RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Bug 1867601 - RHCOS: Root filesystem is not immutable on s390x
Summary: RHCOS: Root filesystem is not immutable on s390x
Keywords:
Status: CLOSED ERRATA
Alias: None
Product: Red Hat Enterprise Linux 8
Classification: Red Hat
Component: ostree
Version: 8.2
Hardware: s390x
OS: Unspecified
unspecified
medium
Target Milestone: rc
: 8.3
Assignee: Colin Walters
QA Contact: atomic-bugs@redhat.com
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2020-08-10 13:04 UTC by Prashanth Sundararaman
Modified: 2020-11-04 03:12 UTC (History)
15 users (show)

Fixed In Version:
Doc Type: If docs needed, set a value
Doc Text:
Clone Of:
Environment:
Last Closed: 2020-11-04 03:10:21 UTC
Type: Bug
Target Upstream Version:
Embargoed:

Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Product Errata RHEA-2020:4706 0 None None None 2020-11-04 03:10:31 UTC

Description Prashanth Sundararaman 2020-08-10 13:04:24 UTC 
Noticed that for s390x, the rootfs is not immutable. Managed to get into the emergency shell after switch root and noticed that i can write files to / directory.

This was uncovered by kola test coreos.ignition.failure which fails with this issue and needs to be fixed for the RHCOS pipeline to run successfully.
Comment 1 Prashanth Sundararaman 2020-08-12 02:16:09 UTC 
After some more investigation it looks like the immutability is lost somewhere between the ignition-ostree-mount-sysroot and the ignition-ostree-mount-var phase . I just printed the output of "lsattr -d /sysroot" in ignition-ostree-mount-sysroot.sh and it is immutable (has the i flag set). I put a print in ignition-ostree-mount-var.sh and the immutability was not present. There is a OSTree Prepare phase in between, but I'm not sure if that could've caused it to be removed.
Comment 4 Prashanth Sundararaman 2020-08-12 21:42:32 UTC 
yup just did a quick test by putting an lsattr in ostree-prepare-root.service in the ExecStartPre and ExecStartPost section and looks like sysroot is mutable after ostree prepare executes

[   14.053634] sh[832]: ----i--------------- /sysroot
[   14.073740] ostree-prepare-root[834]: Resolved OSTree target to: /sysroot/ostree/deploy/rhcos/deploy/aad0d687b4542facdb60c44fe311fe5e9dfe7ef28c787726ccc120768b18c8e1.0
[   14.088788] sh[836]: -------------------- /sysroot


Need to investigate what ostree prepare does.
Comment 5 Colin Walters 2020-08-18 14:52:12 UTC 
To clarify, this is *only* s390x, not ppc64le/aarch64 right?
Comment 6 Prashanth Sundararaman 2020-08-18 14:56:04 UTC 
(In reply to Colin Walters from comment #5)
> To clarify, this is *only* s390x, not ppc64le/aarch64 right?

Correct. This is an issue on s390x only.
Comment 7 Colin Walters 2020-08-18 15:36:37 UTC 
> yup just did a quick test by putting an lsattr in ostree-prepare-root.service in the ExecStartPre and ExecStartPost section and looks like sysroot is mutable after ostree prepare executes

That is...very weird.  What does this print:

mkdir -p /var/tmp/testdir-{src,target}
chattr +i /var/tmp/testdir-src
mount --bind /var/tmp/testdir-{src,target}
lsattr -d /var/tmp/testdir-target
Comment 9 Prashanth Sundararaman 2020-08-18 16:34:59 UTC 
(In reply to Colin Walters from comment #7)
> > yup just did a quick test by putting an lsattr in ostree-prepare-root.service in the ExecStartPre and ExecStartPost section and looks like sysroot is mutable after ostree prepare executes
> 
> That is...very weird.  What does this print:
> 
> mkdir -p /var/tmp/testdir-{src,target}
> chattr +i /var/tmp/testdir-src
> mount --bind /var/tmp/testdir-{src,target}
> lsattr -d /var/tmp/testdir-target

[root@cosa-devsh core]# mkdir -p /var/tmp/testdir-{src,target}
[root@cosa-devsh core]# chattr +i /var/tmp/testdir-src
[root@cosa-devsh core]# mount --bind /var/tmp/testdir-{src,target}
[root@cosa-devsh core]# lsattr -d /var/tmp/testdir-target
----i--------------- /var/tmp/testdir-target
Comment 10 Prashanth Sundararaman 2020-08-19 21:17:18 UTC 
Ok. After some more printf and syscalls looks like the mount sytemcall which is used when the root mount point is moved is causing the immutability bit to be unset.

https://github.com/ostreedev/ostree/blob/master/src/switchroot/ostree-prepare-root.c#L364

Tried the same test on other arches and the immutability bit is preserved. It might be an issue with the mount system call on s390x.
Comment 11 Prashanth Sundararaman 2020-08-20 21:55:32 UTC 
still going down this rabbit hole..looks like the deploy root , i.e the /sysroot/ostree/deploy/rhcos/deploy/... directory does not have the immutability set and this is being mounted at sysroot.
Comment 12 Colin Walters 2020-08-21 16:53:38 UTC 
Is the immutable bit there on upgrade?

If you use e.g. libguestfs to inspect the image, do you see it there to start?

Hmm I wonder if this is an issue with `_ostree_linuxfs_fd_alter_immutable_flag()`.
I see that e2fsprogs is passing as an int:
https://github.com/tytso/e2fsprogs/blob/ae3a1d571beb1b86cedfee6652a327854499da3f/lib/e2p/setflags.c#L62

Ah yes and that might explain it, on LE architectures that's going to be fine, but a BE arch would see zeros.

IOW does this fix it?

diff --git a/src/libostree/ostree-linuxfsutil.c b/src/libostree/ostree-linuxfsutil.c
index 231ecf76..cd1f485c 100644
--- a/src/libostree/ostree-linuxfsutil.c
+++ b/src/libostree/ostree-linuxfsutil.c
@@ -55,7 +55,7 @@ _ostree_linuxfs_fd_alter_immutable_flag (int            fd,
   if (g_atomic_int_get (&no_alter_immutable))
     return TRUE;
 
-  unsigned long flags;
+  int flags;
   int r = ioctl (fd, EXT2_IOC_GETFLAGS, &flags);
   if (r == -1)
     {
Comment 13 Colin Walters 2020-08-21 17:00:35 UTC 
Added a test for this https://github.com/coreos/fedora-coreos-config/pull/573
Comment 14 Prashanth Sundararaman 2020-08-21 17:19:43 UTC 
(In reply to Colin Walters from comment #12)
> Is the immutable bit there on upgrade?
> 
> If you use e.g. libguestfs to inspect the image, do you see it there to
> start?
> 
> Hmm I wonder if this is an issue with
> `_ostree_linuxfs_fd_alter_immutable_flag()`.
> I see that e2fsprogs is passing as an int:
> https://github.com/tytso/e2fsprogs/blob/
> ae3a1d571beb1b86cedfee6652a327854499da3f/lib/e2p/setflags.c#L62
> 
> Ah yes and that might explain it, on LE architectures that's going to be
> fine, but a BE arch would see zeros.
> 
> IOW does this fix it?
> 
> diff --git a/src/libostree/ostree-linuxfsutil.c
> b/src/libostree/ostree-linuxfsutil.c
> index 231ecf76..cd1f485c 100644
> --- a/src/libostree/ostree-linuxfsutil.c
> +++ b/src/libostree/ostree-linuxfsutil.c
> @@ -55,7 +55,7 @@ _ostree_linuxfs_fd_alter_immutable_flag (int            fd,
>    if (g_atomic_int_get (&no_alter_immutable))
>      return TRUE;
>  
> -  unsigned long flags;
> +  int flags;
>    int r = ioctl (fd, EXT2_IOC_GETFLAGS, &flags);
>    if (r == -1)
>      {
The immutable bit was not there to begin with. I put an lsattr in create_disk.sh right after ostree deploy and it wasn't there. I will test the fix.Thanks!
Comment 15 Colin Walters 2020-08-21 17:42:21 UTC 
https://github.com/ostreedev/ostree/pull/2179
Comment 17 Prashanth Sundararaman 2020-08-21 22:28:56 UTC 
(In reply to Colin Walters from comment #15)
> https://github.com/ostreedev/ostree/pull/2179

the fix works. Thanks for looking into it !
Comment 21 Micah Abbott 2020-09-22 13:20:51 UTC 
@Pranshanth would you be able to confirm this BZ is fixed and mark it VERIFIED?
Comment 22 Andy McCrae 2020-09-22 14:37:37 UTC 
I have a new cluster up and can confirm:

[root@amccrae-ocp-h4zk8-master-0 ~]# lsattr -d /sysroot
----i--------------- /sysroot
[root@amccrae-ocp-h4zk8-master-0 ~]# uname -r
4.18.0-193.23.1.el8_2.s390x

Looks good!
Comment 23 Prashanth Sundararaman 2020-09-22 14:50:48 UTC 
FYI..the fix is verified but I can't change state to "VERIFIED"..as there seems to be no "VERIFIED" option...am i missing something...should i choose something else
Comment 24 Dan Horák 2020-09-22 15:00:58 UTC 
Hmm, me neither. I suppose only users in a "QE" group see this state, so someone from QE must set the VERIFIED state.
Comment 25 Micah Abbott 2020-09-22 16:06:56 UTC 
Marking verified per comment #22

Thanks everyone!
Comment 28 errata-xmlrpc 2020-11-04 03:10:21 UTC 
Since the problem described in this bug report should be
resolved in a recent advisory, it has been closed with a
resolution of ERRATA.

For information on the advisory (ostree bug fix and enhancement update), and where to find the updated
files, follow the link below.

If the solution does not work for you, open a new bug report.

https://access.redhat.com/errata/RHEA-2020:4706
Note You need to log in before you can comment on or make changes to this bug.