Commit 290620df authored by intrigeri's avatar intrigeri
Browse files

Mount a dedicated tmpfs on /run/initramfs instead of trying to remount /run...

Mount a dedicated tmpfs on /run/initramfs instead of trying to remount /run with the "exec" option (refs: #16097).

My previous approach, i.e. "let's remount /run with the exec option via a unit
file started as part of the shutdown procedure", worked just fine for clean
shutdown. But it does not work for emergency shutdown, i.e. when the boot medium
is physically removed: for some reason (possibly missing bits in the memlockd
configuration), this service is not started, and then systemd-shutdown won't
return to the initramfs because /run/initramfs/shutdown is not executable.

So let's instead disregard /run and extract the initramfs into a dedicated
tmpfs, that we mount on /run/initramfs (where systemd-shutdown will look for
it), and that we mount without the "noexec" option.

Also, remove manual calls to eject(1):

 - They increase chances that the shutdown process breaks due to missing
   files locked in memory by memlockd.

 - Their sole benefit is to ensure we physically eject the DVD. It's unclear if
   this code is still needed nowadays. Regardless, starting with Tails 3.12, the
   only supported use case for ISO and DVD is virtual machines, which are not
   targeted by the emergency shutdown feature, which is about removing the
   *physical* boot medium.
parent 634e5a6d
......@@ -13,12 +13,12 @@ systemctl enable onion-grater.service
systemctl enable tails-synchronize-data-to-new-persistent-volume-on-shutdown.service
systemctl enable tails-autotest-broken-Xorg.service
systemctl enable tails-autotest-remote-shell.service
systemctl enable tails-remount-run-exec.service
systemctl enable tails-set-wireless-devices-state.service
systemctl enable tails-shutdown-on-media-removal.service
systemctl enable
systemctl enable tails-wait-until-tor-has-bootstrapped.service
systemctl enable tails-tor-has-bootstrapped-flag-file.service
systemctl enable run-initramfs.mount
systemctl enable var-tmp.mount
# Enable our own systemd user unit files
......@@ -3,15 +3,16 @@
# we can remove this custom code.
Description=Allow executing binaries in /run
Description=Extracted initrd directory
ExecStart=/bin/mount -o remount,exec /run
......@@ -44,13 +44,6 @@ boot_device() {
# First clean the screen, then brutally shutdown the machine.
do_stop() {
# Really make sure that the CD is ejected
# FIXME: this might not be necessary with future kernel/udev
if [ "${DEV_TYPE}" = "cd" ]; then
/usr/bin/eject -i off "${BOOT_DEVICE}" || true
/usr/bin/eject -m "${BOOT_DEVICE}" || true
# Kill everything run by amnesia or Debian-gdm, otherwise emergency
# shutdown fails for some reason. Incidentally, this also allows
# the test suite to look for a known message ("Happy dumping!")
......@@ -60,11 +53,6 @@ do_stop() {
/bin/systemctl --signal=9 kill gdm.service || true
/bin/loginctl --signal=9 kill-user Debian-gdm || true
# This allows systemd-shutdown to execute /run/initramfs/shutdown.
# XXX:Bullseye: if is merged,
# we can remove this custom code.
/bin/mount -o remount,exec /run
# Finally, return to the initramfs and poweroff the system
/bin/systemctl --force poweroff
......@@ -29,8 +29,12 @@ in the initramfs. That one will unmount all filesystems, run
that helps us automatically test this behavior, and finally perform
the requested poweroff/reboot action.
To make this work, `/run` is [[!tails_gitweb config/chroot_local-includes/lib/systemd/system/tails-remount-run-exec.service desc="remounted"]] with
the `exec` option before `` is started.
To make this work, a dedicated `tmpfs` filesystem is [[!tails_gitweb
desc="mounted"]] on `/run/initramfs`: `/run` is mounted with the
`noexec` option and while our attempts to remount it with `exec`
worked for clean shutdown, they failed for emergency shutdown, i.e.
when the boot medium is physically removed.
For details about the underlying systemd mechanisms, see `bootup(7)`
and `systemd-shutdown(8)`.
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment