fstab-generator: optional read addtional fstab lines from credentials

Fixes: systemd#27260
poettering · Jun 30, 2023 · d873238 · d873238
1 parent 12a316b
commit d873238
Show file tree

Hide file tree

Showing 3 changed files with 63 additions and 0 deletions.
diff --git a/man/systemd-fstab-generator.xml b/man/systemd-fstab-generator.xml
@@ -269,6 +269,21 @@ systemd.swap=/dev/sda2:x-systemd.makefs</programlisting>
     </variablelist>
   </refsect1>
 
+  <refsect1>
+    <title>System Credentials</title>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>fstab.extra</varname></term>
+
+        <listitem><para>This credential may contain addition mounts to establish, in the same format as
+        <citerefentry
+        project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, with
+        one mount per line. It is read in addition to <filename>/etc/fstab</filename>.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
   <refsect1>
     <title>See Also</title>
     <para>

diff --git a/man/systemd.system-credentials.xml b/man/systemd.system-credentials.xml
@@ -186,6 +186,15 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term><varname>fstab.extra</varname></term>
+
+        <listitem>
+          <para>Additional mounts to establish at boot. For details, see
+          <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term><varname>vconsole.keymap</varname></term>
         <term><varname>vconsole.keymap_toggle</varname></term>

diff --git a/src/fstab-generator/fstab-generator.c b/src/fstab-generator/fstab-generator.c
@@ -8,6 +8,7 @@
 #include "bus-error.h"
 #include "bus-locator.h"
 #include "chase.h"
+#include "creds-util.h"
 #include "efi-loader.h"
 #include "env-util.h"
 #include "fd-util.h"
@@ -1281,6 +1282,40 @@ static int add_mounts_from_cmdline(void) {
         return ret;
 }
 
+static int add_mounts_from_creds(void) {
+        _cleanup_free_ void *b = NULL;
+        struct mntent *me;
+        int r, ret = 0;
+        size_t bs;
+
+        r = read_credential_with_decryption(
+                        in_initrd() ? "fstab.extra.initrd" : "fstab.extra",
+                        &b, &bs);
+        if (r <= 0)
+                return r;
+
+        _cleanup_fclose_ FILE *f = NULL;
+        f = fmemopen_unlocked(b, bs, "r");
+        if (!f)
+                return log_oom();
+
+        while ((me = getmntent(f))) {
+                r = parse_fstab_one(
+                                "/run/credentials",
+                                me->mnt_fsname,
+                                me->mnt_dir,
+                                me->mnt_type,
+                                me->mnt_opts,
+                                me->mnt_passno,
+                                /* initrd = */ false,
+                                /* use_swap_enabled = */ true);
+                if (r < 0 && ret >= 0)
+                        ret = r;
+        }
+
+        return ret;
+}
+
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
         int r;
 
@@ -1513,6 +1548,10 @@ static int run_generator(void) {
         if (r < 0 && ret >= 0)
                 ret = r;
 
+        r = add_mounts_from_creds();
+        if (r < 0 && ret >= 0)
+                ret = r;
+
         return ret;
 }