From f271dd97622b656c1c013d181ea615c671cc2438 Mon Sep 17 00:00:00 2001 From: "Lee, Chun-Yi" Date: Sat, 27 Oct 2012 11:23:22 +0800 Subject: [PATCH] systemd: mount the EFI variable filesystem MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Add efivarfs to the mount_table in mount-setup.c, so the EFI variable filesystem will be mounted when systemd executed. The EFI variable filesystem will merge in v3.7 or v3.8 linux kernel. Cc: Kay Sievers Cc: Lennart Poettering Cc: Mantas Mikulėnas Cc: Zbigniew Jędrzejewski-Szmek Cc: Matt Fleming Cc: Jeremy Kerr Cc: Matthew Garrett Signed-off-by: Lee, Chun-Yi --- src/core/kmod-setup.c | 7 ++++--- src/core/mount-setup.c | 1 + 2 files changed, 5 insertions(+), 3 deletions(-) Index: systemd-195/src/core/kmod-setup.c =================================================================== --- systemd-195.orig/src/core/kmod-setup.c +++ systemd-195/src/core/kmod-setup.c @@ -30,10 +30,16 @@ #include "kmod-setup.h" -static const char * const kmod_table[] = { - "autofs4", "/sys/class/misc/autofs", - "ipv6", "/sys/module/ipv6", - "unix", "/proc/net/unix" +typedef struct Kmodule { + const char *name; + const char *directory; + bool (*condition_fn)(void); +} KModule; + +static const KModule kmod_table[] = { + { "autofs4", "/sys/class/misc/autofs", NULL } , + { "ipv6", "/sys/module/ipv6", NULL }, + { "unix", "/proc/net/unix", NULL } , }; #pragma GCC diagnostic push @@ -41,7 +47,8 @@ static const char * const kmod_table[] = static void systemd_kmod_log(void *data, int priority, const char *file, int line, const char *fn, const char *format, va_list args) { - log_metav(priority, file, line, fn, format, args); + /* library logging is enabled at debug only */ + log_metav(LOG_DEBUG, file, line, fn, format, args); } #pragma GCC diagnostic pop @@ -52,13 +59,15 @@ int kmod_setup(void) { int err; for (i = 0; i < ELEMENTSOF(kmod_table); i += 2) { + if (kmod_table[i].condition_fn && !kmod_table[i].condition_fn()) + continue; - if (access(kmod_table[i+1], F_OK) >= 0) + if (access(kmod_table[i].directory, F_OK) >= 0) continue; log_debug("Your kernel apparently lacks built-in %s support. Might be a good idea to compile it in. " "We'll now try to work around this by loading the module...", - kmod_table[i]); + kmod_table[i].name); if (!ctx) { ctx = kmod_new(NULL, NULL); @@ -68,13 +77,12 @@ int kmod_setup(void) { } kmod_set_log_fn(ctx, systemd_kmod_log, NULL); - kmod_load_resources(ctx); } - err = kmod_module_new_from_name(ctx, kmod_table[i], &mod); + err = kmod_module_new_from_name(ctx, kmod_table[i].name, &mod); if (err < 0) { - log_error("Failed to load module '%s'", kmod_table[i]); + log_error("Failed to lookup module '%s'", kmod_table[i].name); continue; } @@ -84,7 +92,7 @@ int kmod_setup(void) { else if (err == KMOD_PROBE_APPLY_BLACKLIST) log_info("Module '%s' is blacklisted", kmod_module_get_name(mod)); else - log_error("Failed to insert '%s'", kmod_module_get_name(mod)); + log_error("Failed to insert module '%s'", kmod_module_get_name(mod)); kmod_module_unref(mod); } Index: systemd-195/src/core/mount-setup.c =================================================================== --- systemd-195.orig/src/core/mount-setup.c +++ systemd-195/src/core/mount-setup.c @@ -46,14 +46,20 @@ #define TTY_GID 5 #endif +typedef enum MountMode { + MNT_NONE = 0, + MNT_FATAL = 1 << 0, + MNT_IN_CONTAINER = 1 << 1, +} MountMode; + typedef struct MountPoint { const char *what; const char *where; const char *type; const char *options; unsigned long flags; - bool fatal; - bool in_container; + bool (*condition_fn)(void); + MountMode mode; } MountPoint; /* The first three entries we might need before SELinux is up. The @@ -62,15 +68,26 @@ typedef struct MountPoint { #define N_EARLY_MOUNT 4 static const MountPoint mount_table[] = { - { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true, true }, - { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, true, true }, - { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, true, true }, - { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, false, false }, - { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, true }, - { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, false, true }, - { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, true, true }, - { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, false, true }, - { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, false, true }, + { "proc", "/proc", "proc", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "sysfs", "/sys", "sysfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "devtmpfs", "/dev", "devtmpfs", "mode=755", MS_NOSUID|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "securityfs", "/sys/kernel/security", "securityfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_NONE }, + { "efivarfs", "/sys/firmware/efi/efivars", "efivarfs", NULL, MS_NOSUID|MS_NOEXEC|MS_NODEV, + is_efiboot, MNT_NONE }, + { "tmpfs", "/dev/shm", "tmpfs", "mode=1777", MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "devpts", "/dev/pts", "devpts", "mode=620,gid=" STRINGIFY(TTY_GID), MS_NOSUID|MS_NOEXEC, + NULL, MNT_IN_CONTAINER }, + { "tmpfs", "/run", "tmpfs", "mode=755", MS_NOSUID|MS_NODEV|MS_STRICTATIME, + NULL, MNT_FATAL|MNT_IN_CONTAINER }, + { "tmpfs", "/sys/fs/cgroup", "tmpfs", "mode=755", MS_NOSUID|MS_NOEXEC|MS_NODEV|MS_STRICTATIME, + NULL, MNT_IN_CONTAINER }, + { "cgroup", "/sys/fs/cgroup/systemd", "cgroup", "none,name=systemd", MS_NOSUID|MS_NOEXEC|MS_NODEV, + NULL, MNT_IN_CONTAINER }, }; /* These are API file systems that might be mounted by other software, @@ -118,6 +135,9 @@ static int mount_one(const MountPoint *p assert(p); + if (p->condition_fn && !p->condition_fn()) + return 0; + /* Relabel first, just in case */ if (relabel) label_fix(p->where, true, true); @@ -130,7 +150,7 @@ static int mount_one(const MountPoint *p return 0; /* Skip securityfs in a container */ - if (!p->in_container && detect_container(NULL) > 0) + if (!(p->mode & MNT_IN_CONTAINER) && detect_container(NULL) > 0) return 0; /* The access mode here doesn't really matter too much, since @@ -148,8 +168,8 @@ static int mount_one(const MountPoint *p p->type, p->flags, p->options) < 0) { - log_full(p->fatal ? LOG_ERR : LOG_DEBUG, "Failed to mount %s: %s", p->where, strerror(errno)); - return p->fatal ? -errno : 0; + log_full((p->mode & MNT_FATAL) ? LOG_ERR : LOG_DEBUG, "Failed to mount %s: %s", p->where, strerror(errno)); + return (p->mode & MNT_FATAL) ? -errno : 0; } /* Relabel again, since we now mounted something fresh here */ @@ -288,7 +308,6 @@ int mount_cgroup_controllers(char ***joi p.type = "cgroup"; p.options = options; p.flags = MS_NOSUID|MS_NOEXEC|MS_NODEV; - p.fatal = false; r = mount_one(&p, true); free(controller); Index: systemd-195/src/shared/util.c =================================================================== --- systemd-195.orig/src/shared/util.c +++ systemd-195/src/shared/util.c @@ -75,6 +75,10 @@ char **saved_argv = NULL; static volatile unsigned cached_columns = 0; static volatile unsigned cached_lines = 0; +bool is_efiboot(void) { + return access("/sys/firmware/efi", F_OK) >= 0; +} + size_t page_size(void) { static __thread size_t pgsz = 0; long r; Index: systemd-195/src/shared/util.h =================================================================== --- systemd-195.orig/src/shared/util.h +++ systemd-195/src/shared/util.h @@ -90,6 +90,8 @@ union dirent_storage { #define ANSI_HIGHLIGHT_YELLOW_ON "\x1B[1;33m" #define ANSI_HIGHLIGHT_OFF "\x1B[0m" +bool is_efiboot(void); + usec_t now(clockid_t clock); dual_timestamp* dual_timestamp_get(dual_timestamp *ts);