From f271dd97622b656c1c013d181ea615c671cc2438 Mon Sep 17 00:00:00 2001 From: "Lee, Chun-Yi" Date: Sat, 27 Oct 2012 11:23:22 +0800 Subject: [PATCH] systemd: mount the EFI variable filesystem MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add efivarfs to the mount_table in mount-setup.c, so the EFI variable filesystem will be mounted when systemd executed. The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel. Cc: Kay Sievers Cc: Lennart Poettering Cc: Mantas Mikulėnas Cc: Zbigniew Jędrzejewski-Szmek Cc: Matt Fleming Cc: Jeremy Kerr Cc: Matthew Garrett Signed-off-by: Lee, Chun-Yi --- src/core/kmod-setup.c | 7 ++++--- src/core/mount-setup.c | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c index cc2a2d9..ce8a8e7 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -31,9 +31,10 @@ #include "kmod-setup.h" static const char * const kmod_table[] = { - "autofs4", "/sys/class/misc/autofs", - "ipv6", "/sys/module/ipv6", - "unix", "/proc/net/unix" + "autofs4", "/sys/class/misc/autofs", + "ipv6", "/sys/module/ipv6", + "efivarfs", "/sys/firmware/efi/efivars", + "unix", "/proc/net/unix" }; #pragma GCC diagnostic push diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 0fd112f..9894c7f 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -66,6 +66,7 @@ static const MountPoint mount_table[] = { { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true, true }, { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, true }, { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, + { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, true }, { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false, true }, { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, true }, -- 1.7.10.4 From c1e5704657315b436c0409e8172c1fcb76adccad Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 4 Nov 2012 16:06:27 +0100 Subject: [PATCH] shared: add is_efiboot() --- src/shared/util.c | 4 ++++ src/shared/util.h | 2 ++ 2 files changed, 6 insertions(+) diff --git a/src/shared/util.c b/src/shared/util.c index 2a8afae..9983695 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -77,6 +77,10 @@ char **saved_argv = NULL; static volatile unsigned cached_columns = 0; static volatile unsigned cached_lines = 0; +bool is_efiboot(void) { + return access("/sys/firmware/efi", F_OK) >= 0; +} + size_t page_size(void) { static __thread size_t pgsz = 0; long r; diff --git a/src/shared/util.h b/src/shared/util.h index e387b12..99972cc 100644 --- a/src/shared/util.h +++ b/src/shared/util.h @@ -90,6 +90,8 @@ union dirent_storage { #define ANSI_HIGHLIGHT_YELLOW_ON "\x1B[1;33m" #define ANSI_HIGHLIGHT_OFF "\x1B[0m" +bool is_efiboot(void); + usec_t now(clockid_t clock); dual_timestamp* dual_timestamp_get(dual_timestamp *ts); -- 1.7.10.4 From 1022373284b7562431fb0a6dba45db8af089a0e3 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 4 Nov 2012 16:54:19 +0100 Subject: [PATCH] kmod-setup: add conditional module loading callback --- src/core/kmod-setup.c | 32 ++++++++++++++++++++------------ 1 file changed, 20 insertions(+), 12 deletions(-) diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c index ce8a8e7..383a6b2 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -30,11 +30,17 @@ #include "kmod-setup.h" -static const char * const kmod_table[] = { - "autofs4", "/sys/class/misc/autofs", - "ipv6", "/sys/module/ipv6", - "efivarfs", "/sys/firmware/efi/efivars", - "unix", "/proc/net/unix" +typedef struct Kmodule { + const char *name; + const char *directory; + bool (*condition_fn)(void); +} KModule; + +static const KModule kmod_table[] = { + { "autofs4", "/sys/class/misc/autofs", NULL } , + { "ipv6", "/sys/module/ipv6", NULL }, + { "efivarfs", "/sys/firmware/efi/efivars", NULL }, + { "unix", "/proc/net/unix", NULL } , }; #pragma GCC diagnostic push @@ -42,7 +48,8 @@ static const char * const kmod_table[] = { static void systemd_kmod_log(void *data, int priority, const char *file, int line, const char *fn, const char *format, va_list args) { - log_metav(priority, file, line, fn, format, args); + /* library logging is enabled at debug only */ + log_metav(LOG_DEBUG, file, line, fn, format, args); } #pragma GCC diagnostic pop @@ -53,13 +60,15 @@ int kmod_setup(void) { int err; for (i = 0; i < ELEMENTSOF(kmod_table); i += 2) { + if (kmod_table[i].condition_fn && !kmod_table[i].condition_fn()) + continue; - if (access(kmod_table[i+1], F_OK) >= 0) + if (access(kmod_table[i].directory, F_OK) >= 0) continue; log_debug("Your kernel apparently lacks built-in %s support. Might be a good idea to compile it in. " "We'll now try to work around this by loading the module...", - kmod_table[i]); + kmod_table[i].name); if (!ctx) { ctx = kmod_new(NULL, NULL); @@ -69,13 +78,12 @@ int kmod_setup(void) { } kmod_set_log_fn(ctx, systemd_kmod_log, NULL); - kmod_load_resources(ctx); } - err = kmod_module_new_from_name(ctx, kmod_table[i], &mod); + err = kmod_module_new_from_name(ctx, kmod_table[i].name, &mod); if (err < 0) { - log_error("Failed to load module '%s'", kmod_table[i]); + log_error("Failed to lookup module '%s'", kmod_table[i].name); continue; } @@ -85,7 +93,7 @@ int kmod_setup(void) { else if (err == KMOD_PROBE_APPLY_BLACKLIST) log_info("Module '%s' is blacklisted", kmod_module_get_name(mod)); else - log_error("Failed to insert '%s'", kmod_module_get_name(mod)); + log_error("Failed to insert module '%s'", kmod_module_get_name(mod)); kmod_module_unref(mod); } -- 1.7.10.4 From 3dfb265083347cb5700dc38f7cc0f479f378e6e9 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 4 Nov 2012 16:55:23 +0100 Subject: [PATCH] kmod-setup: mounting efivarfs, *after* we tried to mount it, is pointless The mount() system call, which we issue before loading modules, will trigger a modprobe by the kernel and block until it returns. Trying to load it again later, will have exactly the same result as the first time. --- src/core/kmod-setup.c | 1 - 1 file changed, 1 deletion(-) diff --git a/src/core/kmod-setup.c b/src/core/kmod-setup.c index 383a6b2..20ab232 100644 --- a/src/core/kmod-setup.c +++ b/src/core/kmod-setup.c @@ -39,7 +39,6 @@ typedef struct Kmodule { static const KModule kmod_table[] = { { "autofs4", "/sys/class/misc/autofs", NULL } , { "ipv6", "/sys/module/ipv6", NULL }, - { "efivarfs", "/sys/firmware/efi/efivars", NULL }, { "unix", "/proc/net/unix", NULL } , }; -- 1.7.10.4 From 6aa220e019f9dffd96590b06b68f937985204109 Mon Sep 17 00:00:00 2001 From: Kay Sievers Date: Sun, 4 Nov 2012 17:03:48 +0100 Subject: [PATCH] mount-setup: try mounting 'efivarfs' only if the system bootet with EFI --- TODO | 3 --- src/core/mount-setup.c | 50 ++++++++++++++++++++++++++++++++---------------- 2 files changed, 34 insertions(+), 19 deletions(-) diff --git a/src/core/mount-setup.c b/src/core/mount-setup.c index 9894c7f..98614d0 100644 --- a/src/core/mount-setup.c +++ b/src/core/mount-setup.c @@ -46,14 +46,20 @@ #define TTY_GID 5 #endif +typedef enum MountMode { + MNT_NONE = 0, + MNT_FATAL = 1 << 0, + MNT_IN_CONTAINER = 1 << 1, +} MountMode; + typedef struct MountPoint { const char *what; const char *where; const char *type; const char *options; unsigned long flags; - bool fatal; - bool in_container; + bool (*condition_fn)(void); + MountMode mode; } MountPoint; /* The first three entries we might need before SELinux is up. The @@ -62,16 +68,26 @@ typedef struct MountPoint { #define N_EARLY_MOUNT 4 static const MountPoint mount_table[] = { - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true, true }, - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true, true }, - { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, true }, - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, - { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, - { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, true }, - { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false, true }, - { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, true }, - { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, false, true }, - { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, true }, + { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_NONE }, + { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + is_efiboot, MNT_NONE }, + { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, + NULL, MNT_IN_CONTAINER }, + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, + NULL, MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_IN_CONTAINER }, }; /* These are API file systems that might be mounted by other software, @@ -119,6 +135,9 @@ static int mount_one(const MountPoint *p, bool relabel) { assert(p); + if (p->condition_fn && !p->condition_fn()) + return 0; + /* Relabel first, just in case */ if (relabel) label_fix(p->where, true, true); @@ -131,7 +150,7 @@ static int mount_one(const MountPoint *p, bool relabel) { return 0; /* Skip securityfs in a container */ - if (!p->in_container && detect_container(NULL) > 0) + if (!(p->mode & MNT_IN_CONTAINER) && detect_container(NULL) > 0) return 0; /* The access mode here doesn't really matter too much, since @@ -149,8 +168,8 @@ static int mount_one(const MountPoint *p, bool relabel) { p->type, p->flags, p->options) < 0) { - log_full(p->fatal ? LOG_ERR : LOG_DEBUG, "Failed to mount %s: %s", p->where, strerror(errno)); - return p->fatal ? -errno : 0; + log_full((p->mode & MNT_FATAL) ? LOG_ERR : LOG_DEBUG, "Failed to mount %s: %s", p->where, strerror(errno)); + return (p->mode & MNT_FATAL) ? -errno : 0; } /* Relabel again, since we now mounted something fresh here */ @@ -289,7 +308,6 @@ int mount_cgroup_controllers(char ***join_controllers) { p.type = "cgroup"; p.options = options; p.flags = MS_NOSUID|MS_NOEXEC|MS_NODEV; - p.fatal = false; r = mount_one(&p, true); free(controller); -- 1.7.10.4