Ubuntu
initramfs-tools-ubuntu-core package

Merge lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new into lp:ubuntu/wily/initramfs-tools-ubuntu-core

  1. Wily (15.10)
  2. new
  3. Merge into wily
Proposed by Michael Vogt
Status: Rejected
Rejected by: Michael Vogt
Proposed branch: lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new
Merge into: lp:ubuntu/wily/initramfs-tools-ubuntu-core
Diff against target: 229 lines (+128/-60)
1 file modified
scripts/ubuntu-core-rootfs (+128/-60)
To merge this branch: bzr merge lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+269945@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Stéphane Graber (stgraber) wrote :

One concern here is that your / is now effectively backed by a read-write filesystem which you can't unmount, so that may well lead to dataloss unless your shutdown sequence has extra logic to remount every layer read-only properly, killing any task with r/w fds open and only then shutdown.

If you can confirm that your shutdown sequence succeeds at remounting everything read-only prior to system shutdown, then except for the few things I listed in-line, this should be fine.

Revision history for this message
Oliver Grawert (ogra) wrote :

my main problem with this approach is that i can edit files under /writable/system-data/os/ubuntu-core.sideload/${snappy_os}/* at any time so there isn't actually a readonly / after all (and i think the bind mount would even immediately reflect the changes i made in the writable source dir)

either use an img file that we ship and loop mount from /writable/system-data/os/ubuntu-core.sideload/${snappy_os}/a-rootfs.img|b-rootfs.img or move it to /system-boot/a/rootfs.img and /system-boot/b/rootfs.img (the latter would really be my preferred approach so that you can just re-format /writable to go back to a factory state and/or even make the u-d-f image smaller by simply having a 1byte writable partition created from u-d-f that we grow on first boot. this would also make any kind of installer setup easier)

Revision history for this message
Stéphane Graber (stgraber) wrote :

That's indeed true. That problem could be partly worked around by having a default apparmor policy block such access, but still, ultimately your system is running from writable storage, which makes it prone to corruption and so not very reliable for partial updates or even integrity checks.

lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new updated
23. By Michael Vogt

mount squashfs from writable

24. By Michael Vogt

add writable to generated fstab

25. By Michael Vogt

scripts/ubuntu-core-rootfs: do not hardcode ext4

26. By Michael Vogt

add comment why we can't mount writable RO in the intird and do the writable transition later

27. By Michael Vogt

fix silly typo

28. By Michael Vogt

merged trunk

29. By Michael Vogt

update for new snapfs os/kernel vars

30. By Michael Vogt

support both old and new style boots

31. By Michael Vogt

re-add "other" mounting

Unmerged revisions

31. By Michael Vogt

re-add "other" mounting

30. By Michael Vogt

support both old and new style boots

29. By Michael Vogt

update for new snapfs os/kernel vars

28. By Michael Vogt

merged trunk

27. By Michael Vogt

fix silly typo

26. By Michael Vogt

add comment why we can't mount writable RO in the intird and do the writable transition later

25. By Michael Vogt

scripts/ubuntu-core-rootfs: do not hardcode ext4

24. By Michael Vogt

add writable to generated fstab

23. By Michael Vogt

mount squashfs from writable

22. By Michael Vogt

ensure / is RO and /writable is RW

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1=== modified file 'scripts/ubuntu-core-rootfs'
2--- scripts/ubuntu-core-rootfs 2015-08-24 13:54:01 +0000
3+++ scripts/ubuntu-core-rootfs 2015-10-19 10:33:17 +0000
4@@ -147,60 +147,10 @@
5 done
6 }
7
8-#---------------------------------------------------------------------
9-# XXX: Entry point - called by the initramfs "/init" script.
10-#---------------------------------------------------------------------
11-mountroot()
12+fsck_writable()
13 {
14- local writable_label="writable"
15-
16- local writable_mnt="/tmpmnt_${writable_label}"
17-
18- pre_mountroot
19-
20- [ "$quiet" != "y" ] && log_begin_msg "Running /scripts/local-premount"
21- run_scripts /scripts/local-premount
22- [ "$quiet" != "y" ] && log_end_msg
23-
24- # There are 2 root partitions but grub tells us which to boot
25- # with via "root="
26- for x in $(cat /proc/cmdline); do
27- case "${x}" in
28- root=*)
29- root="${x#*=}"
30- ;;
31- esac
32- done
33-
34- # Make sure the device has been created by udev before we try to mount
35- wait-for-root "$root" "${ROOTDELAY:-180}" || panic "unable to find root partition '$root'"
36-
37- [ -n "$root" ] || panic "no root partition specified"
38-
39- if echo "$root" | grep -q ^/; then
40- path="$root"
41- else
42- # convert UUID/LABEL to a device name
43- path=$(findfs "$root" 2>/dev/null || :)
44- fi
45-
46- [ -e "$path" ] || panic "root device $path does not exist"
47-
48- # Mount the root filesystem read-only.
49- echo "initrd: mounting $path" >/dev/kmsg || true
50- mount -o defaults,ro "$path" "$rootmnt"
51-
52- rootpath="$path"
53-
54- # Create a read-only bind mount on top of the already read-only
55- # FS. This is to stop the system from noticing when the root
56- # filesystem is made writable (when system updates are applied).
57- mount -o bind,ro "$rootmnt" "$rootmnt"
58-
59- echo "initrd: mounting /run" >/dev/kmsg || true
60- mount -o rw,nosuid,noexec,relatime,mode=755 -t tmpfs tmpfs "${rootmnt}/run"
61-
62- mkdir -p "$writable_mnt"
63+ local writable_label="$1"
64+ local writable_mnt="$2"
65
66 path=$(get_partition_from_label "$writable_label")
67
68@@ -226,9 +176,123 @@
69
70 echo "$(date '+%s'): end" >> "$logfile" || true
71
72- echo "initrd: mounting $writable_label partition" >/dev/kmsg || true
73- mount "$path" "$writable_mnt"
74- mkdir -p "${rootmnt}/writable"
75+}
76+
77+# setup $rootmnt based on os/kernel snaps
78+do_new_style_root_mounting()
79+{
80+ root="LABEL=writable"
81+
82+ # Make sure the device has been created by udev before we try to mount
83+ wait-for-root "$root" "${ROOTDELAY:-180}" || panic "unable to find root partition '$root'"
84+
85+ [ -n "$root" ] || panic "no root partition specified"
86+
87+ if echo "$root" | grep -q ^/; then
88+ path="$root"
89+ else
90+ # convert UUID/LABEL to a device name
91+ path=$(findfs "$root" 2>/dev/null || :)
92+ fi
93+
94+ [ -e "$path" ] || panic "root device $path does not exist"
95+
96+ # FIXME: meh, system should figure this out
97+ #insmod ./lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko
98+ insmod ./lib/modules/*/kernel/fs/squashfs/squashfs.ko
99+
100+ # mount writable rw
101+ path=$(get_partition_from_label "$writable_label")
102+ mount "$path" "$writable_mnt"
103+
104+ # mount OS snap
105+ mount "${writable_mnt}/system-data/var/lib/snappy/snaps/${snappy_os}" "$rootmnt"
106+
107+ # now add a kernel bind mounts to it
108+ local kernel_mnt="/tmpmnt_kernel"
109+ mkdir -p "$kernel_mnt"
110+ mount "${writable_mnt}/system-data/var/lib/snappy/snaps/${snappy_kernel}" "$kernel_mnt"
111+ for d in modules firmware; do
112+ mount -o bind "${kernel_mnt}/lib/$d" "$rootmnt/lib/$d"
113+ done
114+}
115+
116+# setup $rootmnt from system_ab style
117+do_old_style_root_mounting()
118+{
119+ # Make sure the device has been created by udev before we try to mount
120+ wait-for-root "$root" "${ROOTDELAY:-180}" || panic "unable to find root partition '$root'"
121+
122+ [ -n "$root" ] || panic "no root partition specified"
123+
124+ if echo "$root" | grep -q ^/; then
125+ path="$root"
126+ else
127+ # convert UUID/LABEL to a device name
128+ path=$(findfs "$root" 2>/dev/null || :)
129+ fi
130+
131+ [ -e "$path" ] || panic "root device $path does not exist"
132+
133+ # Mount the root filesystem read-only.
134+ echo "initrd: mounting $path" >/dev/kmsg || true
135+ mount -o defaults,ro "$path" "$rootmnt"
136+
137+ rootpath="$path"
138+
139+ # Create a read-only bind mount on top of the already read-only
140+ # FS. This is to stop the system from noticing when the root
141+ # filesystem is made writable (when system updates are applied).
142+ mount -o bind,ro "$rootmnt" "$rootmnt"
143+}
144+
145+#---------------------------------------------------------------------
146+# XXX: Entry point - called by the initramfs "/init" script.
147+#---------------------------------------------------------------------
148+mountroot()
149+{
150+set -x
151+ pre_mountroot
152+
153+ [ "$quiet" != "y" ] && log_begin_msg "Running /scripts/local-premount"
154+ run_scripts /scripts/local-premount
155+ [ "$quiet" != "y" ] && log_end_msg
156+
157+ # find what snappy-os version to use
158+ for x in $(cat /proc/cmdline); do
159+ case "${x}" in
160+ # new kernel/os snap vars
161+ snappy_os=*)
162+ snappy_os="${x#*=}"
163+ ;;
164+ snappy_kernel=*)
165+ snappy_kernel="${x#*=}"
166+ ;;
167+ # old system-ab style
168+ root=*)
169+ root="${x#*=}"
170+ ;;
171+ esac
172+ done
173+
174+ # always ensure writable is in a good state
175+ writable_label="writable"
176+ writable_mnt="/tmpmnt_${writable_label}"
177+ mkdir -p "$writable_mnt"
178+ fsck_writable "$writable_label" "$writable_mnt"
179+
180+ # check if we are on a new os/kernel snap system or a old snappy_ab one
181+ if [ -n "$snappy_os" ] && [ -n "$snappy_kernel" ]; then
182+ do_new_style_root_mounting
183+ else
184+ do_old_style_root_mounting
185+ fi
186+
187+ # mount /run
188+ echo "initrd: mounting /run" >/dev/kmsg || true
189+ mount -o rw,nosuid,noexec,relatime,mode=755 -t tmpfs tmpfs "${rootmnt}/run"
190+
191+ # move /writable to its final destination
192 mount --move "$writable_mnt" "${rootmnt}/writable"
193
194 # Prepare the fstab
195@@ -243,7 +307,11 @@
196 echo "# DO NOT EDIT THIS FILE BY HAND - YOUR CHANGES WILL BE OVERWRITTEN" >> "$fstab"
197 echo "# (See writable-paths(5) for details)" >> "$fstab"
198 echo "/dev/root / rootfs defaults,ro 0 0" >> "$fstab"
199-
200+ # FIXME: ideally we would mount /writable RO here and
201+ # let systemd do a "remount,rw" for us. unfortunately
202+ # this is not supported by systemd so we need to do
203+ # the RW mount and fsck dance etc here :/
204+ echo "LABEL=writable /writable auto defaults 0 0" >> "$fstab"
205 handle_writable_paths "$writable_paths" "$fstab"
206 fi
207
208@@ -273,6 +341,7 @@
209 fi
210 fi
211
212+ # FIXME: the below can go away once we no longer support snappy_ab
213 # add an fstab entry to mount the "other" rootfs partition read-only
214 partition=$(findfs LABEL="system-b" 2>/dev/null || :)
215 abs_rootpath=$(readlink -f "$rootpath" || :)
216@@ -281,11 +350,10 @@
217 else
218 other="$partition"
219 fi
220-
221 if [ -n "$other" ]; then
222 echo "$other /writable/cache/system auto defaults,ro 0 0" >> "$fstab"
223- fi
224-
225+ fi
226+
227 # Mount the systemd overlay so that we have a complete root partition during boot
228 mkdir -p "${rootmnt}/writable/system-data/etc/systemd/system"
229 mount -o bind "${rootmnt}/writable/system-data/etc/systemd/system" "${rootmnt}/etc/systemd/system"

Subscribers

People subscribed via source and target branches

to all changes: