mirror of
https://github.com/ostreedev/ostree.git
synced 2024-12-22 17:35:55 +03:00
f617a341f3
If the `prepare-root.conf` file contains: ``` [etc] transient=yes ``` Then during prepare-root, an overlayfs is mounted as /etc, with the upper dir being in /run. If composefs is used, the lower dir is `usr/etc` from the composefs image , or it is the deployed `$deploydir/usr/etc`. Note that for this to work with selinux, the commit must have been built with OSTREE_REPO_COMMIT_MODIFIER_FLAGS_USRETC_AS_ETC. Otherwise the lowerdir (/usr/etc) will have the wrong selinux contexts for the final location of the mount (/etc). We also set the transient-etc key in the ostree-booted file, pointing it to the directory that is used for the overlayfs. There are some additional work happening in ostree-remount, mostly related to selinux (as this needs to happen post selinux policy load): * Recent versions of selinux-poliy have issues with the overlayfs mount being kernel_t, and that is not allowed to manage files as needed. This is fixed in https://github.com/fedora-selinux/selinux-policy/pull/1893 * Any /etc files created in the initramfs will not be labeled, because the selinux policy has not been loaded. In addition, the upper dir is on a tmpfs, and any manually set xattr-based selinux labels on those are reset during policy load. To work around this ostree-remount will relabel all files on /etc that have corresponding files in overlayfs upper dir. * During early boot, systemd mounts /run/machine-id on top of /etc/machine-id (as /etc is readonly). Later during boot, when etc is readwrite, systemd-machine-id-commit.service will remove the mount and update the real file under it with the right content. To ensure that this keeps working, we need to ensure that when we relabel /etc/machine-id we relabel the real (covered) file, not the temporary bind-mount. * ostree-remount no longer needs to remount /etc read-only in the transient-etc case. Signed-off-by: Alexander Larsson <alexl@redhat.com>
97 lines
4.4 KiB
Plaintext
97 lines
4.4 KiB
Plaintext
# Copyright (C) 2011 Colin Walters <walters@verbum.org>
|
|
#
|
|
# SPDX-License-Identifier: LGPL-2.0+
|
|
#
|
|
# This library is free software; you can redistribute it and/or
|
|
# modify it under the terms of the GNU Lesser General Public
|
|
# License as published by the Free Software Foundation; either
|
|
# version 2 of the License, or (at your option) any later version.
|
|
#
|
|
# This library is distributed in the hope that it will be useful,
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
|
# Lesser General Public License for more details.
|
|
#
|
|
# You should have received a copy of the GNU Lesser General Public
|
|
# License along with this library. If not, see <https://www.gnu.org/licenses/>.
|
|
|
|
ostree_prepare_root_SOURCES = \
|
|
src/switchroot/ostree-mount-util.h
|
|
ostree_prepare_root_CFLAGS =
|
|
ostree_prepare_root_CPPFLAGS = $(AM_CPPFLAGS)
|
|
ostree_prepare_root_LDADD =
|
|
|
|
if BUILDOPT_SYSTEMD
|
|
ostree_boot_PROGRAMS += ostree-remount
|
|
else
|
|
# It is built anyway as a side-effect of having the symlink in tests/,
|
|
# and if we declare it here, it gets cleaned up properly
|
|
check_PROGRAMS += ostree-remount
|
|
endif
|
|
|
|
if BUILDOPT_USE_STATIC_COMPILER
|
|
ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root-static.c
|
|
|
|
# ostree-prepare-root can be used as init in a system without a populated /lib.
|
|
# To support this use case we need to link statically as we will be unable to
|
|
# locate libc.so at run time if it's not installed in /lib.
|
|
#
|
|
# We support building ostree-prepare-root with a different compiler to the rest
|
|
# of ostree so we can use musl rather than glibc. This reduces the size of the
|
|
# executable significantly: from ~700K -> ~30K. We have to use _SCRIPTS here
|
|
# to get autotools to install this as an executable but without generating rules
|
|
# to make it itself which we have specified manually. See
|
|
# https://lists.gnu.org/archive/html/help-gnu-utils/2007-01/msg00007.html
|
|
ostree_boot_SCRIPTS += ostree-prepare-root
|
|
|
|
ostree-prepare-root : $(ostree_prepare_root_SOURCES)
|
|
$(STATIC_COMPILER) -o $@ -static $(top_srcdir)/src/switchroot/ostree-prepare-root-static.c $(ostree_prepare_root_CPPFLAGS) $(AM_CFLAGS) $(DEFAULT_INCLUDES) -DOSTREE_PREPARE_ROOT_STATIC=1
|
|
CLEANFILES += ostree-prepare-root
|
|
else
|
|
ostree_boot_PROGRAMS += ostree-prepare-root
|
|
ostree_prepare_root_CFLAGS += $(AM_CFLAGS) -Isrc/switchroot -I$(srcdir)/composefs -I$(srcdir)/src/libostree -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil
|
|
ostree_prepare_root_SOURCES += src/switchroot/ostree-prepare-root.c
|
|
ostree_prepare_root_CPPFLAGS += $(OT_INTERNAL_GIO_UNIX_CFLAGS) $(OT_DEP_CRYPTO_CFLAGS) -I $(srcdir)/libglnx
|
|
ostree_prepare_root_LDADD += $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) $(OT_DEP_CRYPTO_LIBS) libotcore.la libotutil.la libglnx.la
|
|
endif # BUILDOPT_USE_STATIC_COMPILER
|
|
|
|
|
|
ostree_remount_SOURCES = \
|
|
src/switchroot/ostree-mount-util.h \
|
|
src/switchroot/ostree-remount.c \
|
|
$(NULL)
|
|
ostree_remount_CPPFLAGS = $(AM_CPPFLAGS) $(OT_INTERNAL_GIO_UNIX_CFLAGS) -Isrc/switchroot -I$(srcdir)/src/libotcore -I$(srcdir)/src/libotutil -I$(srcdir)/libglnx
|
|
ostree_remount_LDADD = $(AM_LDFLAGS) $(OT_INTERNAL_GIO_UNIX_LIBS) libotcore.la libotutil.la libglnx.la
|
|
|
|
if USE_SELINUX
|
|
ostree_remount_CPPFLAGS += $(OT_DEP_SELINUX_CFLAGS)
|
|
ostree_remount_LDADD += $(OT_DEP_SELINUX_LIBS)
|
|
endif
|
|
|
|
if USE_COMPOSEFS
|
|
ostree_prepare_root_LDADD += libcomposefs.la
|
|
endif
|
|
|
|
if BUILDOPT_SYSTEMD
|
|
ostree_prepare_root_CPPFLAGS += -DHAVE_SYSTEMD=1
|
|
ostree_prepare_root_LDADD += $(LIBSYSTEMD_LIBS)
|
|
endif
|
|
|
|
# This is the "new mode" of using a generator for /var; see
|
|
# https://github.com/ostreedev/ostree/issues/855
|
|
if BUILDOPT_SYSTEMD_AND_LIBMOUNT
|
|
ostree_prepare_root_CPPFLAGS += -DHAVE_SYSTEMD_AND_LIBMOUNT=1
|
|
ostree_remount_CPPFLAGS += -DHAVE_SYSTEMD_AND_LIBMOUNT=1
|
|
|
|
systemdsystemgenerator_PROGRAMS = ostree-system-generator
|
|
GITIGNOREFILES += $(systemdsystemgenerator_PROGRAMS)
|
|
ostree_system_generator_SOURCES = src/switchroot/ostree-mount-util.h \
|
|
src/switchroot/ostree-system-generator.c
|
|
ostree_system_generator_CPPFLAGS = $(AM_CPPFLAGS) -I$(srcdir)/libglnx -I$(srcdir)/src/libostree
|
|
ostree_system_generator_CFLAGS = $(AM_CFLAGS) $(OT_INTERNAL_GIO_UNIX_CFLAGS)
|
|
ostree_system_generator_LDADD = $(AM_LDFLAGS) libglnx.la libostree-1.la $(OT_INTERNAL_GIO_UNIX_LIBS)
|
|
|
|
# Allow the distcheck install under $prefix test to pass
|
|
AM_DISTCHECK_CONFIGURE_FLAGS += --with-systemdsystemgeneratordir='$${libdir}/systemd/system-generators'
|
|
endif
|