Commit Graph

7063 Commits

Author SHA1 Message Date
Dan Nicholson
2973ec5910 switchroot: Stop making /sysroot mount private
Back in 2b8d586c5, /sysroot was changed to be a private mount so that
submounts of /var do not propagate back to the stateroot /var. That's
laudible, but it makes /sysroot different than every other shared mount
in the root namespace. In particular, it means that submounts of
/sysroot do not propagate into separate mount namespaces.

Rather than make /sysroot private, make /var a slave+shared mount so
that it receives mount events from /sysroot but not vice versa. That
achieves the same effect of preventing /var submount events from
propagating back to /sysroot while allowing /sysroot mount events to
propagate forward like every other system mount. See
mount_namespaces(7)[1] and the linux shared subtrees[2] documentation
for details on slave+shared mount propagation.

When /var is mounted in the initramfs, this is accomplished with
mount(2) syscalls. When /var is mounted after switching to the real
root, the mount propagation flags are applied as options in the
generated var.mount unit. This depends on a mount(8) feature that has
been present since util-linux 2.23. That's available in RHEL 7 and every
non-EOL Debian and Ubuntu release. Applying the propagation from
var.mount fixes a small race, too. Previously, if a /var submount was
added before /sysroot was made private, it would have propagated back
into /sysroot. That was possible since ostree-remount.service orders
itself after var.mount but not before any /var submounts.

1. https://man7.org/linux/man-pages/man7/mount_namespaces.7.html
2. https://docs.kernel.org/filesystems/sharedsubtree.html

Fixes: #2086
2024-09-06 15:49:49 -06:00
Dan Nicholson
fae8941196 tests: Add mount propagation test
This tests the current behavior of making /sysroot a private mount so
that submounts on /var do not propagate back to /sysroot. It also shows
how submounts of /sysroot do not propagate into separate mount
namespaces for the same reason.
2024-09-06 15:49:43 -06:00
Eric Curtin
2b01c93cd9
Merge pull request #3283 from cgwalters/fix-more-coverity-dirname
sysroot: Make coverity happy with dirname+strdup
2024-08-16 00:26:52 -04:00
Colin Walters
62284ea3ec
Merge pull request #3284 from cgwalters/even-more-readlinkat
commit/payload-link: Ensure we don't overrun target_checksum size
2024-08-15 13:42:20 -04:00
Colin Walters
7683eb5aa4 commit/payload-link: Ensure we don't overrun target_checksum size
This is another warning from recently changed code from Coverity:

```
1. Defect type: OVERRUN
16. libostree-2024.7/src/libostree/ostree-repo-commit.c:823:7: overrun-buffer-arg: Overrunning array "target_checksum" of 65 bytes by passing it to a function which accesses it at byte offset 258 using argument "size" (which evaluates to 259). [Note: The source code implementation of the function has been overridden by a builtin model.]
```

I think this can only happen if the repository is corrupt; the
data shouldn't be that long. But fix this by passing the max
length we expect; this will ignore the rest currently.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-08-15 12:15:50 -04:00
Colin Walters
70430fe02b sysroot: Make coverity happy with dirname+strdup
Similar to d528083cae - I don't
believe we actually had a leak here because `dirname` always
returns the same start pointer, but this makes Coverity
happy.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-08-15 11:29:22 -04:00
Colin Walters
0d5e554b69
Merge pull request #3282 from cgwalters/drop-deploy-print
deploy: Log to journal for boot space, not stderr
2024-08-14 16:50:43 -04:00
Colin Walters
3d07a808ce deploy: Log to journal for boot space, not stderr
bootc doesn't run as a systemd unit, and this pollutes stderr.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-08-14 09:09:15 -04:00
Colin Walters
28c184f244
Merge pull request #3281 from cgwalters/fix-readlinkat-payload-link
repo: NUL terminate readlinkat result
2024-08-09 16:10:05 -04:00
Colin Walters
f08cea998e repo: NUL terminate readlinkat result
Coverity was correctly complaining about this.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-29 17:14:12 -04:00
Colin Walters
d260d918dd tests: Add a payload link unit test
Motivated by changing this code.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-29 17:08:03 -04:00
Colin Walters
5dac2adef6
Merge pull request #3280 from cgwalters/release
Release 2024.7
2024-07-19 07:10:51 -04:00
Colin Walters
68679e03b3 Post-release version bump
Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-18 17:55:21 -04:00
Colin Walters
4941d9cd0d Release 2024.7
Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-18 17:55:21 -04:00
Colin Walters
4b96359e10
Merge pull request #3277 from cgwalters/karg-disable-composefs
prepare-root: Add ostree.prepare-root.composefs
2024-07-11 20:08:38 -04:00
Colin Walters
e226c87614 prepare-root: Add ostree.prepare-root.composefs
We have a use case for overriding the composefs state via
the kernel commandline; see e.g.
https://gitlab.com/fedora/bootc/tracker/-/issues/27

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-11 17:04:09 -04:00
Colin Walters
5378fe2aa9
Merge pull request #3276 from cgwalters/parse-bool
keyfile-utils: Add API to parse tristate strings
2024-07-11 16:06:35 -04:00
Colin Walters
65ff404195 prepare-root: Gather kernel cmdline early
Prep for parsing the composefs config from the kernel cmdline.
No functional changes intended.
2024-07-10 17:52:28 -04:00
Colin Walters
26abca7126 keyfile-utils: Add API to parse tristate strings
Prep for using this in multiple places. Add unit tests.
2024-07-10 17:52:28 -04:00
Colin Walters
47edd1a2a9 keyfile-utils: Add API to parse tristate strings
Prep for using this in multiple places. Add unit tests.
2024-07-10 17:21:57 -04:00
Colin Walters
97fb11127b
Merge pull request #3275 from ueno/wip/dueno/glib-2.44
libostree: Remove compatibility code with GLib < 2.44
2024-07-10 08:27:45 -04:00
Daiki Ueno
a0bd18945f libostree: Remove compatibility code with GLib < 2.44
As the build system has required GLib 2.44 since commit
eb09207e1a, the manual expansion of
G_DECLARE_INTERFACE and G_DECLARE_FINAL_TYPE is no longer necessary.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-07-10 10:22:07 +09:00
Colin Walters
d7eb9a1040
Merge pull request #3273 from cgwalters/drop-library-printf
sysroot: Use journal rather than printf()
2024-07-08 09:56:26 -04:00
Colin Walters
772801faf0 sysroot: Use journal rather than printf()
Fix the TODO here; this was making some bootc output
ugly.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-07-08 07:52:39 -04:00
Colin Walters
9b977e2828
Merge pull request #3265 from lukewarmtemp/2023.8-3-coverity-scan
2023.8-3 coverity scan
2024-06-27 13:05:53 -04:00
Luke Yang
e99693c787 prepare: Create global var for tmp_sysroot_etc
Coverity points out that ""/sysroot.tmp/etc"" could be a copy-paste
error. This is mistake from coverity, but to supress the warning,
we create a global var, tmp_sysroot_etc, which replaces all
instances of TMP_SYSROOT "/etc".
2024-06-20 15:09:11 -04:00
Luke Yang
d528083cae repo: Fix dir_or_file_path memory leak
Coverity points out that we have a memory leak from
`g_strdup(dir_or_file_path)`. Make the duplication of the string a
temporary variable that is freed using `g_autofree`.
2024-06-20 15:09:11 -04:00
Luke Yang
20d5bc8453 commit: Null terminate target_buf var
Coverity points out that we are passing an unterminated string to
sprintf(). Fix by using snprintf() which stores the content as a C
string.
2024-06-20 15:09:11 -04:00
Luke Yang
dc9eaef1e5 tree: Fix name memory leak
Coverity points out that we have a memory leak from `g_strdup(name)`.
`insert_child_mtree()` takes a const char * and duplicates it.
`name` can be passed directly to `insert_child_mtree()`.
2024-06-20 15:09:11 -04:00
Colin Walters
0ea7d2e326
Merge pull request #3269 from cgwalters/fix-ordering
remount: Drop `Before=systemd-sysusers.service`
2024-06-20 11:54:23 -04:00
Colin Walters
1db6911e41
Merge pull request #3270 from cgwalters/bump-runners
ci: Bump bootc e2e to latest ubuntu, drop docker
2024-06-20 11:23:27 -04:00
Colin Walters
0153abe4bb ci: Bump bootc e2e to latest ubuntu, drop docker
As newer docker refuses to talk to ancient skopeo.
Update this to use podman directly, also add the missing `-v /dev:/dev`.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-06-20 09:52:38 -04:00
Colin Walters
1544d20560
Merge pull request #3268 from ueno/wip/dueno/composefs-doc-fixes
Minor cleanup related to composefs
2024-06-20 09:18:55 -04:00
Colin Walters
b0ab531e08 remount: Drop Before=systemd-sysusers.service
This created an ordering cycle, and I merged over red CI
for bad reasons.
2024-06-20 09:18:08 -04:00
Daiki Ueno
371540f9ab repo: Remove leftover OpenSSL includes
This removes OpenSSL includes for PKCS#7, previously used to generate
fs-verity builtin signatures.

Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-20 15:06:49 +09:00
Daiki Ueno
023888d8a3 docs/composefs: Fix reference to ostree sign
Signed-off-by: Daiki Ueno <dueno@redhat.com>
2024-06-20 15:06:46 +09:00
Colin Walters
f280b1216b
Merge pull request #3266 from ericcurtin/if-file-missing-on-relabel-continue
remount: ignore ENOENT error during SELinux relabeling
2024-06-18 14:14:02 -04:00
Eric Curtin
e25ca8099f remount: ignore ENOENT error during SELinux relabeling
Ignore ENOENT error in selinux_restorecon to avoid failures when
temporary files created by systemd-sysusers in /etc are missing during
relabeling. This prevents errors such as:

  "Failed to relabel /etc/.#gshadowJzu4Rx: No such file or directory"

and allows the process to continue.

Co-Authored-By: Alexander Larsson <alexl@redhat.com>
Signed-off-by: Eric Curtin <ecurtin@redhat.com>
2024-06-18 18:43:51 +01:00
Colin Walters
8f559e94b7
Merge pull request #3261 from cgwalters/validate-xattrs
core: Validate that xattr names aren't empty
2024-06-04 13:32:20 -04:00
Colin Walters
e19f732481 core: Validate that xattr names aren't empty
In the ostree-ext codebase the test fixture was generating xattrs
without the trailing NUL byte.  This caused confusing errors
later.  Change the dirmeta validator to catch this.

The way GVariant represents bytestrings, the trailing NUL is there
on wire/disk so it can be there in memory too, but `g_variant_get_bytestring()`
will just return an empty `""` string if actually the value
has a missing NUL.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-06-01 14:46:23 -04:00
Colin Walters
ac6ba43922
Merge pull request #3259 from cgwalters/c9s-buildroot
ci: Add buildroot to c9s build
2024-05-30 12:46:14 -04:00
Colin Walters
3ef9ae95b9 ci: Add buildroot to c9s build
Because composefs-devel isn't shipped in RHEL.
2024-05-30 11:05:20 -04:00
Colin Walters
114118e48d
Merge pull request #3258 from cgwalters/prepare-comments
docs: Describe `/boot/ostree`
2024-05-30 10:39:50 -04:00
Colin Walters
f63b751225 docs: Describe /boot/ostree
People get confused by the sha256 here being different
from the ostree commit hash.
2024-05-30 09:42:24 -04:00
Eric Curtin
b605230635
Merge pull request #3253 from cgwalters/prepare-comments
prepare-root: Cleanup comments
2024-05-23 16:52:32 +02:00
Colin Walters
a2ae287964
Merge pull request #3252 from cgwalters/checkout-cfs
checkout: Add API to directly checkout composefs
2024-05-23 07:54:10 -04:00
Colin Walters
f041e0253f prepare-root: Cleanup comments
Mainly we can now drop the TODO for mounting `/` readonly - that's
handled by composefs.  Add a few other comments, typo fixes
while we're here.

Signed-off-by: Colin Walters <walters@verbum.org>
2024-05-22 21:08:32 -04:00
Colin Walters
c0a715f1e2 checkout: Add API to directly checkout composefs
We were missing the simple, obvious API and CLI to go
from ostree commit -> composefs.

Internally, we had `ostree_repo_checkout_composefs`
with the right "shape" mostly, except it had more code
in the deploy path to turn that into a composefs.

Add a straightforward public API that does what
the deploy code did before, and then the old
API becomes an explicitly internal helper with an `_`
prefix.

Goals:

- Lead towards a composefs-oriented future
- This makes the composefs logic more testable directly

Signed-off-by: Colin Walters <walters@verbum.org>
2024-05-22 20:38:24 -04:00
Colin Walters
e84dc96612
Merge pull request #3249 from ericcurtin/add-webos
docs: add webOS as users of libostree
2024-05-22 20:09:04 -04:00
Colin Walters
1ab70be76d
Merge pull request #3250 from ericcurtin/minor-bootloader-doc-change
docs: make /ostree/root.X clearer as symlinks
2024-05-22 20:08:27 -04:00