Add ostree-shutdown.service: hide /sysroot and make /etc read-only
We have a lot of bind mounts; these are usually set up in the initramfs.
So far during shutdown we've let systemd just try to sort things out
via auto-generated mount units i.e. `sysroot.mount` and `etc.mount`
and so on.
systemd has some special casing for `-.mount` (i.e. `/`) and `etc.mount`
https://github.com/systemd/systemd/blob/
e91bfad241799b449df73efc30d833b9c5937001/src/shared/fstab-util.c#L72
However it doesn't special case `/sysroot` - which is currently
an ostree-specific invention (when used in the real root).
We cannot actually unmount `/sysroot` while it's in use, and it
is because `/etc` is a bind mount into it. And we can't tear
down `/etc` because it's just expected that e.g. pid 1 and other
things hold open references to it - until things finally
transition into systemd-shutdown.
What we can do though is explicitly detach it during the shutdown
phase; this ensures that systemd won't try to clean it up then,
suppressing errors about its inability to do so.
While we're here, let's also remount `/etc` read-only; while
systemd itself will try to do so during systemd-shutdown.
Per comments if this service fails, it's a bug in something
else to be fixed.
Closes: https://github.com/ostreedev/ostree/issues/3513
Signed-off-by: Colin Walters <walters@verbum.org>
projects / ostree.git / commit