From b3c7b059eaee3123d5b2523065726e866c533fe9 Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 28 Aug 2020 12:35:28 -0400 Subject: [PATCH 1/3] ostree-prepare-root: Fix /etc bind mount We were bind-mounting the initramfs' `/etc` (to itself) instead of the target deployment `/etc` (to itself). Since we're already `chdir`'ed into it, we can just drop the leading slash. --- src/switchroot/ostree-prepare-root.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/switchroot/ostree-prepare-root.c b/src/switchroot/ostree-prepare-root.c index f7e4fe47..6351babb 100644 --- a/src/switchroot/ostree-prepare-root.c +++ b/src/switchroot/ostree-prepare-root.c @@ -251,7 +251,7 @@ main(int argc, char *argv[]) * sysroot, we still need a writable /etc. And to avoid race conditions * we ensure it's writable in the initramfs, before we switchroot at all. */ - if (mount ("/etc", "/etc", NULL, MS_BIND, NULL) < 0) + if (mount ("etc", "etc", NULL, MS_BIND, NULL) < 0) err (EXIT_FAILURE, "failed to make /etc a bind mount"); /* Pass on the fact that we discovered a readonly sysroot to ostree-remount.service */ int fd = open (_OSTREE_SYSROOT_READONLY_STAMP, O_WRONLY | O_CREAT | O_CLOEXEC, 0644); From a7a751b69f2315635d6ae38a0b1344287b67079a Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 28 Aug 2020 12:35:29 -0400 Subject: [PATCH 2/3] ostree-remount: Remount /etc rw if needed When we remount `/sysroot` as read-only, we also make `/etc` read-only. This is usually OK because we then remount `/var` read-write, which also flips `/etc` back to read-write... unless `/var` is a separate filesystem and not a bind-mount to the stateroot `/var`. Fix this by just remounting `/etc` read-write in the read-only sysroot case. Eventually, I think we should rework this to set everything up the way we want from the initramfs (#2115). This would also eliminate the window during which `/etc` is read-only while `ostree-remount` runs. --- src/switchroot/ostree-remount.c | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/src/switchroot/ostree-remount.c b/src/switchroot/ostree-remount.c index cfd270bb..3981682a 100644 --- a/src/switchroot/ostree-remount.c +++ b/src/switchroot/ostree-remount.c @@ -112,6 +112,11 @@ main(int argc, char *argv[]) bool sysroot_configured_readonly = unlink (_OSTREE_SYSROOT_READONLY_STAMP) == 0; do_remount ("/sysroot", !sysroot_configured_readonly); + /* And also make sure to make /etc rw again. We make this conditional on + * sysroot_configured_readonly because only in that case is it a bind-mount. */ + if (sysroot_configured_readonly) + do_remount ("/etc", true); + /* If /var was created as as an OSTree default bind mount (instead of being a separate filesystem) * then remounting the root mount read-only also remounted it. * So just like /etc, we need to make it read-write by default. From 8408f8913be2430987f5747bbaccc961e6f4bcce Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Fri, 28 Aug 2020 12:49:32 -0400 Subject: [PATCH 3/3] ci: Temporarily import kola test from jlebon's FCOS fork That test will not make it into the fedora-coreos-config repo until the libostree fix gets percolated down. PR is: https://github.com/coreos/fedora-coreos-config/pull/586 But we want to make sure that the fix does work and that we don't regress on it. So manually fetch it for now. --- .cci.jenkinsfile | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/.cci.jenkinsfile b/.cci.jenkinsfile index ac65b9c8..5c6bb21d 100644 --- a/.cci.jenkinsfile +++ b/.cci.jenkinsfile @@ -72,6 +72,12 @@ parallel fcos: { tar -C insttree -xzvf insttree.tar.gz rsync -rlv insttree/ / coreos-assembler init --force https://github.com/coreos/fedora-coreos-config + # XXX: We temporarily add these tests until they get merged into FCOS proper + (mkdir -p tests/kola/var-mount + cd tests/kola/var-mount + curl -L --remote-name-all \ + https://raw.githubusercontent.com/jlebon/fedora-coreos-config/pr/var-mount/tests/kola/var-mount/{config.ign,test.sh} + chmod a+x test.sh) mkdir -p overrides/rootfs mv insttree/* overrides/rootfs/ rmdir insttree