Bug 1924587
| Summary: | RFE: Harden the shutdown phase to avoid dropping into the emergency prompt | ||
|---|---|---|---|
| Product: | Red Hat Enterprise Linux 8 | Reporter: | Renaud Métrich <rmetrich> |
| Component: | dracut | Assignee: | Pavel Valena <pvalena> |
| Status: | CLOSED ERRATA | QA Contact: | Frantisek Sumsal <fsumsal> |
| Severity: | high | Docs Contact: | |
| Priority: | high | ||
| Version: | 8.3 | CC: | cbesson, chuhu, dracut-maint-list, dtardon, fkrska, fsumsal, lijgopin, md, myamazak, pskhedekar, pvalena |
| Target Milestone: | rc | Keywords: | FutureFeature, Reproducer, Triaged |
| Target Release: | 8.0 | ||
| Hardware: | All | ||
| OS: | Linux | ||
| Whiteboard: | |||
| Fixed In Version: | dracut-049-209.git20220815.el8 | Doc Type: | If docs needed, set a value |
| Doc Text: | Story Points: | --- | |
| Clone Of: | Environment: | ||
| Last Closed: | 2022-11-08 10:48:46 UTC | Type: | Bug |
| Regression: | --- | Mount Type: | --- |
| Documentation: | --- | CRM: | |
| Verified Versions: | Category: | --- | |
| oVirt Team: | --- | RHEL 7.3 requirements from Atomic Host: | |
| Cloudforms Team: | --- | Target Upstream Version: | |
| Embargoed: | |||
|
Description
Renaud Métrich
2021-02-03 09:18:28 UTC
Hardening can be easily implemented as shown below: 1. dracut-shutdown failure needs to be detected (exit 1 is not sufficient) and cleanup must be really done, specially on timeout This can be achieve by a new "dracut-shutdown-onfailure.service" unit that will cleanup some extracted files (/run/initramfs/shutdown is sufficient, as already done when cpio fails in the script): dracut-shutdown-onfailure.service: -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- [Unit] Description=Service executing upon dracut-shutdown failure to perform cleanup DefaultDependencies=no [Service] Type=oneshot ExecStart=/bin/sh -c '/bin/rm /run/initramfs/shutdown 2>/dev/null || true' -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- dracut-shutdown.service: -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- [Unit] OnFailure=dracut-shutdown-onfailure.service -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- 2. plymouth-switch-root-initramfs.service should have a After dependency on dracut-shutdown-onfailure.service to check for the new condition on "shutdown" script plymouth-switch-root-initramfs.service: -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- [Unit] After=dracut-shutdown-onfailure.service ConditionPathExists=/run/initramfs/shutdown -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< -------- The After=dracut-shutdown-onfailure.service is required to make sure the cleanup of the initramfs extraction is performed before attempting to switch root. With this in place, plymouth-switch-root-initramfs will *not* execute anymore if critical files in /run/initramfs are missing, indicating the initramfs extraction failed somehow. *** Bug 1631740 has been marked as a duplicate of this bug. *** See also BZ #1961659. See also BZ #2023665. *** Bug 1961659 has been marked as a duplicate of this bug. *** Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory (dracut bug fix and enhancement update), and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHBA-2022:7725 (In reply to Renaud Métrich from comment #1) > Hardening can be easily implemented as shown below: > > 1. dracut-shutdown failure needs to be detected (exit 1 is not sufficient) > and cleanup must be really done, specially on timeout > > This can be achieve by a new "dracut-shutdown-onfailure.service" unit that > will cleanup some extracted files (/run/initramfs/shutdown is sufficient, as > already done when cpio fails in the script): > > dracut-shutdown-onfailure.service: > -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< > -------- > [Unit] > Description=Service executing upon dracut-shutdown failure to perform > cleanup > DefaultDependencies=no > > [Service] > Type=oneshot > ExecStart=/bin/sh -c '/bin/rm /run/initramfs/shutdown 2>/dev/null || true' > -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< > -------- > > dracut-shutdown.service: > -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< > -------- > [Unit] > OnFailure=dracut-shutdown-onfailure.service > -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< > -------- > > 2. plymouth-switch-root-initramfs.service should have a After dependency on > dracut-shutdown-onfailure.service to check for the new condition on > "shutdown" script > > plymouth-switch-root-initramfs.service: > -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< > -------- > [Unit] > After=dracut-shutdown-onfailure.service > ConditionPathExists=/run/initramfs/shutdown > -------- 8< ---------------- 8< ---------------- 8< ---------------- 8< > -------- > > The After=dracut-shutdown-onfailure.service is required to make sure the > cleanup of the initramfs extraction is performed before attempting to switch > root. > > With this in place, plymouth-switch-root-initramfs will *not* execute > anymore if critical files in /run/initramfs are missing, indicating the > initramfs extraction failed somehow. Is this a fix for the issue with /shutdown: line 162: reboot: command not found? I have the same symptoms after upgrade of Fedora 39 to 40. |