[PATCH] expand-on-first-boot: Add /tmp to ConditionPathIsReadWrite

Clara Kowalsky

unread,

Jul 12, 2024, 10:03:22 AMJul 12

to isar-...@googlegroups.com, quirin.g...@siemens.com, Clara Kowalsky

This verifies that /tmp is readable and writable before starting the
service.

Signed-off-by: Clara Kowalsky <clara.k...@siemens.com>
---
.../expand-on-first-boot/files/expand-on-first-boot.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
index 90c92a39..9daae719 100644
--- a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
+++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
@@ -9,7 +9,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=local-fs-pre.target shutdown.target
-ConditionPathIsReadWrite=/etc
+ConditionPathIsReadWrite=/etc /tmp

[Service]
Type=oneshot
--
2.45.2

Jan Kiszka

unread,

Jul 12, 2024, 10:09:25 AMJul 12

to Clara Kowalsky, isar-...@googlegroups.com, quirin.g...@siemens.com

On 12.07.24 16:03, 'Clara Kowalsky' via isar-users wrote:
> This verifies that /tmp is readable and writable before starting the
> service.

Rather then repeating what the patch does, explain why it is doing this.

Jan

Siemens AG, Technology
Linux Expert Center

Clara Kowalsky

unread,

Jul 12, 2024, 11:39:49 AMJul 12

to isar-...@googlegroups.com, quirin.g...@siemens.com, Clara Kowalsky

Since mktemp is used and creates a temporary file, we need to ensure
that /tmp is writable.

Signed-off-by: Clara Kowalsky <clara.k...@siemens.com>
---
.../expand-on-first-boot/files/expand-on-first-boot.service | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
index 90c92a39..9daae719 100644
--- a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
+++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
@@ -9,7 +9,7 @@ DefaultDependencies=no
Conflicts=shutdown.target
After=systemd-remount-fs.service
Before=local-fs-pre.target shutdown.target
-ConditionPathIsReadWrite=/etc
+ConditionPathIsReadWrite=/etc /tmp

[Service]
Type=oneshot
--

2.45.2

Uladzimir Bely

unread,

Jul 18, 2024, 1:35:26 AM (10 days ago) Jul 18

to isar-...@googlegroups.com

On Fri, 2024-07-12 at 17:39 +0200, 'Clara Kowalsky' via isar-users
wrote:

In a downstream we have read-only rootfs and some writable last
partition that we want to expand. Having writable "/etc" condition in
Isar recipe makes us use .bbappend rewrite the service file.

Would not it be better not to depend on writable "/etc" at all in Isar?

> [Service]
> Type=oneshot
> --
> 2.45.2
>

BTW, in the same downstream something close we do for sshd-regen-keys
service. Due to readonly rootfs, instead of writable "/etc" condition
we use more narrow "/etc/ssh" one. So it might be changed in Isar also,
but it is a topic for a separate discussion.

--
Best regards,
Uladzimir.

MOESSBAUER, Felix

unread,

Jul 18, 2024, 3:11:59 AM (10 days ago) Jul 18

to ub...@ilbers.de, isar-...@googlegroups.com

According to systemd, /etc must be RW when transitioning out of the
initrd. The reason for that is the creation of the machine-id.

Felix

>
> > [Service]
> > Type=oneshot
> > --
> > 2.45.2
> >
>
> BTW, in the same downstream something close we do for sshd-regen-keys
> service. Due to readonly rootfs, instead of writable "/etc" condition
> we use more narrow "/etc/ssh" one. So it might be changed in Isar
> also,
> but it is a topic for a separate discussion.
>
> --
> Best regards,
> Uladzimir.
>

MOESSBAUER, Felix

unread,

Jul 18, 2024, 3:27:19 AM (10 days ago) Jul 18

to isar-...@googlegroups.com, Kowalsky, Clara, quirin.g...@siemens.com

On Fri, 2024-07-12 at 16:03 +0200, 'Clara Kowalsky' via isar-users
wrote:

> This verifies that /tmp is readable and writable before starting the
> service.
>
> Signed-off-by: Clara Kowalsky <clara.k...@siemens.com>
> ---
> .../expand-on-first-boot/files/expand-on-first-boot.service | 2
> +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-

> on-first-boot.service b/meta/recipes-support/expand-on-first-
> boot/files/expand-on-first-boot.service
> index 90c92a39..9daae719 100644
> --- a/meta/recipes-support/expand-on-first-boot/files/expand-on-
> first-boot.service
> +++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-
> first-boot.service

> @@ -9,7 +9,7 @@ DefaultDependencies=no
> Conflicts=shutdown.target
> After=systemd-remount-fs.service
> Before=local-fs-pre.target shutdown.target
> -ConditionPathIsReadWrite=/etc
> +ConditionPathIsReadWrite=/etc /tmp

Hi, can't we simply use PrivateTmp=true ? This would unshare /tmp and
/var/tmp from the host / calling environment.

I'm anyways wondering how the system will behave if /tmp is not
writable, as having this writable is mandated by systemd.

What data is stored there? If this is potentially big, we should not
use /tmp at all but instead /var/tmp.

Felix

>
> [Service]
> Type=oneshot
> --
> 2.45.2
>

Kowalsky, Clara

unread,

Jul 24, 2024, 9:48:12 AM (4 days ago) Jul 24

to MOESSBAUER, Felix, isar-...@googlegroups.com, quirin.g...@siemens.com

Thanks for the comment. I tested it with PrivateTmp=true and this also works fine.

>
> I'm anyways wondering how the system will behave if /tmp is not writable, as
> having this writable is mandated by systemd.
>
> What data is stored there? If this is potentially big, we should not use /tmp at all
> but instead /var/tmp.

Mktemp just creates an empty directory that is used as mount point, so no need to switch to /var/tmp.

Clara

Reply all

Reply to author

Forward