    intrigeri's avatar
      Fix memory erasure on shutdown with systemd v239 (refs: #16097). · 634e5a6d
      intrigeri authored
      Remounting /run with the "exec" option in /lib/systemd/system-shutdown/tails
      does not work anymore with systemd v239, while it worked at least until systemd
      v237. I could not find out why by reading systemd's NEWS file.
      So let's instead do this there:
       - For clean shutdown: in a new, dedicated service, started immediately before
         final.target, which itself is a synchronization point that ensures this
         service is started before the transition to systemd-shutdown and in turn to
         the initramfs, where we finish the unmounting and other clean ups needed to
         erase the memory.
       - For emergency shutdown: in the udev watchdog script, before calling the
         unclean shutdown code, which bypasses final.target and thus won't run
         tails-remount-run-exec.service. Too bad we have to duplicate this mount
         command but it seems that both instances will become unnecessary quickly
         enough, once systemd DTRT™. Another way would be to manually start
         tails-remount-run-exec.service from the udev watchdog script but I'm
         concerned it will be unreliable when the boot medium has been unplugged.
