Fix memory erasure on shutdown with systemd v239 (refs: #16097).
Remounting /run with the "exec" option in /lib/systemd/system-shutdown/tails does not work anymore with systemd v239, while it worked at least until systemd v237. I could not find out why by reading systemd's NEWS file. So let's instead do this there: - For clean shutdown: in a new, dedicated service, started immediately before final.target, which itself is a synchronization point that ensures this service is started before the transition to systemd-shutdown and in turn to the initramfs, where we finish the unmounting and other clean ups needed to erase the memory. - For emergency shutdown: in the udev watchdog script, before calling the unclean shutdown code, which bypasses final.target and thus won't run tails-remount-run-exec.service. Too bad we have to duplicate this mount command but it seems that both instances will become unnecessary quickly enough, once systemd DTRT™. Another way would be to manually start tails-remount-run-exec.service from the udev watchdog script but I'm concerned it will be unreliable when the boot medium has been unplugged.
Showing with 29 additions and 3 deletions