From 31b804f20d2265d9c8ec806665841688b3eecfbc Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Feb 2024 10:27:34 -0500 Subject: [PATCH 1/2] admin/state-overlay: Require root and don't lock sysroot Not required for anything in particular, but it's good to use the right flags here anyway. --- src/ostree/ot-admin-builtin-state-overlay.c | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/src/ostree/ot-admin-builtin-state-overlay.c b/src/ostree/ot-admin-builtin-state-overlay.c index edcd14f8c5..7bf386c4a1 100644 --- a/src/ostree/ot-admin-builtin-state-overlay.c +++ b/src/ostree/ot-admin-builtin-state-overlay.c @@ -243,8 +243,9 @@ ot_admin_builtin_state_overlay (int argc, char **argv, OstreeCommandInvocation * /* First parse the args without loading the sysroot to see what options are * set. */ if (!ostree_admin_option_context_parse (context, options, &argc, &argv, - OSTREE_ADMIN_BUILTIN_FLAG_NONE, invocation, &sysroot, - cancellable, error)) + OSTREE_ADMIN_BUILTIN_FLAG_SUPERUSER + | OSTREE_ADMIN_BUILTIN_FLAG_UNLOCKED, + invocation, &sysroot, cancellable, error)) return FALSE; if (argc < 3) From 15ec3399c2e7f23ad13a9a225893729c19dd729c Mon Sep 17 00:00:00 2001 From: Jonathan Lebon Date: Tue, 6 Feb 2024 14:42:32 -0500 Subject: [PATCH 2/2] generator: Restore graceful exit behaviour if `ostree` karg missing In CoreOS live environments, we do have `/run/ostree` but no `ostree=` karg; we hackily fool `ostree-prepare-root.service` by bind-mounting over `/proc/cmdline` so it does the right thing. Presumably, we should clean this up eventually, but even so we don't want to require PXE users to add an `ostree=` arg, so we need to tolerate this. So this assertion would fail there. Restore the behaviour prior to b9ce0e89 and re-add a more contemporary comment. Fixes b9ce0e89 ("generator: Exit if there's no `/run/ostree`"). --- src/libostree/ostree-impl-system-generator.c | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/src/libostree/ostree-impl-system-generator.c b/src/libostree/ostree-impl-system-generator.c index 1c4a5d106b..e51584cda8 100644 --- a/src/libostree/ostree-impl-system-generator.c +++ b/src/libostree/ostree-impl-system-generator.c @@ -260,9 +260,14 @@ _ostree_impl_system_generator (const char *normal_dir, const char *early_dir, co g_autofree char *cmdline = read_proc_cmdline (); if (!cmdline) return glnx_throw (error, "Failed to read /proc/cmdline"); + g_autofree char *ostree_cmdline = otcore_find_proc_cmdline_key (cmdline, "ostree"); - // SAFETY: If we have /run/ostree, then we must have the ostree= karg - g_assert (ostree_cmdline); + + /* This could happen in CoreOS live environments, where we hackily mock + * the `ostree=` karg for `ostree-prepare-root.service` specifically, but + * otherwise that karg doesn't exist on the real command-line. */ + if (!ostree_cmdline) + return TRUE; if (!require_internal_units (normal_dir, early_dir, late_dir, error)) return FALSE;