Bug 1842737

Summary: systemctl isolate emergency.target mounts / as RW -- not RO (as does errors in /etc/fstab upon reboot)
Product: Red Hat Enterprise Linux 8 Reporter: Tracy Baker <tech>
Component: systemdAssignee: Michal Sekletar <msekleta>
Status: CLOSED WONTFIX QA Contact: Frantisek Sumsal <fsumsal>
Severity: unspecified Docs Contact:
Priority: unspecified    
Version: 8.0CC: dtardon, msekleta, systemd-maint-list
Target Milestone: rcKeywords: Triaged
Target Release: 8.0Flags: pm-rhel: mirror+
Hardware: Unspecified   
OS: Unspecified   
Whiteboard:
Fixed In Version: Doc Type: If docs needed, set a value
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2021-12-02 07:27:04 UTC Type: Bug
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
output from logging into emergency mode, showing that it is RW none

Description Tracy Baker 2020-06-02 01:52:02 UTC 
Created attachment 1694223 [details]
output from logging into emergency mode, showing that it is RW

emergency.target mounts the / file system as RW when it should be RO

-----

Tested on the following systems:

RHEL 8: uname -a : Linux workstation.lab.example.com 4.18.0-80.1.2.el8_0.x86_64 #1 SMP Sun Apr 28 09:21:22 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

CentOS 8 : uname -a : Linux client01 4.18.0-147.8.1.el8_1.x86_64 #1 SMP Thu Apr 9 13:49:54 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

RHEL 7: uname -a : Linux server1.example.com 3.10.0-123.el7.x86_64 #1 SMP Mon May 5 11:16:57 EDT 2014 x86_64 x86_64 x86_64 GNU/Linux

CentOS 7: uname -a : Linux server63.example.com 3.10.0-1127.8.2.el7.x86_64 #1 SMP Tue May 12 16:57:42 UTC 2020 x86_64 x86_64 x86_64 GNU/Linux

-----

easily reproducible

-----

Either:

A) 
1. Creating a deliberate error in /etc/fstab
2. reboot

-OR-

B)
1. systemctl isolate emergency.target

-----

The results are that the / file system is mounted read/write (RW) and not read-only (RO)

-----

NOTE: Adding systemd.unit=emergency.target to the boot loader works as expected - / mounted as RO
Comment 1 Michal Sekletar 2020-06-02 10:50:24 UTC 
This happens because during boot we ran started systemd-remount-fs.service which applied mount options from fstab to root mount and remounted it RW in the process. Later on something failed (different mount) and then systemd isolated emergency.target. However, isolating some target doesn’t undo effects of services that finished before that. Though we might want to make an exception in this specific case. I will ask upstream developers on their opinion.
Comment 2 Tracy Baker 2020-06-02 17:31:38 UTC 
Two things:

First, context: I am a Red Hat Academy instructor. The RH134 course content explicitly states that / will be mounted RO if /etc/fstab has a non existent device or UUID, nonexistent mount point, or incorrect mount point option.

If mounting / as RW is intended, and not a bug, then course content needs changing - and possibly other documentation as well. I understand that this may not be in the purview of Red Hat Bugzilla group.

---------

Second: if emergency.target is supposed to mount / as RO (as it does when systemd.unit=emergency.target does when added to the boot loader), shouldn't the systemctl isolate emergency.target command have the same effect?
Comment 3 Tracy Baker 2020-06-02 17:59:37 UTC 
Just to add to the documentation angle, there is this: "In emergency mode, the system mounts the root file system only for reading, does not attempt to mount any other local file systems..."

From here: https://access.redhat.com/documentation/en-us/red_hat_enterprise_linux/8/html/configuring_basic_system_settings/managing-services-with-systemd_configuring-basic-system-settings
Comment 6 RHEL Program Management 2021-12-02 07:27:04 UTC 
After evaluating this issue, there are no plans to address it further or fix it in an upcoming release.  Therefore, it is being closed.  If plans change such that this issue will be fixed in an upcoming release, then the bug can be reopened.