[systemd-devel] systemd.volatile=yes

Tobias Hunger tobias.hunger at gmail.com
Mon Sep 4 11:48:04 UTC 2017 

Hi Lennart,

On Mon, Sep 4, 2017 at 11:06 AM, Lennart Poettering
<lennart at poettering.net> wrote:
> Hmm, mount.usr= should continue to be supported. It's documented in
> the systemd-fstab-generator man page however, not in the
> kernel-command-line one. We should fix that however, can you file a
> bug?

I'll file a merge request for that this week. I guess this is not that urgent;-)

>> The one pitfall I ran into is that I had to add a "usr" folder into
>> the usr partition for systemd-volatile-root.service to work. The
>> system boots well and seems to work nicely with this change.
>
> Uh, this shouldn't be necessary. Can you file a bug? I am really
> surprised by this I must say... In my testing it didn't do that
> either...

src/volatile-root/volatile-root.c line 53: return log_error_errno(r,
"/usr not available in old root: %m");

Rereading the documentation on systemd.volatile, that is also pretty
much exactly what it says there: "[...] only /usr is mounted from the
file system configured as root device, in read-only mode.". My
assumption was that I can take a usr-partition as is (the one I used
to use with mount.usr*) is wrong, I need to move things down one
level.

But I do understand why you implemented this as is: Your way allows to
use any existing rootfs in a stateless setup without any special
preparation (provided /usr is not in a separate partition:-)

Once I get my setup rolling again, I plan to add dm-verity support to
my setup. I am curious how that will like your "remount the usr folder
from the already mounted root partition" approach.

>> But then I discovered one strange problem: I can not ssh into the root
>> account anymore!
>>
>> ssh -v shows that a connection is established, then ssh is checking
>> for key files in /root/.ssh and does not find anything in there. Doing
>> "ls -alF /root/.ssh" as root does list keys there.
>
> This is very strange... Did you check that the perms of eahc component
> of the path to /root/.ssh/[keys] actually are the same in both cases?

Nope, since I have no idea how to move into the mount namespace that
sshd is running in.

The journal just lists the attempts to access /root/.ssh/idrsa (and
others), each followed by a line that the file is not found.

These files are actually created on the tmpfs by a custom
systemd-service in the initrd that just takes a file from the usr
partition and extracts it onto /. This service is run before the root
is moved over from the initrd to the real one.

The whole setup works nicely when using mount.usr* instead of
systemd.volatile, so I do not expect the files or their permissions to
be wrong themselves. They do also have the expected permissions when
checking them in the shell.

Best Regards,
Tobias

More information about the systemd-devel mailing list