[PATCH v3] expand-on-first-boot: Ensure that /tmp is writable
2 views
Skip to first unread message
Clara Kowalsky
Jul 24, 2024, 9:39:47 AM (4 days ago) Jul 24
to isar-...@googlegroups.com, quirin.g...@siemens.com, Clara Kowalsky
By setting PrivateTmp, a new file system namespace is created for this
service and private /tmp/<service>/tmp and /var/tmp/<service>/tmp
subdirectories are mounted, which are only used for processes of this
namespace. The service unit receives a mount unit dependency for all
mounts required to access /tmp and /var/tmp.
This ensures that the /tmp directory is writable for the service, as
mktemp is used in expand-last-partition.sh and creates a temporary file.
---
.../expand-on-first-boot/files/expand-on-first-boot.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
index 90c92a39..8e76998b 100644
--- a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
+++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
@@ -16,6 +16,7 @@ Type=oneshot
ExecStart=/usr/share/expand-on-first-boot/expand-last-partition.sh
ExecStartPost=-/bin/systemctl disable expand-on-first-boot.service
ExecStopPost=-/bin/systemctl disable expand-on-first-boot.service
+PrivateTmp=true
[Install]
WantedBy=sysinit.target
--
2.45.2
service and private /tmp/<service>/tmp and /var/tmp/<service>/tmp
subdirectories are mounted, which are only used for processes of this
namespace. The service unit receives a mount unit dependency for all
mounts required to access /tmp and /var/tmp.
This ensures that the /tmp directory is writable for the service, as
mktemp is used in expand-last-partition.sh and creates a temporary file.
---
.../expand-on-first-boot/files/expand-on-first-boot.service | 1 +
1 file changed, 1 insertion(+)
diff --git a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
index 90c92a39..8e76998b 100644
--- a/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
+++ b/meta/recipes-support/expand-on-first-boot/files/expand-on-first-boot.service
@@ -16,6 +16,7 @@ Type=oneshot
ExecStart=/usr/share/expand-on-first-boot/expand-last-partition.sh
ExecStartPost=-/bin/systemctl disable expand-on-first-boot.service
ExecStopPost=-/bin/systemctl disable expand-on-first-boot.service
+PrivateTmp=true
[Install]
WantedBy=sysinit.target
--
2.45.2
Clara Kowalsky
Jul 25, 2024, 10:17:39 AM (3 days ago) Jul 25
to isar-...@googlegroups.com, quirin.g...@siemens.com, Clara Kowalsky
By setting PrivateTmp, a new file system namespace is created for this
service and private /tmp/<service>/tmp and /var/tmp/<service>/tmp
subdirectories are mounted, which are only used for processes of this
namespace. The service unit receives a mount unit dependency for all
mounts required to access /tmp and /var/tmp.
This ensures that the /tmp directory is writable for the service, as
mktemp is used in expand-last-partition.sh and creates a temporary file.
Signed-off-by: Clara Kowalsky <clara.k...@siemens.com>
service and private /tmp/<service>/tmp and /var/tmp/<service>/tmp
subdirectories are mounted, which are only used for processes of this
namespace. The service unit receives a mount unit dependency for all
mounts required to access /tmp and /var/tmp.
This ensures that the /tmp directory is writable for the service, as
mktemp is used in expand-last-partition.sh and creates a temporary file.
Reply all
Reply to author
Forward
0 new messages