach check, becasue that's where the crucial conflicts dep is placed too. --- diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c index 083878e42a3..e00d4d41266 100644 --- a/src/cryptsetup/cryptsetup-generator.c +++ b/src/cryptsetup/cryptsetup-generator.c @@ -282,6 +282,18 @@ static int print_dependencies(FILE *f, const char* device_path, const char* time return 0; } +static bool attach_in_initrd(const char *name, const char *options) { + assert(name); + + /* Imply x-initrd.attach in case the volume name is among those defined in the Discoverable Partition + * Specification for partitions that we require to be mounted during the initrd → host transition, + * i.e. for the root fs itself, and /usr/. This mirrors similar behaviour in + * systemd-fstab-generator. */ + + return fstab_test_option(options, "x-initrd.attach\0") || + STR_IN_SET(name, "root", "usr"); +} + static int create_disk( const char *name, const char *device, @@ -297,7 +309,7 @@ static int create_disk( *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL; _cleanup_fclose_ FILE *f = NULL; const char *dmname; - bool noauto, nofail, swap, netdev, attach_in_initrd; + bool noauto, nofail, swap, netdev; int r, detached_header, keyfile_can_timeout, tmp; assert(name); @@ -307,7 +319,6 @@ static int create_disk( nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0"); swap = fstab_test_option(options, "swap\0"); netdev = fstab_test_option(options, "_netdev\0"); - attach_in_initrd = fstab_test_option(options, "x-initrd.attach\0"); keyfile_can_timeout = fstab_filter_options(options, "keyfile-timeout\0", @@ -374,8 +385,10 @@ static int create_disk( fprintf(f, "After=remote-fs-pre.target\n"); /* If initrd takes care of attaching the disk then it should also detach it during shutdown. */ - if (!attach_in_initrd) - fprintf(f, "Conflicts=umount.target\n"); + if (!attach_in_initrd(name, options)) + fprintf(f, + "Conflicts=umount.target\n" + "Before=umount.target\n"); if (keydev) { _cleanup_free_ char *unit = NULL, *umount_unit = NULL; @@ -490,8 +503,7 @@ static int create_disk( if (path_startswith(u, "/dev/")) fprintf(f, "BindsTo=%s\n" - "After=%s\n" - "Before=umount.target\n", + "After=%s\n", d, d); else /* For loopback devices, add systemd-tmpfiles-setup-dev.service