[systemd-devel] How to factory reset?

Lennart Poettering lennart at poettering.net
Tue Mar 10 10:38:45 PDT 2015 

On Tue, 10.03.15 18:13, Tobias Hunger (tobias.hunger at gmail.com) wrote:

> > So you want not just factory reset, but actually a stateless system,
> > where every single boot is basically a factory reset?
> 
> Yes, but I do have a state that I want to be applied by default at
> all times.

Well, you want the "factory defaults" to be applied when the machine
comes up, right?

> > My recommendation would be to set this up within the initrd: mount a
> > tmpfs as /, then mount the physical /usr into it and transition to the
> > host OS.
> 
> That is a great idea! I was so focused on having a tmpfs on /etc that
> I did not even think about that:-/
> 
> I would like to keep e.g. logs between reboots, so maybe I can just
> have /var mounted from somewhere else.

Hmm, currently we focussed on two models:

a) fully "volatile", meaning / as tmpfs, with /usr mounted from
   physical media

b) with only "volatile" state, but persitent configuration, meaning /
   mounted from physical media, and /var as tmpfs.

Your model appears to be different from that. You actually want /var
from from physical media, but /etc from tmpfs? That would be kinda the
opposite of b)...

Do you actually want all of /var mounted of physical media? If you are
interested in just logging, maybe just adding a normal mount for
/var/log/ should suffice, leaving the rest of /var on tmpfs?

> > (It is available in nspawn though with the --volatile=)
> > switch. But it's on the todo list to add that, so that what I describe
> > above is easily available. We also should provide a scheme that one
> > can flush /etc explicitly ones for a factory reset, via a kernel
> > cmdline option.
> 
> Please do not do that.
> 
> Even if all filesystems are encrypted you could factory-reset random
> computers you have access to, simply by editing the bootloader
> configuration file usually found in the poorly protected EFI
> partition!

Well, if you have access to the kernel cmdline you can do whatever you
want. init=/bin/sh is infinitely more powerful than just being able to
flush out /etc...

> Better have a unit that deletes /etc before the system is shut down.
> That way you at least need to have root access to the running machine
> to trigger a factory reset. That keeps at least people with encrypted
> drives save:-)

Well, factory resets are supposed to be something that gets you back
into a defined state if you fucked up your system. In such a case it
might not be possible to boot up anymore to reset the state... Hence
having this on the kernel cmdline is kinda a necessity to make this
useful in real-life...

> Having --volatile=/path/to/usr/directory would be nice to have for the
> experiments I do right now. I guess that is not so very common that it
> makes sense to consider sending in a patch for that.

Hmm, what precisely are you suggesting this would do?

> > Well, nspawn isn't. But systemd will, if it finds /etc empty. It will
> > create a machine ID, and apply presets and stuff...
> 
> I *have* a machine ID and everything. Can I get that information into
> place somehow *before* systemd creates all of that?

presets and machined ID are applied by PID 1, before it begins with
starting any units, hence *really* early on. Note though that actually
/etc/machine-id is used as flag for "is /etc empty". If the file
exists it is assumed that /etc is provisioned properly. If it is
missing PID 1 will generate the machiend id and apply presets.

Note though that some services like ldconfig.service also want to
write to /etc, to generate some files, if they are missing... If you
want to do something before that you have to order those units
explicitly before each one of them.

Note though that much like /usr, /etc is something that we assume is
premounted when systemd is started, and where we do not support
mounting it after systemd began its work. I mean, /etc is usually
where moutns are configured, but if youw ant to mount someting on
/etc, then how is that to be found?

Hence, if you want /etc to be volatile, better do that in the initrd...

> Thanks again for your reply. You did provide some food for further experiments:
> 
> 1) Extract my etc-tarball to /usr/share/factory/etc and remove /etc
> from the root-image. Keep the etc.mount unit.

This will not work. Please do not work with a an etc.mount
unit. Instead do the stuff in the initrd...

Lennart

-- 
Lennart Poettering, Red Hat

More information about the systemd-devel mailing list