cryptsetup-generator: imply x-initrd.attach for "usr" and "root" volumes

Let's imply "x-initrd.attach" for "usr" and "root" volumes, so that we do not attempt to umount them anymore during shutdown. The names of these volumes have been mandated by the Discoverable Partition Spec: https://uapi-group.org/specifications/specs/discoverable_partitions_specification/#suggested-mode-of-operation Hence it appears reasonably safe to special case these volume names. Note that a similar logic is implemented in fstab-generator and in fact PID 1 to treat the root mount and /usr/ mount specially too, to avoid trying to umount it at shutdown. (This is what fstab_is_extrinsic() checks). This should ensure that if /usr/ or / is for some reason a LUKS medium we won't try to detach it during runtime, which likely fails, since we run off it. Note this also moves an ordering dep towards umount.target under the x-initrd.attach check, becasue that's where the crucial conflicts dep is placed too.
systemd · Jun 1, 2023 · 8ce02b8 · 8ce02b8
1 parent d120ce4
commit 8ce02b8
Showing 1 changed file with 18 additions and 6 deletions.
diff --git a/src/cryptsetup/cryptsetup-generator.c b/src/cryptsetup/cryptsetup-generator.c
@@ -282,6 +282,18 @@ static int print_dependencies(FILE *f, const char* device_path, const char* time
         return 0;
 }
 
+static bool attach_in_initrd(const char *name, const char *options) {
+        assert(name);
+
+        /* Imply x-initrd.attach in case the volume name is among those defined in the Discoverable Partition
+         * Specification for partitions that we require to be mounted during the initrd → host transition,
+         * i.e. for the root fs itself, and /usr/. This mirrors similar behaviour in
+         * systemd-fstab-generator. */
+
+        return fstab_test_option(options, "x-initrd.attach\0") ||
+                STR_IN_SET(name, "root", "usr");
+}
+
 static int create_disk(
                 const char *name,
                 const char *device,
@@ -297,7 +309,7 @@ static int create_disk(
                 *tmp_fstype = NULL, *filtered_header = NULL, *headerdev_mount = NULL;
         _cleanup_fclose_ FILE *f = NULL;
         const char *dmname;
-        bool noauto, nofail, swap, netdev, attach_in_initrd;
+        bool noauto, nofail, swap, netdev;
         int r, detached_header, keyfile_can_timeout, tmp;
 
         assert(name);
@@ -307,7 +319,6 @@ static int create_disk(
         nofail = fstab_test_yes_no_option(options, "nofail\0" "fail\0");
         swap = fstab_test_option(options, "swap\0");
         netdev = fstab_test_option(options, "_netdev\0");
-        attach_in_initrd = fstab_test_option(options, "x-initrd.attach\0");
 
         keyfile_can_timeout = fstab_filter_options(options,
                                                    "keyfile-timeout\0",
@@ -374,8 +385,10 @@ static int create_disk(
                 fprintf(f, "After=remote-fs-pre.target\n");
 
         /* If initrd takes care of attaching the disk then it should also detach it during shutdown. */
-        if (!attach_in_initrd)
-                fprintf(f, "Conflicts=umount.target\n");
+        if (!attach_in_initrd(name, options))
+                fprintf(f,
+                        "Conflicts=umount.target\n"
+                        "Before=umount.target\n");
 
         if (keydev) {
                 _cleanup_free_ char *unit = NULL, *umount_unit = NULL;
@@ -490,8 +503,7 @@ static int create_disk(
         if (path_startswith(u, "/dev/"))
                 fprintf(f,
                         "BindsTo=%s\n"
-                        "After=%s\n"
-                        "Before=umount.target\n",
+                        "After=%s\n",
                         d, d);
         else
                 /* For loopback devices, add systemd-tmpfiles-setup-dev.service