Re: [cip-dev] [isar-cip-core][PATCH 1/3] Removed "ro" option from read-only-rootfs's fstab.

[Jan Kiszka <jan.kiszka@siemens.com>]

On 21.02.25 13:31, Heinisch, Alexander (FT RPD CED SES-AT) wrote:
>> From: cip-dev@lists.cip-project.org <cip-dev@lists.cip-project.org> On Behalf Of Heinisch, Alexander via lists.cip-project.org
>> Sent: Montag, 17. Februar 2025 11:00
>> To: cip-dev@lists.cip-project.org
>> Cc: Kiszka, Jan (FT RPD CED) <jan.kiszka@siemens.com>; Gylstorff, Quirin (FT RPD CED OES-DE) <quirin.gylstorff@siemens.com>; Heinisch, Alexander (FT RPD CED SES-AT) <alexander.heinisch@siemens.com>
>> Subject: [cip-dev] [isar-cip-core][PATCH 1/3] Removed "ro" option from read-only-rootfs's fstab.
>>
>> From: Alexander Heinisch <alexander.heinisch@siemens.com>
>>
>> Since we only support erofs and squashfs this option is not needed any more. Further, it causes potential overlay rootfs variants to be remounted read-only.
>>
>> Signed-off-by: Alexander Heinisch <alexander.heinisch@siemens.com>
>> ---
>>  classes/read-only-rootfs.bbclass | 2 +-
>>  1 file changed, 1 insertion(+), 1 deletion(-)
>>
>> diff --git a/classes/read-only-rootfs.bbclass b/classes/read-only-rootfs.bbclass
>> index 35a3ab3..83ddc33 100644
>> --- a/classes/read-only-rootfs.bbclass
>> +++ b/classes/read-only-rootfs.bbclass
>> @@ -41,7 +41,7 @@ SQUASHFS_EXCLUDE_DIRS = "${RO_ROOTFS_EXCLUDE_DIRS}"
>>  image_configure_fstab() {
>>      sudo tee '${IMAGE_ROOTFS}/etc/fstab' << EOF  # Begin /etc/fstab
>> -/dev/root	/		auto		defaults,ro			0	0
>> +/dev/root	/		auto		defaults			0	0
>>  LABEL=var	/var		auto		defaults			0	0
>>  proc		/proc		proc		nosuid,noexec,nodev		0	0
>>  sysfs		/sys		sysfs		nosuid,noexec,nodev		0	0
>> --
>> 2.39.5
> 
> We observed `systemd-remount-fs` failing in a downstream layer.
> (using a ro squashfs and apply full disk encryption on top)
> Although, the service is executed in isar-cip-core as well, upstream,
> the service can be executed successfully.
> 
> In essence what happens is that, the `systemd-remount-fs`
> remounts various mountpoints based on their settings in
> `/etc/fstab`
> 
> ```
> root@device-mgmt:~# cat /etc/fstab
> # Begin /etc/fstab
> /dev/root	/		auto		defaults			0	0
> LABEL=var	/var		auto		defaults			0	0
> proc		/proc		proc		nosuid,noexec,nodev		0	0
> sysfs		/sys		sysfs		nosuid,noexec,nodev		0	0
> devpts		/dev/pts	devpts		gid=5,mode=620			0	0
> tmpfs		/run		tmpfs		nodev,nosuid,size=500M,mode=755	0	0
> devtmpfs	/dev		devtmpfs	mode=0755,nosuid		0	0
> # End /etc/fstab
> ```
> 
> Since `defaults` in fstab renders to: `rw,suid,dev,exec,auto,nouser,async`
> the service fails trying to remount the `squashfs` as `rw` as shown below:
> 
> ```
> root@device-mgmt:~# systemctl status systemd-remount-fs
> × systemd-remount-fs.service - Remount Root and Kernel File Systems
>      Loaded: loaded (/lib/systemd/system/systemd-remount-fs.service; enabled-ru>
>      Active: failed (Result: exit-code) since Fri 2025-02-21 08:55:39 UTC; 5min>
>        Docs: man:systemd-remount-fs.service(8)
>              https://www.freedesktop.org/wiki/Software/systemd/APIFileSystems
>     Process: 7530 ExecStart=/lib/systemd/systemd-remount-fs (code=exited, statu>
>    Main PID: 7530 (code=exited, status=1/FAILURE)
>         CPU: 15ms
> ```
> 
> ```
> root@device-mgmt:~# journalctl --no-pager -u systemd-remount-fs
> Feb 21 08:55:39 device-mgmt.local systemd[1]: Starting systemd-remount-fs.service - Remount Root and Kernel File Systems...
> Feb 21 08:55:39 device-mgmt.local systemd-remount-fs[7531]: mount: /: cannot remount /dev/root read-write, is write-protected.
> Feb 21 08:55:39 device-mgmt.local systemd-remount-fs[7531]:        dmesg(1) may have more information after failed mount system call.
> Feb 21 08:55:39 device-mgmt.local systemd-remount-fs[7530]: /bin/mount for / exited with exit status 32.
> Feb 21 08:55:39 device-mgmt.local systemd[1]: systemd-remount-fs.service: Main process exited, code=exited, status=1/FAILURE
> Feb 21 08:55:39 device-mgmt.local systemd[1]: systemd-remount-fs.service: Failed with result 'exit-code'.
> Feb 21 08:55:39 device-mgmt.local systemd[1]: Failed to start systemd-remount-fs.service - Remount Root and Kernel File Systems.
> ```
> 
> The rootfs is mounted as follows:
> 
> ```
> root@device-mgmt:~# mount | grep " / "
> /dev/mapper/verityroot on / type squashfs (ro,relatime,errors=continue)
> ```
> 
> I understand why this happens on our system, but could not clarify why it does 
> not happen upstream! So any idea, welcome!
> 

The same issue happens in upstream: secure boot on, data partition
encrypted, remount-fs fails. Which makes me wonder if our boot tests
should check for failing system services...

> Nevertheless, after rethinking this patch. Maybe it was advisible to not use
> `default` here and either use a options like `suid,dev,exec,auto,nouser,async`
> or drop the line for `/dev/root` at all, keeping the mounts as they were setup
> in the initramfs.
> 
> Any opinions, recommendations, hints, ...?
> 

According to the man pages, a left-out rw/ro means that mount will first
try rw and then, if it fails, ro. That would give us the desired
flexibility. Hard-coding the other values of "defaults" is the downside.

On the other hand, what would be the mount options that the initramfs
will use? We do not have direct control over them as well, do we?

Quirin, other reasons why we want / in our fstab?

Another option: "ro" a parameter of read-only-rootfs.bbclass so that
your scenario can override the default.

Jan

-- 
Siemens AG, Foundational Technologies
Linux Expert Center