f226d6
From 865d74e9388dcc6ac6eff21a44e8229ffa8283e9 Mon Sep 17 00:00:00 2001
f226d6
From: =?UTF-8?q?Renaud=20M=C3=A9trich?= <rmetrich@redhat.com>
f226d6
Date: Thu, 13 Jan 2022 17:35:59 +0100
f226d6
Subject: [PATCH] fix(dracut-shutdown): add cleanup handler on failure
f226d6
f226d6
It may happen that dracut-shutdown.service fails, for example on timeout
f226d6
due to very low bandwidth.
f226d6
In such case, for hardening purposes, a new dracut-shutdown-onfailure.service
f226d6
unit doing dracut-shutdown.service cleanup needs to execute to make sure
f226d6
switching root to an incomplete initramfs won't occur later.
f226d6
f226d6
See also RHBZ #1924587 (https://bugzilla.redhat.com/show_bug.cgi?id=1924587).
f226d6
f226d6
(cherry picked from commit 7ab1d00227cad6f1b86ba01fdc766769faebb031)
f226d6
f226d6
Resolves: #2050556
f226d6
---
f226d6
 Makefile                                                    |  1 +
f226d6
 .../98dracut-systemd/dracut-shutdown-onfailure.service      | 13 +++++++++++++
f226d6
 modules.d/98dracut-systemd/dracut-shutdown.service          |  1 +
f226d6
 modules.d/98dracut-systemd/dracut-shutdown.service.8.asc    |  3 +++
f226d6
 pkgbuild/dracut.spec                                        |  1 +
f226d6
 5 files changed, 19 insertions(+)
f226d6
f226d6
diff --git a/Makefile b/Makefile
f226d6
index e7d69e10..1e1d093e 100644
f226d6
--- a/Makefile
f226d6
+++ b/Makefile
f226d6
@@ -168,6 +168,7 @@ ifneq ($(enable_documentation),no)
f226d6
 endif
f226d6
 	if [ -n "$(systemdsystemunitdir)" ]; then \
f226d6
 		mkdir -p $(DESTDIR)$(systemdsystemunitdir); \
f226d6
+		ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown-onfailure.service; \
f226d6
 		ln -srf $(DESTDIR)$(pkglibdir)/modules.d/98dracut-systemd/dracut-shutdown.service $(DESTDIR)$(systemdsystemunitdir)/dracut-shutdown.service; \
f226d6
 		mkdir -p $(DESTDIR)$(systemdsystemunitdir)/sysinit.target.wants; \
f226d6
 		ln -s ../dracut-shutdown.service \
f226d6
diff --git a/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service b/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service
f226d6
new file mode 100644
f226d6
index 00000000..96de58c5
f226d6
--- /dev/null
f226d6
+++ b/modules.d/98dracut-systemd/dracut-shutdown-onfailure.service
f226d6
@@ -0,0 +1,13 @@
f226d6
+#  This file is part of dracut.
f226d6
+#
f226d6
+# See dracut.bootup(7) for details
f226d6
+
f226d6
+[Unit]
f226d6
+Description=Service executing upon dracut-shutdown failure to perform cleanup
f226d6
+Documentation=man:dracut-shutdown.service(8)
f226d6
+DefaultDependencies=no
f226d6
+
f226d6
+[Service]
f226d6
+Type=oneshot
f226d6
+ExecStart=-/bin/rm /run/initramfs/shutdown
f226d6
+StandardError=null
f226d6
diff --git a/modules.d/98dracut-systemd/dracut-shutdown.service b/modules.d/98dracut-systemd/dracut-shutdown.service
f226d6
index 81043b2d..7c36f14f 100644
f226d6
--- a/modules.d/98dracut-systemd/dracut-shutdown.service
f226d6
+++ b/modules.d/98dracut-systemd/dracut-shutdown.service
f226d6
@@ -10,6 +10,7 @@ Wants=local-fs.target
f226d6
 Conflicts=shutdown.target umount.target
f226d6
 DefaultDependencies=no
f226d6
 ConditionPathExists=!/run/initramfs/bin/sh
f226d6
+OnFailure=dracut-shutdown-onfailure.service
f226d6
 
f226d6
 [Service]
f226d6
 RemainAfterExit=yes
f226d6
diff --git a/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc b/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
f226d6
index ba80b187..21ec88ca 100644
f226d6
--- a/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
f226d6
+++ b/modules.d/98dracut-systemd/dracut-shutdown.service.8.asc
f226d6
@@ -40,6 +40,9 @@ by injecting "rd.break=pre-shutdown rd.shell" or "rd.break=shutdown rd.shell".
f226d6
 # touch /run/initramfs/.need_shutdown
f226d6
 ----
f226d6
 
f226d6
+In case the unpack of the initramfs fails, dracut-shutdown-onfailure.service
f226d6
+executes to make sure switch root doesn't happen, since it would result in
f226d6
+switching to an incomplete initramfs.
f226d6
 
f226d6
 AUTHORS
f226d6
 -------
f226d6
diff --git a/pkgbuild/dracut.spec b/pkgbuild/dracut.spec
f226d6
index 04c61f90..d35bbe37 100644
f226d6
--- a/pkgbuild/dracut.spec
f226d6
+++ b/pkgbuild/dracut.spec
f226d6
@@ -414,6 +414,7 @@ echo 'dracut_rescue_image="yes"' > $RPM_BUILD_ROOT%{dracutlibdir}/dracut.conf.d/
f226d6
 %dir %{_sharedstatedir}/initramfs
f226d6
 %if %{defined _unitdir}
f226d6
 %{_unitdir}/dracut-shutdown.service
f226d6
+%{_unitdir}/dracut-shutdown-onfailure.service
f226d6
 %{_unitdir}/sysinit.target.wants/dracut-shutdown.service
f226d6
 %{_unitdir}/dracut-cmdline.service
f226d6
 %{_unitdir}/dracut-initqueue.service
f226d6