ostree

shaba/ostree

Fork 0

mirror of https://github.com/ostreedev/ostree.git synced 2025-01-09 01:18:35 +03:00

Commit Graph

Author	SHA1	Message	Date
Colin Walters	bc62fd5196	unlock: Don't pass options again to overlayfs There seems to be a tricky regression here with the util-linux support for the new mount API, plus overlays support for it. ``` [2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2108]: + unshare -m -- /bin/sh -c 'mount -o remount,rw /usr && echo hello from transient unlock >/usr/share/writable-usr-test' [2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]: mount: /usr: mount point not mounted or bad option. [2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]: dmesg(1) may have more information after failed mount system call. ``` OK this seems related to the new mount API support in util-linux and overlayfs. From a strace: ``` 2095 open_tree(AT_FDCWD, "/usr", OPEN_TREE_CLOEXEC) = 3 2095 mount_setattr(-1, NULL, 0, NULL, 0) = -1 EINVAL (Invalid argument) ... 2095 fspick(3, "", FSPICK_NO_AUTOMOUNT\|FSPICK_EMPTY_PATH) = 4 2095 fsconfig(4, FSCONFIG_SET_FLAG, "seclabel", NULL, 0) = 0 2095 fsconfig(4, FSCONFIG_SET_STRING, "lowerdir", "usr", 0) = -1 EINVAL (Invalid argument) ``` I think the core problem here is it's trying to reconfigure the mount with existing options, but in the new mount namespace we can't see the lowerdir. Here we really really just want to remount writable. Telling util-linux to not pass existing options fixes it.	2023-11-09 20:53:52 -05:00
Colin Walters	f2773c1b55	Add "transient" unlock I was thinking a bit more recently about the "live" changes stuff https://github.com/coreos/rpm-ostree/issues/639 (particularly since https://github.com/coreos/rpm-ostree/pull/2060 ) and I realized reading the last debates in that issue that there's really a much simpler solution; do exactly the same thing we do for `ostree admin unlock`, except mount it read-only by default. Then, anything that wants to modify it does the same thing libostree does for `/sysroot` and `/boot` as of recently; create a new mount namespace and do the modifications there. The advantages of this are numerous. First, we already have all of the code, it's basically just plumbing through a new entry in the state enumeration and passing `MS_RDONLY` into the `mount()` system call. "live" changes here also naturally don't persist, unlike what we are currently doing in rpm-ostree.	2020-08-07 18:57:56 +00:00

Author

SHA1

Message

Date

Colin Walters

bc62fd5196

unlock: Don't pass options again to overlayfs

There seems to be a tricky regression here with the util-linux
support for the new mount API, plus overlays support for it.

```
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2108]: + unshare -m -- /bin/sh -c 'mount -o remount,rw /usr && echo hello from transient unlock >/usr/share/writable-usr-test'
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]: mount: /usr: mount point not mounted or bad option.
[2023-11-09T21:05:30.633Z] Nov 09 21:05:26 qemu0 kola-runext-unlock-transient.sh[2148]:        dmesg(1) may have more information after failed mount system call.
```

OK this seems related to the new mount API support in util-linux and overlayfs.  From a strace:

```
2095  open_tree(AT_FDCWD, "/usr", OPEN_TREE_CLOEXEC) = 3
2095  mount_setattr(-1, NULL, 0, NULL, 0) = -1 EINVAL (Invalid argument)
...
2095  fspick(3, "", FSPICK_NO_AUTOMOUNT|FSPICK_EMPTY_PATH) = 4
2095  fsconfig(4, FSCONFIG_SET_FLAG, "seclabel", NULL, 0) = 0
2095  fsconfig(4, FSCONFIG_SET_STRING, "lowerdir", "usr", 0) = -1 EINVAL (Invalid argument)
```

I think the core problem here is it's trying to reconfigure the mount with existing options,
but in the new mount namespace we can't see the lowerdir.

Here we really really just want to remount writable.  Telling
util-linux to not pass existing options fixes it.

2023-11-09 20:53:52 -05:00

Colin Walters

f2773c1b55

Add "transient" unlock

I was thinking a bit more recently about the "live" changes
stuff https://github.com/coreos/rpm-ostree/issues/639
(particularly since https://github.com/coreos/rpm-ostree/pull/2060 )
and I realized reading the last debates in that issue that
there's really a much simpler solution; do exactly the same
thing we do for `ostree admin unlock`, except mount it read-only
by default.

Then, anything that wants to modify it does the same thing
libostree does for `/sysroot` and `/boot` as of recently; create
a new mount namespace and do the modifications there.

The advantages of this are numerous.  First, we already have
all of the code, it's basically just plumbing through a new
entry in the state enumeration and passing `MS_RDONLY` into
the `mount()` system call.

"live" changes here also naturally don't persist, unlike what
we are currently doing in rpm-ostree.

2020-08-07 18:57:56 +00:00

2 Commits