| Age | Commit message (Collapse) | Author |
|---|
|
By default, /var/lib is bind mounted on /var/volatile/lib. If this is
the case, the recipe adds conditions on systemd-random-seed in the
service file mounting it. But as the VOLATILE_BINDS may be modified,
/var/lib may be mounted elsewhere, for example in /persistent/var/lib.
In this case, the conditions are not set because the service file name
does not match expected one.
This patch automatically records the name of the service mounting
/var/lib, if any, in order to set the condition in the appropriate file.
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The mount-copybind script will create the parent directory of the bind
mount if it does not exist. But actually, if this is the case, the
service will not even start because of the ConditionPathIsReadWrite.
This patch adds a "or" condition to allow the service to start also if
the parent directory of the bind mount does not exist.
Signed-off-by: Stéphane Veyret <sveyret@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Remove setting TimeoutSec and allow the DefaultTimeSec to be set for the
volatile-binds services.
Signed-off-by: Portia Stephens <stephensportia@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The systemd-unit parameter DefaultDependencies changed from true/false
to yes/no. This changed in systemd in v242.
Signed-off-by: Portia Stephens <stephensportia@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Use the new MOUNT_COPYBIND_AVOID_OVERLAYFS flag provided by mount-copybind.
When SELinux is enabled, processes accessing OverlayFS mounts will get a denial
if the process setting up the mount doesn't have all the permissions that
the accessor has.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
In some cases we don't want to even attempt to set up OverlayFS, for
example because SELinux in enforcing mode would kill the process
attempting to use the mount. See:
https://lore.kernel.org/all/CA+FmFJBDwt52Z-dVGfuUcnRMiMtGPhK4cCQJ=J_fg0r3x-b6ng@mail.gmail.com/T/#mef98aa406324096d1889d3d467251f30456f403c
If MOUNT_COPYBIND_AVOID_OVERLAYFS=1 is set, skip directly to copy and
bind mount.
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
$ shellcheck meta/recipes-core/volatile-binds/files/mount-copybind
In meta/recipes-core/volatile-binds/files/mount-copybind line 54:
mountcontext=",rootcontext=$(matchpathcon -n $mountpoint)"
^---------^ SC2086: Double quote to prevent globbing and word splitting.
Did you mean:
mountcontext=",rootcontext=$(matchpathcon -n "$mountpoint")"
For more information:
https://www.shellcheck.net/wiki/SC2086 -- Double quote to prevent globbing ...
Signed-off-by: Luca Boccassi <luca.boccassi@microsoft.com>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
If selinux is enabled, the context of the mountpoint for overlayfs
needs to be specified manually via the rootcontext option. To this
end, the required context is determined using matchpathcon(1) and
passed via the rootcontext mount option.
Additionally, if the mount source directory is created by mount-copybind
it also needs to take care that the context of the directory is correct
Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
bind mounts don't use the SELinux label of the target, but the SELinux
label of the source.
This patch restores the SELinux context of the bind mount recursively using
restorecon.
Signed-off-by: Tobias Kaufmann <Tobias.KA.Kaufmann@bmw.de>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
|
|
Repo-wide replacement to use newer variable to represent systemd
system unitdir directory.
Signed-off-by: Robert P. J. Day <rpjday@crashcourse.ca>
Signed-off-by: Alexandre Belloni <alexandre.belloni@bootlin.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
The automated conversion of OE-Core to use the new override sytax isn't
perfect. This patches some mis-converted lines and some lines which were missed
by the automation.
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is the result of automated script conversion:
scripts/contrib/convert-overrides.py <oe-core directory>
converting the metadata to use ":" as the override character instead of "_".
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
We are installing a service to volatile mount /srv
directory but we are not creating it on the target.
Signed-off-by: Sinan Kaya <okaya@kernel.org>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
With systemd v246 the syslog target now generates a warning (and has
been deprecated for some time). Drop the target and allow the default to
take effect.
Signed-off-by: Alex Kiernan <alex.kiernan@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
rename
Besides checking DISTRO_FEATURES for required or conflicting features,
being able to check MACHINE_FEATURES and/or COMBINED_FEATURES may also
be useful at times.
Temporarily support the old class name with a warning about future
deprecation.
Signed-off-by: Denys Dmytriyenko <denys@ti.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
This is needed on SELinux systems, so the labels (xattrs) are preserved.
Signed-off-by: Chris PeBenito <Christopher.PeBenito@microsoft.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Copying files from the read-only root filesystem to the tmpfs
providing the volatile directories can be slow and waste memory.
If the kernel supports the overlay filesystem, use it to mount
a writable tmpfs on top of the read-only directory from the
rootfs and avoid copies.
Analogous to the modification made to initscripts's
read-only-rootfs-hook in 370fda1b2e8d5dc011522131bba4106de26bfb19.
Signed-off-by: Matt Hoosier <matt.hoosier@gmail.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Otherwise it doesn't work since SYSTEMD_SERVICE_volatile-binds is not defined
when multilib.
Signed-off-by: Robert Yang <liezhi.yang@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
systemd-tmpfiles-setup will fail at boot, so we suppress
the default versions of etc.conf and home.conf.
We also make sure that /var/{cache,spool} and /srv are writeable
if they exist.
Signed-off-by: Joe Slater <jslater@windriver.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
getVar() now defaults to expanding by default, thus remove the True
option from getVar() calls with a regex search and replace.
Search made with the following regex: getVar ?\(( ?[^,()]*), True\)
Signed-off-by: Joshua Lock <joshua.g.lock@intel.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
It calls /sbin/umount to stop service var-volatile-lib. But umount is
installed into directory /bin. Correct it.
Signed-off-by: Kai Kang <kai.kang@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
Also need to correct the path to COPYING.MIT.
(From OE-Core rev: 4c46a6813772d8d35dd1432dbc59f9ff4b3bd074)
Signed-off-by: Thomas Perrot <thomas.perrot@tupi.fr>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
|
|
As this recipe inherits allarch, it makes no real difference whether
we are using ${PN} or 'volatile-binds'. But using ${PN} would keep
the same style with the other recipes in OE.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Ross Burton <ross.burton@intel.com>
|
|
This recipe is designed to play a key role in a read-only rootfs
of systemd based systems. It generates service files from a template,
volatile-binds.service.in and the VOLATILE_BINDS variable.
By default, VOLATILE_BINDS takes the value of "/var/volatile/lib /var/lib\n",
which leads to the generation of volatile-var-lib.service file.
This file doesn't have any effect in a read-write system, as it
has "ConditionPathIsReadWrite = !/var/lib" in the [Unit] section.
In other words, this file only has effect in a read-only rootfs.
Signed-off-by: Chen Qi <Qi.Chen@windriver.com>
Signed-off-by: Saul Wold <sgw@linux.intel.com>
|
Stéphane Veyret
Portia
Luca Boccassi
Luca Boccassi
Maximilian Blenk
Tobias Kaufmann
Robert P. J. Day
Richard Purdie
Sinan Kaya
Alex Kiernan
Denys Dmytriyenko
Chris PeBenito
Matt Hoosier
Robert Yang
Joe Slater
Joshua Lock
Kai Kang
Thomas Perrot
Chen Qi