Skip to content

Commit

Permalink
prepare-root: add kernel cmdline ostree.prepare-root.readonly
Browse files Browse the repository at this point in the history
  • Loading branch information
ruihe774 committed Sep 28, 2024
1 parent 9ca8b46 commit 588eeb8
Show file tree
Hide file tree
Showing 4 changed files with 52 additions and 11 deletions.
5 changes: 5 additions & 0 deletions man/ostree-prepare-root.xml
Original file line number Diff line number Diff line change
Expand Up @@ -163,6 +163,11 @@ License along with this library. If not, see <https://www.gnu.org/licenses/>.
<listitem><para>This accepts the same values as <literal>composefs.enabled</literal> above, and overrides the config file (if present).
For example, specifying <literal>ostree.prepare-root.composefs=0</literal> will disable composefs, even if it is enabled by default in the initrd config.</para></listitem>
</varlistentry>
<varlistentry>
<term><varname>ostree.prepare-root.readonly</varname></term>
<listitem><para>This accepts the same values as <literal>sysroot.readonly</literal> above, and overrides the config file (if present).
For example, specifying <literal>ostree.prepare-root.readonly=0</literal> will disable mounting /sysroot read-only, even if it is enabled by default in the initrd config.</para></listitem>
</varlistentry>
</variablelist>

</refsect1>
Expand Down
35 changes: 35 additions & 0 deletions src/libotcore/otcore-prepare-root.c
Original file line number Diff line number Diff line change
Expand Up @@ -26,6 +26,8 @@
#define BINDING_KEYPATH "/etc/ostree/initramfs-root-binding.key"
// The kernel argument to configure composefs
#define CMDLINE_KEY_COMPOSEFS "ostree.prepare-root.composefs"
// The kernel argument to configure sysroot.readonly
#define CMDLINE_KEY_READONLY "ostree.prepare-root.readonly"

static bool
proc_cmdline_has_key_starting_with (const char *cmdline, const char *key)
Expand Down Expand Up @@ -239,3 +241,36 @@ otcore_load_composefs_config (const char *cmdline, GKeyFile *config, gboolean lo

return g_steal_pointer (&ret);
}

gboolean
otcore_load_sysroot_readonly (const char *cmdline, GKeyFile *config,
const ComposefsConfig *composefs_config,
gboolean *sysroot_readonly, GError **error)
{
g_assert (cmdline);
g_assert (config);
g_assert (composefs_config);
g_assert (sysroot_readonly);

GLNX_AUTO_PREFIX_ERROR ("Loading sysroot readonly config", error);

g_autofree char *readonly_cmdline =
otcore_find_proc_cmdline_key (cmdline, CMDLINE_KEY_READONLY);
if (readonly_cmdline)
{
if (!_ostree_parse_boolean(readonly_cmdline, sysroot_readonly, error))
return glnx_prefix_error (error, "handling karg" CMDLINE_KEY_READONLY);

return TRUE;
}

// If composefs is enabled, that also implies sysroot.readonly=true because it's
// the new default we want to use (not because it's actually required)
const gboolean sysroot_readonly_default = composefs_config->enabled == OT_TRISTATE_YES;
if (!ot_keyfile_get_boolean_with_default (config, OTCORE_PREPARE_ROOT_SYSROOT_KEY,
OTCORE_PREPARE_ROOT_READONLY_KEY,
sysroot_readonly_default, sysroot_readonly, error))
return FALSE;

return TRUE;
}
6 changes: 6 additions & 0 deletions src/libotcore/otcore.h
Original file line number Diff line number Diff line change
Expand Up @@ -61,6 +61,9 @@ G_DEFINE_AUTOPTR_CLEANUP_FUNC (ComposefsConfig, otcore_free_composefs_config)

ComposefsConfig *otcore_load_composefs_config (const char *cmdline, GKeyFile *config,
gboolean load_keys, GError **error);
gboolean otcore_load_sysroot_readonly (const char *cmdline, GKeyFile *config,
const ComposefsConfig *composefs_config,
gboolean *sysroot_readonly, GError **error);

// Our directory with transient state (eventually /run/ostree-booted should be a link to
// /run/ostree/booted)
Expand All @@ -86,6 +89,9 @@ ComposefsConfig *otcore_load_composefs_config (const char *cmdline, GKeyFile *co
// EROFS mount if we somehow leaked it (but it *should* be unmounted always).
#define OSTREE_COMPOSEFS_LOWERMNT OTCORE_RUN_OSTREE_PRIVATE "/cfsroot-lower"

#define OTCORE_PREPARE_ROOT_SYSROOT_KEY "sysroot"
#define OTCORE_PREPARE_ROOT_READONLY_KEY "readonly"

#define OTCORE_PREPARE_ROOT_COMPOSEFS_KEY "composefs"
#define OTCORE_PREPARE_ROOT_ENABLED_KEY "enabled"
#define OTCORE_PREPARE_ROOT_KEYPATH_KEY "keypath"
Expand Down
17 changes: 6 additions & 11 deletions src/switchroot/ostree-prepare-root.c
Original file line number Diff line number Diff line change
Expand Up @@ -76,9 +76,6 @@
#include "ot-keyfile-utils.h"
#include "otcore.h"

#define SYSROOT_KEY "sysroot"
#define READONLY_KEY "readonly"

/* This key configures the / mount in the deployment root */
#define ROOT_KEY "root"
#define ETC_KEY "etc"
Expand Down Expand Up @@ -109,7 +106,8 @@ sysroot_is_configured_ro (const char *sysroot)
return false;
}

return g_key_file_get_boolean (repo_config, SYSROOT_KEY, READONLY_KEY, NULL);
return g_key_file_get_boolean (repo_config, OTCORE_PREPARE_ROOT_SYSROOT_KEY,
OTCORE_PREPARE_ROOT_READONLY_KEY, NULL);
}

static char *
Expand Down Expand Up @@ -280,7 +278,6 @@ main (int argc, char *argv[])
if (!config)
errx (EXIT_FAILURE, "Failed to parse config: %s", error->message);

gboolean sysroot_readonly = FALSE;
gboolean root_transient = FALSE;

if (!ot_keyfile_get_boolean_with_default (config, ROOT_KEY, TRANSIENT_KEY, FALSE, &root_transient,
Expand All @@ -294,12 +291,10 @@ main (int argc, char *argv[])
if (!composefs_config)
errx (EXIT_FAILURE, "%s", error->message);

// If composefs is enabled, that also implies sysroot.readonly=true because it's
// the new default we want to use (not because it's actually required)
const bool sysroot_readonly_default = composefs_config->enabled == OT_TRISTATE_YES;
if (!ot_keyfile_get_boolean_with_default (config, SYSROOT_KEY, READONLY_KEY,
sysroot_readonly_default, &sysroot_readonly, &error))
errx (EXIT_FAILURE, "Failed to parse sysroot.readonly value: %s", error->message);
gboolean sysroot_readonly;
if (!otcore_load_sysroot_readonly (kernel_cmdline, config, composefs_config, &sysroot_readonly,
&error))
errx (EXIT_FAILURE, "%s", error->message);

/* This is the final target where we should prepare the rootfs. The usual
* case with systemd in the initramfs is that root_mountpoint = "/sysroot".
Expand Down

0 comments on commit 588eeb8

Please sign in to comment.