compose: Add tmp-is-dir option to make /tmp a directory

There are a few reasons to do this. First, systemd changed to refuse mounts on symlinks, and hence if one *wants* "/tmp-on-tmpfs", one would need to write a different `sysroot-tmp.mount` unit. Second, the original rationale for having this symlink was that if you had multiple ostree stateroots ("osnames"), it's nicer if they had the same `/tmp` to avoid duplication. But in practice today that's already an issue due to `/var/tmp`, and further the multiple-stateroot case is pretty unusual. And that case is *further* broken by SELinux (if one wanted to have e.g. an Ubuntu and Fedora) stateroots. So let's fully decouple this and make `/tmp` a plain old directory by default, so systemd's `tmp.mount` can become useful. Now, things get interesting for the case where someone wants a physical `/tmp` that *does* persist across reboots. Right now, if one just did a `systemctl mask tmp.mount` as we do in Fedora Atomic Host's cloud images, you'd get a semantic where `/tmp` stays per-deployment, which is weird. Our recommendation for that should likely be to set up a bind mount for `/tmp` → `/var/tmp`. For now, this stays an option to ensure compatibility; if FAH Cloud images want to stay with "physical /tmp", then we'd have to change the kickstart. Closes: https://github.com/projectatomic/rpm-ostree/issues/669 Closes: #778 Approved by: jlebon
2017-05-17 14:48:48 -04:00 · 2017-05-17 14:48:48 -04:00 · d2bd8500da
commit d2bd8500da
parent 2adc1cf246
4 changed files with 47 additions and 5 deletions
--- a/docs/manual/treefile.md
+++ b/docs/manual/treefile.md
@ -183,3 +183,10 @@ It supports the following parameters:
   source file must be in the same directory as the treefile.

   Example: `"add-files": [["bar", "/bar"], ["foo", "/foo"]]`
+
+ * `tmp-is-dir`: boolean, optional: Defaults to `false`.  By default,
+   rpm-ostree creates symlink `/tmp` → `/sysroot/tmp`.
+   It's more flexible to leave it as a directory (systemd will mount it),
+   and further, we don't want to encourage `/sysroot` to be writable.
+   For host system composes, we recommend turning this on; it's left off
+   by default to ease the transition.
--- a/src/libpriv/rpmostree-postprocess.c
+++ b/src/libpriv/rpmostree-postprocess.c
@ -93,11 +93,12 @@ typedef struct {
  const char *src;
 } Symlink;

-/* Initialize deployment root directory; currently hardcoded.  In the
- * future we may make this configurable.
+/* Initialize deployment root directory. This is mostly hardcoded; in the future
+ * we may make things more configurable.
 */
 static gboolean
 init_rootfs (int            dfd,
+             gboolean       tmp_is_dir,
             GCancellable  *cancellable,
             GError       **error)
 {
@ -110,7 +111,6 @@ init_rootfs (int            dfd,
    { "var/home", "home" },
    { "run/media", "media" },
    { "sysroot/ostree", "ostree" },
-    { "sysroot/tmp", "tmp" },
  };

  for (guint i = 0; i < G_N_ELEMENTS (toplevel_dirs); i++)
@ -126,6 +126,20 @@ init_rootfs (int            dfd,
        return glnx_throw_errno_prefix (error, "symlinkat");
    }

+  if (tmp_is_dir)
+    {
+      if (!glnx_shutil_mkdir_p_at (dfd, "tmp", 01777,
+                                   cancellable, error))
+        return FALSE;
+      if (fchmodat (dfd, "tmp", 01777, 0) == -1)
+        return glnx_throw_errno_prefix (error, "fchmodat");
+    }
+  else
+    {
+      if (symlinkat ("sysroot/tmp", dfd, "tmp") < 0)
+        return glnx_throw_errno_prefix (error, "symlinkat");
+    }
+
  return TRUE;
 }

@ -773,8 +787,16 @@ create_rootfs_from_yumroot_content (int            target_root_dfd,
    }
  
  g_print ("Initializing rootfs\n");
-  if (!init_rootfs (target_root_dfd, cancellable, error))
-    goto out;
+  { gboolean tmp_is_dir = FALSE;
+    if (!_rpmostree_jsonutil_object_get_optional_boolean_member (treefile,
+                                                                 "tmp-is-dir",
+                                                                 &tmp_is_dir,
+                                                                 error))
+      goto out;
+
+    if (!init_rootfs (target_root_dfd, tmp_is_dir, cancellable, error))
+      goto out;
+  }

  g_print ("Migrating /etc/passwd to /usr/lib/\n");
  if (!rpmostree_passwd_migrate_except_root (yumroot, RPM_OSTREE_PASSWD_MIGRATE_PASSWD, NULL,
--- a/tests/compose-tests/test-basic.sh
+++ b/tests/compose-tests/test-basic.sh
@ -38,3 +38,9 @@ echo "ok boot files"
 ostree --repo=${repobuild} ls -R ${treeref} /usr/share/man > manpages.txt
 assert_file_has_content manpages.txt man5/ostree.repo.5
 echo "ok manpages"
+
+# https://github.com/projectatomic/rpm-ostree/issues/669
+ostree --repo=${repobuild} ls  ${treeref} /tmp > ls.txt
+assert_file_has_content ls.txt 'l00777 0 0      0 /tmp -> sysroot/tmp'
+echo "ok /tmp"
+
--- a/tests/compose-tests/test-misc-tweaks.sh
+++ b/tests/compose-tests/test-misc-tweaks.sh
@ -18,6 +18,8 @@ pysetjsonmember "remove-files" '["etc/hosts"]'
 pysetjsonmember "remove-from-packages" '[["setup", "/etc/hosts\..*"]]'
 rnd=$RANDOM
 echo $rnd > composedata/foo.txt
+# Test tmp-is-dir
+pysetjsonmember "tmp-is-dir" 'True'

 # Do the compose
 runcompose
@ -52,3 +54,8 @@ ostree --repo=${repobuild} ls ${treeref} /usr/etc > out.txt
 assert_not_file_has_content out.txt '/usr/etc/hosts\.allow$'
 assert_not_file_has_content out.txt '/usr/etc/hosts\.deny$'
 echo "ok remove-from-packages"
+
+# https://github.com/projectatomic/rpm-ostree/issues/669
+ostree --repo=${repobuild} ls  ${treeref} /tmp > ls.txt
+assert_file_has_content ls.txt 'd01777 0 0      0 /tmp'
+echo "ok /tmp"