1469655 – firstboot scripts are not correctly installed in Fedora 26

Bug 1469655 - firstboot scripts are not correctly installed in Fedora 26

Summary: firstboot scripts are not correctly installed in Fedora 26

Keywords:
Status:	CLOSED UPSTREAM
Alias:	None
Product:	Virtualization Tools
Classification:	Community
Component:	libguestfs
Sub Component:
Version:	unspecified
Hardware:	Unspecified
OS:	Unspecified
Priority:	unspecified
Severity:	unspecified
Target Milestone:	---
Assignee:	Richard W.M. Jones
QA Contact:
Docs Contact:
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+	depends on / blocked

Reported:	2017-07-11 15:11 UTC by Richard W.M. Jones
Modified:	2017-07-18 12:17 UTC (History)
CC List:	2 users (show)
Fixed In Version:
Clone Of:
Environment:
Last Closed:	2017-07-18 12:17:34 UTC
Embargoed:
Dependent Products:

Attachments	(Terms of Use)

Links
System	ID	Private	Priority	Status	Summary	Last Updated
Github	https://github.com/systemd systemd issues 6334	0	None	None	None	2020-08-03 23:08:31 UTC

Description Richard W.M. Jones 2017-07-11 15:11:54 UTC

Description of problem:

$ virt-builder fedora-26 --firstboot-command 'echo hello world > /hello' --root-password password:123456
$ qemu-system-x86_64 -machine accel=kvm:tcg -cpu host -m 2048 -drive file=fedora-26.img,format=raw,if=virtio

The firstboot script does not run as can be verified by logging
in to the guest and listing the root directory.

When you look at the systemd status for the guestfs-firstboot
unit file it just says "bad" without any further explanation.

Version-Release number of selected component (if applicable):

systemd-233-6.fc26.x86_64
libguestfs-1.36.5-1.fc26.x86_64

How reproducible:

100%

Steps to Reproduce:
1. See above.

Comment 1 Richard W.M. Jones 2017-07-11 15:19:43 UTC

This turns out to be an SELinux labelling problem because I omitted
the --selinux-relabel flag.

However when I add that flag, the firstboot script still doesn't run.

Updated test case is:

$ virt-builder fedora-26 --firstboot-command 'echo hello world > /hello' --root-password password:123456 --selinux-relabel
$ qemu-system-x86_64 -machine accel=kvm:tcg -cpu host -m 2048 -drive file=fedora-26.img,format=raw,if=virtio

Comment 2 Richard W.M. Jones 2017-07-11 15:36:55 UTC

There is still a problem with the reproducer.  Apparently
SELinux prevents even root from writing to '/'. 

Nevertheless, with fedora-25 we see that the firstboot script works
because we see the script starting up (and then failing with AVCs)
in the logs.

$ virt-builder fedora-25 --firstboot-command 'echo hello world > /hello' --root-password password:123456 --selinux-relabel
$ qemu-system-x86_64 -machine accel=kvm:tcg -cpu host -m 2048 -drive file=fedora-25.img,format=raw,if=virtio &

Comment 3 Richard W.M. Jones 2017-07-16 20:38:48 UTC

So there are two problems here.

(1) Is a bug in systemd that stops default.target from running.

(2) Is that we probably shouldn't use default.target, but we
should use multi-user.target instead, for firstboot scripts.

Both explained by Lennart here:

https://lists.freedesktop.org/archives/systemd-devel/2017-July/039325.html

Comment 4 Richard W.M. Jones 2017-07-18 12:15:16 UTC

Patch series posted for item (2):

https://www.redhat.com/archives/libguestfs/2017-July/msg00132.html

Comment 5 Richard W.M. Jones 2017-07-18 12:17:34 UTC

Sorry I forgot this was pushed upstream:

https://github.com/libguestfs/libguestfs/commit/1286129fac87935da79e54d0ae88ae06e6f99cbb
https://github.com/libguestfs/libguestfs/commit/00c4c5c8f875f4ed252f420d7b77394c1db9751c
https://github.com/libguestfs/libguestfs/commit/db5e6bd22136d6d52b934c12dcad55324ad8090a
https://github.com/libguestfs/libguestfs/commit/0c98971040954bf6bce0f8a3c15e51ad97335a93

Note You need to log in before you can comment on or make changes to this bug.