Whether we put some binaries in /bin or in /usr/bin should not have any
effect on unmounting during shutdown. Even if people split /usr/ off we
should not try to unmount it, no matter what as it is simply where
binaries are placed.
As described in the BLS, we should place binaries into the XBOOTLDR
directory if it is available, otherwise into the ESP. Thus, we might
need to put binaries into /boot or into /efi depending on the existence
of the XBOOTLDR partition.
With this change, we introduce a new PathRelativeTo= config option that
makes this functionality possible
This way we'll not add deps for the mount point that unmount it during
shutdown. This is similar as for /run/initramfs/ which we want to
transition into during shutdown.
This way we don't have to add "-o x-initrd.mount" to all bind mounts for
/run/nextroot anymore to make it survive the reboot, it will be implied.
Let's make sure implicitly that the target directory is a mount point,
instead of doing so manually beforehand. This allows us to drop this
step from the transition into the /run/initramfs/ dir at shutdown.
During the initrd→host transition the switch root operations so far
where towards pre-existing mount points, but there are cetrainly
usecases where it might make sense to siwtch into arbitrary
subdirectories, too.
Our shutdown binary that takes over as PID 1 when shutting down puts
great efforts into a sync() that comes with a time-out once sync'ing
process stops. If we'd add another dumb sync() here, we kinda defeat all
it is good for. Hence, let's keep the sync() in for most codepats, but
let's disable it for the final shutdown logic when we transition back
into the exitrd. After all we sync()ed more than enough here, no need to
sync() even more.
Let's replace the current boolean param with a proper flags param. With
a single flag this doesn't appear to make much sense, though it does
already make things more readable I think.
However, once we add a second flag, it starts to make more sense.
Also, while we are at it, condition the "istmp" determinaton with this
flag too, since we only need it when the flag is set.
We previously would use MS_MOVE to move the old procfs, sysfs, /dev/ and
/run to the new place in some places, and MS_BIND in others.
The logic when to use MS_MOVE and when to use MS_BIND was pretty
arbitrary so far: we'd use MS_MOVE during the initrd → host transition
and MS_BIND when transitioning from host into the exitrd during
shutdown.
Traditionally, using MS_MOVE was preferable, because we didn't bother
with unmounting the old mount hierarchy before the switch root, and thus
using MS_MOVE did some clean-up as side-effect (because the old mounts
went away this way). But since we nowadays properly umount all remaining
mount points (since 268d1244e8) when
transitioning it's pointless.
Let's just use MS_BIND always. Let's tweak it though: let's use
MS_BIND|MS_REC for the kernel API VFS, and MS_BIND without MS_REC for
/run/. The latter reflects the fact that the submounts /run/ has usually
are not so much about just accessing kernel APIs but about auxiliary
user resources. Hence let's only move the main mount over for that.
While we are at it, also set up the base filesystem *before* we move the
mounts from the old to the new root, since the base filesystem setup
logic creates various needed inodes for us, which we really should make
use of instead of creating on our own.
This adds a new mechanism for rebooting, a form of "userspace reboot"
hereby dubbed "soft-reboot". It will stop all services as in a usual
shutdown, possibly transition into a new root fs and then issue a fresh
initial transaction. The kernel is not replaced.
File descriptors can be passed over, thus opening the door for leaving
certain resources around between such reboots.
Usecase: this is an extremely quick way to reset userspace fully when
updating image based systems, without going through a full
hardware/firmware/boot loader/kernel/initrd cycle. It minimizes "grayout time"
for OS updates. (In particular when combined with kernel live patching)
If we are not able to detach all MD/DM/loopback devices this is not
necessarily a failure, it's simply because we might be running off them.
Hence let's tone down our language a bit, and just say "Unable to"
rather than "Failed to".
While we are at it, let's also clean this up a bit: unlike DM/MD devices
loopback devices are likely partitioned, hence trace the block device
through the partition layer and LUKS.
So far detach-swap.[ch] were still using the MountPoint structure to
store swap device info in. Since it was only using a single field of it
sharing the whole structure is kinda pointless. Hence, let's decouple
this and only add the field we really need.
The logic was borked: if we find multiple partitions of the same
designator, we should first prefer the better arch, and then prefer the
better version, and then the first found. Fix that.
Fixes: #27897
We only really care about lowering the device timeout so we get to
a shell faster when the root device doesn't appear so let's only
lower that timeout instead of lowering all default timeouts.
