1
0
mirror of https://github.com/systemd/systemd.git synced 2025-01-18 10:04:04 +03:00
Luca Boccassi a1a40297db core: deduplicate identical dm-verity ExtensionImages=
It turns out OverlayFS doesn't handle gracefully when the same source is
specified multiple times in lowerdir= and it fails with ELOOP:

Failed to mount overlay (type overlay) on /run/systemd/mount-rootfs/opt (MS_RDONLY "lowerdir=/run/systemd/unit-extensions/1/opt:/run/systemd/unit-extensions/0/opt:/run/systemd/mount-rootfs/opt"): Too many levels of symbolic links

This happens even if we mount each image in a different internal mount
path, as OverlayFS will resolve it and look for the backing device, which
will be the same device mapper entity, and return a hard error.
This error does not appear if dm-verity is not used, so it is very
confusing for users, and unnecessary.

When mounting ExtensionImages, check if an image is dm-veritied,
and drop duplicates if the root hashes match, to avoid this user-unfriendly
hard error.
2024-06-28 14:37:58 +01:00

45 lines
1.1 KiB
Bash
Executable File

#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later
# -*- mode: shell-script; indent-tabs-mode: nil; sh-basic-offset: 4; -*-
# ex: ts=8 sw=4 sts=4 et filetype=sh
set -e
TEST_DESCRIPTION="test systemd-dissect"
IMAGE_NAME="dissect"
TEST_NO_NSPAWN=1
TEST_INSTALL_VERITY_MINIMAL=1
# shellcheck source=test/test-functions
. "${TEST_BASE_DIR:?}/test-functions"
# On Ubuntu the BPF LSM is not enabled by default, so we need to do it via the
# kernel command line on boot
if [ "$LOOKS_LIKE_UBUNTU" = "yes" ]; then
KERNEL_OPTIONS=(
"lsm=lockdown,capability,landlock,yama,apparmor,bpf"
)
KERNEL_APPEND+=" ${KERNEL_OPTIONS[*]}"
fi
test_require_bin mksquashfs veritysetup sfdisk
test_append_files() {
instmods squashfs =squashfs
instmods dm_verity =md
install_dmevent
generate_module_dependencies
inst_binary wc
inst_binary sha256sum
inst_binary tar
if command -v openssl >/dev/null 2>&1; then
inst_binary openssl
fi
inst_binary mksquashfs
inst_binary unsquashfs
inst_binary pkcheck
inst_binary veritysetup
install_verity_minimal
}
do_test "$@"