1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
|
From 7ab1d00227cad6f1b86ba01fdc766769faebb031 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
Date: Thu, 13 Jan 2022 17:35:59 +0100
Subject: [PATCH] fix(dracut-shutdown): add cleanup handler on failure
It may happen that dracut-shutdown.service fails, for example on timeout
due to very low bandwidth.
In such case, for hardening purposes, a new dracut-shutdown-onfailure.service
unit doing dracut-shutdown.service cleanup needs to execute to make sure
switching root to an incomplete initramfs won't occur later.
See also RHBZ #1924587 (https://bugzilla.redhat.com/show_bug.cgi?id=1924587).
Reference:https://github.com/dracutdevs/dracut/commit/7ab1d00227cad6f1b86ba01fdc766769faebb031
Conflict:NA
---
Makefile | 1 +
.../dracut-shutdown-onfailure.service | 13 +++++++++++++
modules.d/98dracut-systemd/dracut-shutdown.service | 1 +
.../98dracut-systemd/dracut-shutdown.service.8.asc | 3 +++
pkgbuild/dracut.spec | 1 +
5 files changed, 19 insertions(+)
create mode 100644 modules.d/98dracut-systemd/dracut-shutdown-onfailure.service
diff --git a/Makefile b/Makefile
index 85e1020a..ab47fed8 100644
--- a/Makefile
+++ b/Makefile
@@ -178,6 +178,7 @@ ifneq ($(enable_documentation),no)
endif
if [ -n "$(systemdsystemunitdir)" ]; then \
mkdir -p $(DESTDIR)$(systemdsystemunitdir); \
+ ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown-onfailure.service; \
ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown.service; \
mkdir -p $(DESTDIR)$(systemdsystemunitdir)/sysinit.target.wants; \
ln -s ../dracut-shutdown.service \
diff --git a/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service b/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service
new file mode 100644
index 00000000..96de58c5
--- /dev/null
+++ b/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service
@@ -0,0 +1,13 @@
+# This file is part of dracut.
+#
+# See dracut.bootup(7) for details
+
+[Unit]
+Description=Service executing upon dracut-shutdown failure to perform cleanup
+Documentation=man:dracut-shutdown.service(8)
+DefaultDependencies=no
+
+[Service]
+Type=oneshot
+ExecStart=-/bin/rm /run/initramfs/shutdown
+StandardError=null
diff --git a/modules.d/98dracut-systemd/dracut-shutdown.service b/modules.d/98dracut-systemd/dracut-shutdown.service
index 81043b2d..7c36f14f 100644
--- a/modules.d/98dracut-systemd/dracut-shutdown.service
+++ b/modules.d/98dracut-systemd/dracut-shutdown.service
@@ -10,6 +10,7 @@ Wants=local-fs.target
Conflicts=shutdown.target umount.target
DefaultDependencies=no
ConditionPathExists=!/run/initramfs/bin/sh
+OnFailure=dracut-shutdown-onfailure.service
[Service]
RemainAfterExit=yes
diff --git a/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc b/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
index ba80b187..21ec88ca 100644
--- a/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
+++ b/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
@@ -40,6 +40,9 @@ by injecting "rd.break=pre-shutdown rd.shell" or "rd.break=shutdown rd.shell".
# touch /run/initramfs/.need_shutdown
----
+In case the unpack of the initramfs fails, dracut-shutdown-onfailure.service
+executes to make sure switch root doesn't happen, since it would result in
+switching to an incomplete initramfs.
AUTHORS
-------
diff --git a/pkgbuild/dracut.spec b/pkgbuild/dracut.spec
index f94cbb3e..eca626bd 100644
--- a/pkgbuild/dracut.spec
+++ b/pkgbuild/dracut.spec
@@ -416,6 +416,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
%dir %{_sharedstatedir}/initramfs
%if %{defined _unitdir}
%{_unitdir}/dracut-shutdown.service
+%{_unitdir}/dracut-shutdown-onfailure.service
%{_unitdir}/sysinit.target.wants/dracut-shutdown.service
%{_unitdir}/dracut-cmdline.service
%{_unitdir}/dracut-initqueue.service
--
2.33.0
|
