netboot: incorrect SMACK labels for /tmp and /run

Fixed

Description

With recent changes introduced for the "run as non-root" feature, some services now need to use /tmp as a temp folder (before, it was in the root user directory).

Everything works correctly when booting from a normal storage device (usb, sd-card, ...) on all platforms because systemd is responsible for mounting /tmp and /root and applies the correct smack label, as specified in the config fragment /lib/systemd/system/tmp.mount.d/smack.conf .

But when using netboot, the initrd script is responsible for mounting /tmp and /run before pivoting on new rootfs and running systemd. As a consequence, systemd doesn't try to remount /tmp or /run (and correct smack label is not applied).

I see 2 potential fixes ATM:

make the initrd not mount /tmp or /run (or mount then umount them)
make the initrd mount /tmp and /run as systemd usually does (with option 'smackfsroot=*')

Environment

AGL/master 20190703, M3/H3+KF

Activity

Show:

Walt Miner
July 9, 2019 at 3:27 PM

Close for HH RC3

Stephane Desneux
July 3, 2019 at 4:13 PM
(edited)

option 1 with unmounting /tmp and /run works (tested and verified): https://gerrit.automotivelinux.org/gerrit/c/AGL/meta-agl/+/21807

Jan-Simon Moeller
July 3, 2019 at 2:12 PM

Netboot should stay working w/o smack, so if we do make the initrd mount with the smakfsroot option, then we need to make it conditional to smack or the appfw in the recipe.

Both ways look ok. The first would make us a little more independent in the initrd as we don't have to deal with 'specifics' of the started system.

I'd say try the first option first.

Resize issue view side panel

Details

Assignee

Stephane Desneux

Reporter

Stephane Desneux

Fix versions

Halibut 8.0.1

Labels

Contract ID

Hardware Platform(s) Affected

Intel Minnowboard

Intel Upsquare

NXP i.MX6

Raspberry Pi 3

Renesas H3

Renesas M3

Renesas M3+KF

TI Vayu

Components

CIAT

Kernel/ OS

Affects versions

master

Priority

Critical

Created July 3, 2019 at 1:23 PM

Updated September 19, 2019 at 12:06 PM

Resolved July 8, 2019 at 6:16 PM

netboot: incorrect SMACK labels for /tmp and /run

Description

Environment

Activity

Walt Miner
July 9, 2019 at 3:27 PM

Stephane Desneux
July 3, 2019 at 4:13 PM
(edited)

Jan-Simon Moeller
July 3, 2019 at 2:12 PM

Details

Assignee

Reporter

Fix versions

Labels

Contract ID

Hardware Platform(s) Affected

Components

Affects versions

Priority

Flag notifications

Something's gone wrong

netboot: incorrect SMACK labels for /tmp and /run

Description

Environment

Activity

Walt Miner July 9, 2019 at 3:27 PM

Stephane Desneux July 3, 2019 at 4:13 PM(edited)

Jan-Simon Moeller July 3, 2019 at 2:12 PM

Details

Assignee

Reporter

Fix versions

Labels

Contract ID

Hardware Platform(s) Affected

Components

Affects versions

Priority

Flag notifications

Something's gone wrong

Walt Miner
July 9, 2019 at 3:27 PM

Stephane Desneux
July 3, 2019 at 4:13 PM
(edited)

Jan-Simon Moeller
July 3, 2019 at 2:12 PM