Ubuntu
initramfs-tools-ubuntu-core package

Merge lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new into lp:ubuntu/wily/initramfs-tools-ubuntu-core

  1. Wily (15.10)
  2. new
  3. Merge into wily
Proposed by Michael Vogt
Status: Rejected
Rejected by: Michael Vogt
Proposed branch: lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new
Merge into: lp:ubuntu/wily/initramfs-tools-ubuntu-core
Diff against target: 229 lines (+128/-60)
1 file modified
scripts/ubuntu-core-rootfs (+128/-60)
To merge this branch: bzr merge lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new
Reviewer Review Type Date Requested Status
Ubuntu branches Pending
Review via email: mp+269945@code.launchpad.net
To post a comment you must log in.
Revision history for this message
Stéphane Graber (stgraber) wrote :

One concern here is that your / is now effectively backed by a read-write filesystem which you can't unmount, so that may well lead to dataloss unless your shutdown sequence has extra logic to remount every layer read-only properly, killing any task with r/w fds open and only then shutdown.

If you can confirm that your shutdown sequence succeeds at remounting everything read-only prior to system shutdown, then except for the few things I listed in-line, this should be fine.

Revision history for this message
Oliver Grawert (ogra) wrote :

my main problem with this approach is that i can edit files under /writable/system-data/os/ubuntu-core.sideload/${snappy_os}/* at any time so there isn't actually a readonly / after all (and i think the bind mount would even immediately reflect the changes i made in the writable source dir)

either use an img file that we ship and loop mount from /writable/system-data/os/ubuntu-core.sideload/${snappy_os}/a-rootfs.img|b-rootfs.img or move it to /system-boot/a/rootfs.img and /system-boot/b/rootfs.img (the latter would really be my preferred approach so that you can just re-format /writable to go back to a factory state and/or even make the u-d-f image smaller by simply having a 1byte writable partition created from u-d-f that we grow on first boot. this would also make any kind of installer setup easier)

Revision history for this message
Stéphane Graber (stgraber) wrote :

That's indeed true. That problem could be partly worked around by having a default apparmor policy block such access, but still, ultimately your system is running from writable storage, which makes it prone to corruption and so not very reliable for partial updates or even integrity checks.

lp:~mvo/ubuntu/wily/initramfs-tools-ubuntu-core/new updated
23. By Michael Vogt

mount squashfs from writable

24. By Michael Vogt

add writable to generated fstab

25. By Michael Vogt

scripts/ubuntu-core-rootfs: do not hardcode ext4

26. By Michael Vogt

add comment why we can't mount writable RO in the intird and do the writable transition later

27. By Michael Vogt

fix silly typo

28. By Michael Vogt

merged trunk

29. By Michael Vogt

update for new snapfs os/kernel vars

30. By Michael Vogt

support both old and new style boots

31. By Michael Vogt

re-add "other" mounting

Unmerged revisions

31. By Michael Vogt

re-add "other" mounting

30. By Michael Vogt

support both old and new style boots

29. By Michael Vogt

update for new snapfs os/kernel vars

28. By Michael Vogt

merged trunk

27. By Michael Vogt

fix silly typo

26. By Michael Vogt

add comment why we can't mount writable RO in the intird and do the writable transition later

25. By Michael Vogt

scripts/ubuntu-core-rootfs: do not hardcode ext4

24. By Michael Vogt

add writable to generated fstab

23. By Michael Vogt

mount squashfs from writable

22. By Michael Vogt

ensure / is RO and /writable is RW

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
=== modified file 'scripts/ubuntu-core-rootfs'
--- scripts/ubuntu-core-rootfs 2015-08-24 13:54:01 +0000
+++ scripts/ubuntu-core-rootfs 2015-10-19 10:33:17 +0000
@@ -147,60 +147,10 @@
147 done147 done
148}148}
149149
150#---------------------------------------------------------------------150fsck_writable()
151# XXX: Entry point - called by the initramfs "/init" script.
152#---------------------------------------------------------------------
153mountroot()
154{151{
155 local writable_label="writable"152 local writable_label="$1"
156153 local writable_mnt="$2"
157 local writable_mnt="/tmpmnt_${writable_label}"
158
159 pre_mountroot
160
161 [ "$quiet" != "y" ] && log_begin_msg "Running /scripts/local-premount"
162 run_scripts /scripts/local-premount
163 [ "$quiet" != "y" ] && log_end_msg
164
165 # There are 2 root partitions but grub tells us which to boot
166 # with via "root="
167 for x in $(cat /proc/cmdline); do
168 case "${x}" in
169 root=*)
170 root="${x#*=}"
171 ;;
172 esac
173 done
174
175 # Make sure the device has been created by udev before we try to mount
176 wait-for-root "$root" "${ROOTDELAY:-180}" || panic "unable to find root partition '$root'"
177
178 [ -n "$root" ] || panic "no root partition specified"
179
180 if echo "$root" | grep -q ^/; then
181 path="$root"
182 else
183 # convert UUID/LABEL to a device name
184 path=$(findfs "$root" 2>/dev/null || :)
185 fi
186
187 [ -e "$path" ] || panic "root device $path does not exist"
188
189 # Mount the root filesystem read-only.
190 echo "initrd: mounting $path" >/dev/kmsg || true
191 mount -o defaults,ro "$path" "$rootmnt"
192
193 rootpath="$path"
194
195 # Create a read-only bind mount on top of the already read-only
196 # FS. This is to stop the system from noticing when the root
197 # filesystem is made writable (when system updates are applied).
198 mount -o bind,ro "$rootmnt" "$rootmnt"
199
200 echo "initrd: mounting /run" >/dev/kmsg || true
201 mount -o rw,nosuid,noexec,relatime,mode=755 -t tmpfs tmpfs "${rootmnt}/run"
202
203 mkdir -p "$writable_mnt"
204154
205 path=$(get_partition_from_label "$writable_label")155 path=$(get_partition_from_label "$writable_label")
206156
@@ -226,9 +176,123 @@
226176
227 echo "$(date '+%s'): end" >> "$logfile" || true177 echo "$(date '+%s'): end" >> "$logfile" || true
228178
229 echo "initrd: mounting $writable_label partition" >/dev/kmsg || true179}
230 mount "$path" "$writable_mnt"180
231 mkdir -p "${rootmnt}/writable"181# setup $rootmnt based on os/kernel snaps
182do_new_style_root_mounting()
183{
184 root="LABEL=writable"
185
186 # Make sure the device has been created by udev before we try to mount
187 wait-for-root "$root" "${ROOTDELAY:-180}" || panic "unable to find root partition '$root'"
188
189 [ -n "$root" ] || panic "no root partition specified"
190
191 if echo "$root" | grep -q ^/; then
192 path="$root"
193 else
194 # convert UUID/LABEL to a device name
195 path=$(findfs "$root" 2>/dev/null || :)
196 fi
197
198 [ -e "$path" ] || panic "root device $path does not exist"
199
200 # FIXME: meh, system should figure this out
201 #insmod ./lib/modules/*/kernel/fs/nls/nls_iso8859-1.ko
202 insmod ./lib/modules/*/kernel/fs/squashfs/squashfs.ko
203
204 # mount writable rw
205 path=$(get_partition_from_label "$writable_label")
206 mount "$path" "$writable_mnt"
207
208 # mount OS snap
209 mount "${writable_mnt}/system-data/var/lib/snappy/snaps/${snappy_os}" "$rootmnt"
210
211 # now add a kernel bind mounts to it
212 local kernel_mnt="/tmpmnt_kernel"
213 mkdir -p "$kernel_mnt"
214 mount "${writable_mnt}/system-data/var/lib/snappy/snaps/${snappy_kernel}" "$kernel_mnt"
215 for d in modules firmware; do
216 mount -o bind "${kernel_mnt}/lib/$d" "$rootmnt/lib/$d"
217 done
218}
219
220# setup $rootmnt from system_ab style
221do_old_style_root_mounting()
222{
223 # Make sure the device has been created by udev before we try to mount
224 wait-for-root "$root" "${ROOTDELAY:-180}" || panic "unable to find root partition '$root'"
225
226 [ -n "$root" ] || panic "no root partition specified"
227
228 if echo "$root" | grep -q ^/; then
229 path="$root"
230 else
231 # convert UUID/LABEL to a device name
232 path=$(findfs "$root" 2>/dev/null || :)
233 fi
234
235 [ -e "$path" ] || panic "root device $path does not exist"
236
237 # Mount the root filesystem read-only.
238 echo "initrd: mounting $path" >/dev/kmsg || true
239 mount -o defaults,ro "$path" "$rootmnt"
240
241 rootpath="$path"
242
243 # Create a read-only bind mount on top of the already read-only
244 # FS. This is to stop the system from noticing when the root
245 # filesystem is made writable (when system updates are applied).
246 mount -o bind,ro "$rootmnt" "$rootmnt"
247}
248
249#---------------------------------------------------------------------
250# XXX: Entry point - called by the initramfs "/init" script.
251#---------------------------------------------------------------------
252mountroot()
253{
254set -x
255 pre_mountroot
256
257 [ "$quiet" != "y" ] && log_begin_msg "Running /scripts/local-premount"
258 run_scripts /scripts/local-premount
259 [ "$quiet" != "y" ] && log_end_msg
260
261 # find what snappy-os version to use
262 for x in $(cat /proc/cmdline); do
263 case "${x}" in
264 # new kernel/os snap vars
265 snappy_os=*)
266 snappy_os="${x#*=}"
267 ;;
268 snappy_kernel=*)
269 snappy_kernel="${x#*=}"
270 ;;
271 # old system-ab style
272 root=*)
273 root="${x#*=}"
274 ;;
275 esac
276 done
277
278 # always ensure writable is in a good state
279 writable_label="writable"
280 writable_mnt="/tmpmnt_${writable_label}"
281 mkdir -p "$writable_mnt"
282 fsck_writable "$writable_label" "$writable_mnt"
283
284 # check if we are on a new os/kernel snap system or a old snappy_ab one
285 if [ -n "$snappy_os" ] && [ -n "$snappy_kernel" ]; then
286 do_new_style_root_mounting
287 else
288 do_old_style_root_mounting
289 fi
290
291 # mount /run
292 echo "initrd: mounting /run" >/dev/kmsg || true
293 mount -o rw,nosuid,noexec,relatime,mode=755 -t tmpfs tmpfs "${rootmnt}/run"
294
295 # move /writable to its final destination
232 mount --move "$writable_mnt" "${rootmnt}/writable"296 mount --move "$writable_mnt" "${rootmnt}/writable"
233297
234 # Prepare the fstab298 # Prepare the fstab
@@ -243,7 +307,11 @@
243 echo "# DO NOT EDIT THIS FILE BY HAND - YOUR CHANGES WILL BE OVERWRITTEN" >> "$fstab"307 echo "# DO NOT EDIT THIS FILE BY HAND - YOUR CHANGES WILL BE OVERWRITTEN" >> "$fstab"
244 echo "# (See writable-paths(5) for details)" >> "$fstab"308 echo "# (See writable-paths(5) for details)" >> "$fstab"
245 echo "/dev/root / rootfs defaults,ro 0 0" >> "$fstab"309 echo "/dev/root / rootfs defaults,ro 0 0" >> "$fstab"
246310 # FIXME: ideally we would mount /writable RO here and
311 # let systemd do a "remount,rw" for us. unfortunately
312 # this is not supported by systemd so we need to do
313 # the RW mount and fsck dance etc here :/
314 echo "LABEL=writable /writable auto defaults 0 0" >> "$fstab"
247 handle_writable_paths "$writable_paths" "$fstab"315 handle_writable_paths "$writable_paths" "$fstab"
248 fi316 fi
249317
@@ -273,6 +341,7 @@
273 fi341 fi
274 fi342 fi
275343
344 # FIXME: the below can go away once we no longer support snappy_ab
276 # add an fstab entry to mount the "other" rootfs partition read-only345 # add an fstab entry to mount the "other" rootfs partition read-only
277 partition=$(findfs LABEL="system-b" 2>/dev/null || :)346 partition=$(findfs LABEL="system-b" 2>/dev/null || :)
278 abs_rootpath=$(readlink -f "$rootpath" || :)347 abs_rootpath=$(readlink -f "$rootpath" || :)
@@ -281,11 +350,10 @@
281 else350 else
282 other="$partition"351 other="$partition"
283 fi352 fi
284
285 if [ -n "$other" ]; then353 if [ -n "$other" ]; then
286 echo "$other /writable/cache/system auto defaults,ro 0 0" >> "$fstab"354 echo "$other /writable/cache/system auto defaults,ro 0 0" >> "$fstab"
287 fi355 fi
288356
289 # Mount the systemd overlay so that we have a complete root partition during boot357 # Mount the systemd overlay so that we have a complete root partition during boot
290 mkdir -p "${rootmnt}/writable/system-data/etc/systemd/system"358 mkdir -p "${rootmnt}/writable/system-data/etc/systemd/system"
291 mount -o bind "${rootmnt}/writable/system-data/etc/systemd/system" "${rootmnt}/etc/systemd/system"359 mount -o bind "${rootmnt}/writable/system-data/etc/systemd/system" "${rootmnt}/etc/systemd/system"

Subscribers

People subscribed via source and target branches

to all changes: