[systemd-devel] /etc/fstab dependences migrated between units due to automount feature
Daniel Otero Oubiña
otero.o.daniel at gmail.com
Fri Aug 30 23:05:04 UTC 2019
I forgot to say that the devices on crypttab are also configured with
`noauto`, that's why I was adding the dependences manually.
The strange behavior for me is that, if I do not put the `x-systemd.automount`
everything works fine: the devices are not decrypted until I try to mount
the final filesystem. But when I add the automount feature, the devices get
automatically decrypted at boot, because the dependencies are moved from
the .mount to the .automount.
This can be solved manually with custom units, but I would like to know if
there is an explanation for this behavior.
Thanks.
El vie., 30 ago. 2019 12:05, Michael Chapman <mike at very.puzzling.org>
escribió:
> On Fri, 30 Aug 2019, Daniel Otero Oubiña wrote:
> > Hi all!
> >
> > I have found a somehow strange systemd "feature" that I'm not sure if
> it's
> > a bug. Let me know if you prefer having this reported on GitHub instead.
> >
> > First, let me explain my setup: I have a data filesystem that is split in
> > two encrypted partitions (with LUKS) formated as a single btrfs raid1
> > filesystem.
> > I manage to make everything work just modifying fstab and crypttab.
> >
> > The problem arises when I try to make the data partition mounted on
> demand
> > (`x-systemd.automount`). That's because it makes my "decrypted
> partitions"
> > dependences (declared with
> `systemd.requires=systemd-cryptsetup at xxx.service`)
> > move from the .mount autogenerated unit to the .automount one. This
> causes
> > the partitions to be decrypted even if the data filesystem is never used,
> > because the .automount unit is activated on boot. Is there a reasoning
> for
> > this behavior or I'm missing something?
> >
> > Here is a link with the autogenerated units with and without the
> automount
> > option:
> > https://pastebin.com/RkdHFt59
>
> First, I don't think you should specify
> x-systemd.requires=systemd-cryptsetup at xxx.service explicitly.
>
> systemd's cryptsetup-generator ensures that cryptsetup.target has
> Wants=systemd-cryptsetup at xxx.service, and systemd-cryptsetup at xxx.service
> has BindsTo=dev-yyy.device according to the contents of your crypttab
> file.
>
> The end result is cryptsetup should be performed when the device is
> detected, not necessarily when any filesystem on it is mounted. That is
> the behaviour you're seeing already, but without any need for explicit
> dependencies.
>
> As for whether this behaviour is intended, I would say it is. An encrypted
> block device might be used for something other than a mountable
> filesystem. You might have LVM on it, for instance.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.freedesktop.org/archives/systemd-devel/attachments/20190831/8851a4fc/attachment.html>
More information about the systemd-devel
mailing list