[systemd-devel] [PATCH] random-seed: break ordering cycle with encrypted tmp partitions

Tom Gundersen teg at jklm.no
Tue Nov 15 00:20:39 PST 2011 

The cycle is caused by our ordering is to coarse. We order random-seed-load after
all filesystems, but all we really care about is /var/lib being mounted rw.

Waiting for all filesystems means that we would also have to wait for /tmp, which
might depend on random-seed-load.

Maybe the best way to solve this would have been to allow .path units to not only
wait for a path, but also wait for it to have a specific permission.

However, since we cannot do that at the moment, this should do the trick for now:

We would like to wait for var.mount if /var is on a separate partition, and
we'd like to wait for remount-rootfs.service otherwise. I couldn't figure out how
to do this conditionally, so we unconditionally wait for both.
---
 Makefile.am                               |    1 +
 TODO                                      |    2 --
 units/systemd-random-seed-load.service.in |    4 ++--
 3 files changed, 3 insertions(+), 4 deletions(-)

diff --git a/Makefile.am b/Makefile.am
index d30d626..ec172b8 100644
--- a/Makefile.am
+++ b/Makefile.am
@@ -1594,6 +1594,7 @@ SED_PROCESS = \
 		-e 's, at exec_prefix\@,$(exec_prefix),g' \
 		-e 's, at libdir\@,$(libdir),g' \
 		-e 's, at includedir\@,$(includedir),g' \
+		-e 's, at localstatedir\@,$(localstatedir),g' \
 		< $< > $@ || rm $@
 
 units/%: units/%.in Makefile
diff --git a/TODO b/TODO
index 5303497..a17d409 100644
--- a/TODO
+++ b/TODO
@@ -21,8 +21,6 @@ Features:
 
 * when an instanced service exits, remove its parent cgroup too if possible.
 
-* as Tom Gundersen pointed out there's a always a dep loop if people use crypto file systems with random keys
-
 * unset container= in PID1?
 
 * automatically escape unit names passed on the service (i.e. think "systemctl start serial-getty.service at serial/by-path/jshdfjsdfhkjh" being automatically escaped as necessary.
diff --git a/units/systemd-random-seed-load.service.in b/units/systemd-random-seed-load.service.in
index a2b6a55..1218040 100644
--- a/units/systemd-random-seed-load.service.in
+++ b/units/systemd-random-seed-load.service.in
@@ -8,10 +8,10 @@
 [Unit]
 Description=Load Random Seed
 DefaultDependencies=no
-Wants=local-fs.target
 Conflicts=shutdown.target
-After=systemd-readahead-collect.service systemd-readahead-replay.service local-fs.target
+After=systemd-readahead-collect.service systemd-readahead-replay.service rootfs-remount.service @localstatedir at .mount
 Before=sysinit.target shutdown.target
+ConditionPathExists=@localstatedir@/lib/random-seed
 
 [Service]
 Type=oneshot
-- 
1.7.7.3

More information about the systemd-devel mailing list