• intrigeri's avatar
    Return to the initramfs (unpacked in /run/initramfs) on shutdown (refs:... · 888ccc5a
    intrigeri authored
    Return to the initramfs (unpacked in /run/initramfs) on shutdown (refs: #12428, #12354, Debian#778849).
    
    … otherwise the aufs read-write (tmpfs) branch, among possibly other things,
    can't be properly unmounted and its content remains in memory.
    
    Notes:
    
     * We have to handle some unmounting ourselves in initramfs-pre-shutdown-hook:
       systemd-shutdown doesn't manage to unmount the aufs read-write
       branch (/oldroot/lib/live/mount/overlay) as it is needed by the
       aufs (/oldroot) filesystem, and reciprocally it cannot unmount /oldroot as it
       is kept busy by /oldroot/lib/live/mount/*. So we disentangle this mess
       ourselves. And we have to manually empty the aufs read-write (tmpfs) branch,
       otherwise for some reason its content remains in memory. This code will of
       course need to be adapted for overlayfs some day.
    
     * We lock /bin/kill in memory: apparently systemd-exit.service needs it.
    
     * We remount /run on shutdown *before* dropping caches, just in case dropping
       caches removes what we've locked into memory.
    
     * We unpack the initramfs to /run/initramfs at *boot* time: sadly, I was not
       able to have it unpacked reliably in udev-watchdog-wrapper when the boot
       medium is ejected, so we'll use a little bit more RAM (instead of locking the
       compressed initramfs into memory, we're storing the uncompressed one there)
       and probably slow down the boot a bit, in order to make emergency shutdown
       robust. Note, however, that we save some of the RAM used by the uncompressed
       initramfs by deleting the worst offenders (kernel modules).
    
     * For now the whole procedure is quite noisy on the screen: the pre-shutdown
       hook runs under "set -x", doesn't run "clear", and spits out lots of
       debugging information. The goal is to enable users to provide useful
       debugging data if they have problems with emergency shutdown. Once we have
       shipped this code in a few releases and trust it's robust enough, we can
       surely reconsider and polish the UX by making the output less noisy.
    
     * We use absolute paths in many places to avoid $PATH lookup which might
       fail if the root filesystem is not there anymore.
    888ccc5a