Bug 1469655

Summary: firstboot scripts are not correctly installed in Fedora 26
Product: [Community] Virtualization Tools Reporter: Richard W.M. Jones <rjones>
Component: libguestfsAssignee: Richard W.M. Jones <rjones>
Status: CLOSED UPSTREAM QA Contact:
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: unspecifiedCC: ptoscano, rbalakri
Target Milestone: ---   
Target Release: ---   
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2017-07-18 12:17:34 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Richard W.M. Jones 2017-07-11 15:11:54 UTC 
Description of problem:

$ virt-builder fedora-26 --firstboot-command 'echo hello world > /hello' --root-password password:123456
$ qemu-system-x86_64 -machine accel=kvm:tcg -cpu host -m 2048 -drive file=fedora-26.img,format=raw,if=virtio

The firstboot script does not run as can be verified by logging
in to the guest and listing the root directory.

When you look at the systemd status for the guestfs-firstboot
unit file it just says "bad" without any further explanation.

Version-Release number of selected component (if applicable):

systemd-233-6.fc26.x86_64
libguestfs-1.36.5-1.fc26.x86_64

How reproducible:

100%

Steps to Reproduce:
1. See above.
Comment 1 Richard W.M. Jones 2017-07-11 15:19:43 UTC 
This turns out to be an SELinux labelling problem because I omitted
the --selinux-relabel flag.

However when I add that flag, the firstboot script still doesn't run.

Updated test case is:

$ virt-builder fedora-26 --firstboot-command 'echo hello world > /hello' --root-password password:123456 --selinux-relabel
$ qemu-system-x86_64 -machine accel=kvm:tcg -cpu host -m 2048 -drive file=fedora-26.img,format=raw,if=virtio
Comment 2 Richard W.M. Jones 2017-07-11 15:36:55 UTC 
There is still a problem with the reproducer.  Apparently
SELinux prevents even root from writing to '/'. 

Nevertheless, with fedora-25 we see that the firstboot script works
because we see the script starting up (and then failing with AVCs)
in the logs.

$ virt-builder fedora-25 --firstboot-command 'echo hello world > /hello' --root-password password:123456 --selinux-relabel
$ qemu-system-x86_64 -machine accel=kvm:tcg -cpu host -m 2048 -drive file=fedora-25.img,format=raw,if=virtio &
Comment 3 Richard W.M. Jones 2017-07-16 20:38:48 UTC 
So there are two problems here.

(1) Is a bug in systemd that stops default.target from running.

(2) Is that we probably shouldn't use default.target, but we
should use multi-user.target instead, for firstboot scripts.

Both explained by Lennart here:

https://lists.freedesktop.org/archives/systemd-devel/2017-July/039325.html
Comment 4 Richard W.M. Jones 2017-07-18 12:15:16 UTC 
Patch series posted for item (2):

https://www.redhat.com/archives/libguestfs/2017-July/msg00132.html
Comment 5 Richard W.M. Jones 2017-07-18 12:17:34 UTC 
Sorry I forgot this was pushed upstream:

https://github.com/libguestfs/libguestfs/commit/1286129fac87935da79e54d0ae88ae06e6f99cbb
https://github.com/libguestfs/libguestfs/commit/00c4c5c8f875f4ed252f420d7b77394c1db9751c
https://github.com/libguestfs/libguestfs/commit/db5e6bd22136d6d52b934c12dcad55324ad8090a
https://github.com/libguestfs/libguestfs/commit/0c98971040954bf6bce0f8a3c15e51ad97335a93