mirror of
https://github.com/systemd/systemd
synced 2024-07-21 18:24:38 +00:00
de862276ed
sysexts are meant to extend /usr. All extension images and directories are opened and merged in a
single, read-only overlayfs layer, mounted on /usr.
So far, we had fallback storage directories in /usr/lib/extensions and /usr/local/lib/extensions.
This is problematic for three reasons.
Firstly, technically, for directory-based extensions the kernel will reject
creating such an overlay, as there is a recursion problem. It actively
validates that a lowerdir is not a child of another lowerdir, and fails with
-ELOOP if it is. So having a sysext /usr/lib/extensions/myextdir/ would result
in an overlayfs config lowerdir=/usr/lib/extensions/myextdir/usr/:/usr which is
not allowed, as indicated by Christian the kernel performs this check:
/*
* Check if this layer root is a descendant of:
* - another layer of this overlayfs instance
* - upper/work dir of any overlayfs instance
*/
<...>
/* Walk back ancestors to root (inclusive) looking for traps */
while (!err && parent != next) {
if (is_lower && ovl_lookup_trap_inode(sb, parent)) {
err = -ELOOP;
pr_err("overlapping %s path\n", name);
Secondly, there's a confusing aspect to this recursive storage. If you
have /usr/lib/extensions/myext.raw which contains /usr/lib/extensions/mynested.raw
'systemd-sysext merge' will only pick up the first one, but both will appear in
the merged root under /usr/lib/extensions/. So you have two extension images, both
appear in your merged filesystem, but only one is actually in use.
Finally, there's a conceptual aspect: the idea behind sysexts and hermetic /usr
is that the /usr tree is not modified locally, but owned by the vendor. Dropping
extensions in /usr thus goes contrary to this foundational concept.
33 lines
967 B
Desktop File
33 lines
967 B
Desktop File
# SPDX-License-Identifier: LGPL-2.1-or-later
|
|
#
|
|
# This file is part of systemd.
|
|
#
|
|
# systemd is free software; you can redistribute it and/or modify it
|
|
# under the terms of the GNU Lesser General Public License as published by
|
|
# the Free Software Foundation; either version 2.1 of the License, or
|
|
# (at your option) any later version.
|
|
|
|
[Unit]
|
|
Description=Merge System Extension Images into /usr/ and /opt/
|
|
Documentation=man:systemd-sysext.service(8)
|
|
|
|
ConditionCapability=CAP_SYS_ADMIN
|
|
ConditionDirectoryNotEmpty=|/etc/extensions
|
|
ConditionDirectoryNotEmpty=|/run/extensions
|
|
ConditionDirectoryNotEmpty=|/var/lib/extensions
|
|
|
|
DefaultDependencies=no
|
|
After=local-fs.target
|
|
Before=sysinit.target systemd-tmpfiles-setup.service
|
|
Conflicts=shutdown.target initrd-switch-root.target
|
|
Before=shutdown.target initrd-switch-root.target
|
|
|
|
[Service]
|
|
Type=oneshot
|
|
RemainAfterExit=yes
|
|
ExecStart=systemd-sysext merge
|
|
ExecStop=systemd-sysext unmerge
|
|
|
|
[Install]
|
|
WantedBy=sysinit.target
|