From: Lennart Poettering <lennart@poettering.net>
Date: Fri, 23 Jun 2023 19:51:12 +0000 (+0200)
Subject: fstab-generator: optional read addtional fstab lines from credentials
X-Git-Tag: v254-rc1~33^2~11
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;h=6ac62485cff1a15de684394c9f628afad75c4819;p=thirdparty%2Fsystemd.git

fstab-generator: optional read addtional fstab lines from credentials

Fixes: #27260
---

diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml
index e21115f173f..46f23902349 100644
--- a/man/systemd-fstab-generator.xml
+++ b/man/systemd-fstab-generator.xml
@@ -269,6 +269,21 @@ systemd.swap=/dev/sda2:x-systemd.makefs</programlisting>
     </variablelist>
   </refsect1>
 
+  <refsect1>
+    <title>System Credentials</title>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>fstab.extra</varname></term>
+
+        <listitem><para>This credential may contain addition mounts to establish, in the same format as
+        <citerefentry
+        project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, with
+        one mount per line. It is read in addition to <filename>/etc/fstab</filename>.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
   <refsect1>
     <title>See Also</title>
     <para>
diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml
index ceb84d29b9f..6fd69ead30c 100644
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@@ -186,6 +186,15 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>fstab.extra</varname></term>
+
+        <listitem>
+          <para>Additional mounts to establish at boot. For details, see
+          <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>vconsole.keymap</varname></term>
         <term><varname>vconsole.keymap_toggle</varname></term>
diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
index 23358ae8a29..14a46c4c4e8 100644
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@@ -8,6 +8,7 @@
 #include "bus-error.h"
 #include "bus-locator.h"
 #include "chase.h"
+#include "creds-util.h"
 #include "efi-loader.h"
 #include "env-util.h"
 #include "fd-util.h"
@@ -1281,6 +1282,40 @@ static int add_mounts_from_cmdline(void) {
         return ret;
 }
 
+static int add_mounts_from_creds(void) {
+        _cleanup_free_ void *b = NULL;
+        struct mntent *me;
+        int r, ret = 0;
+        size_t bs;
+
+        r = read_credential_with_decryption(
+                        in_initrd() ? "fstab.extra.initrd" : "fstab.extra",
+                        &b, &bs);
+        if (r <= 0)
+                return r;
+
+        _cleanup_fclose_ FILE *f = NULL;
+        f = fmemopen_unlocked(b, bs, "r");
+        if (!f)
+                return log_oom();
+
+        while ((me = getmntent(f))) {
+                r = parse_fstab_one(
+                                "/run/credentials",
+                                me->mnt_fsname,
+                                me->mnt_dir,
+                                me->mnt_type,
+                                me->mnt_opts,
+                                me->mnt_passno,
+                                /* initrd = */ false,
+                                /* use_swap_enabled = */ true);
+                if (r < 0 && ret >= 0)
+                        ret = r;
+        }
+
+        return ret;
+}
+
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
         int r;
 
@@ -1513,6 +1548,10 @@ static int run_generator(void) {
         if (r < 0 && ret >= 0)
                 ret = r;
 
+        r = add_mounts_from_creds();
+        if (r < 0 && ret >= 0)
+                ret = r;
+
         return ret;
 }