[Bug 875373] New: systemd-tmpfiles-setup.service runs before all filesystems are mounted
https://bugzilla.novell.com/show_bug.cgi?id=875373 https://bugzilla.novell.com/show_bug.cgi?id=875373#c0 Summary: systemd-tmpfiles-setup.service runs before all filesystems are mounted Classification: openSUSE Product: openSUSE Factory Version: 13.2 Milestone 0 Platform: Other OS/Version: openSUSE 13.2 Status: NEW Severity: Major Priority: P5 - None Component: Basesystem AssignedTo: systemd-maintainers@suse.de ReportedBy: suse-beta@cboltz.de QAContact: qa-bugs@suse.de Found By: Beta-Customer Blocker: --- - Factory, last updated yesterday - last known-working version: Factory from 2014-04-13 systemd-tmpfiles-setup.service runs before all filesystems are mounted. (Probably) since the change that makes /var/run a symlink to /run, the tmpdirs below /var/run can't be created on my system. Note: I have an encrypted /home partition, and /var is a symlink to /home/sys-var. This means /var becomes available after /home has been mounted. systemd-tmpfiles-setup.service should wait until _all_ filesystems are mounted. # systemctl status systemd-tmpfiles-setup.service systemd-tmpfiles-setup.service - Create Volatile Files and Directories Loaded: loaded (/usr/lib/systemd/system/systemd-tmpfiles-setup.service; static) Active: active (exited) since So 2014-04-27 11:44:45 CEST; 29min ago Docs: man:tmpfiles.d(5) man:systemd-tmpfiles(8) Process: 1491 ExecStart=/usr/bin/systemd-tmpfiles --create --remove --boot --exclude-prefix=/dev (code=exited, status=0/SUCCESS) Main PID: 1491 (code=exited, status=0/SUCCESS) CGroup: /system.slice/systemd-tmpfiles-setup.service Apr 27 11:44:45 geeko systemd-tmpfiles[1491]: Failed to create directory /var/run/samba: No such file or directory Apr 27 11:44:45 geeko systemd-tmpfiles[1491]: Failed to create directory /var/run/svnserve: No such file or directory [... and some more /var/run/* directories with similar error message ...] Apr 27 11:44:45 geeko systemd[1]: Started Create Volatile Files and Directories. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c1
Thomas Blume
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c2
--- Comment #2 from Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c3
--- Comment #3 from Christian Boltz
Partly agree ... IMHIO this service requires a split that is a [...]
Can we please change the order so that "mount all file systems" comes first (before creating the /var/run symlink)? (But: the /var/run symlink should never be deleted, therefore I wonder why it needs to be created ;-) BTW: This bug seems to be a race condition - today's boot worked without problems... -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c4
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c5
--- Comment #5 from Thomas Blume
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c6
Christian Boltz
Looks somehow broken ... Why are you redirecting
/var to /home/sys-var
instead of using a (re)bind mount or similar?
Counter-question - what's wrong with a symlink? ;-) Seriously: mounting /home in the initrd ("initrd" flag in /etc/crypttab) solves the problem. Nevertheless, I still think local-fs.target should include "all encrypted filesystems mounted". -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c7
Thomas Blume
Nevertheless, I still think local-fs.target should include "all encrypted filesystems mounted".
The problem is that already the mount of encrypted file systems requires the presence of (/var)/run. systemd-tmpfiles-setup.service creates amongst others the directory: /run/systemd/ask-password (see /usr/lib/tmpfiles.d/systemd.conf). This directory is used in turn by systemd password agents that ask for passwords of encrypted file systems (see details at http://www.freedesktop.org/wiki/Software/systemd/PasswordAgents/). So, you will have a cyclic dependency between the encrypted filesystem that provide /var/run (and the symlink to /run) and the password agent that needs /run, in order to get the password for mounting the file system. Interestingly it seems to work on your system as you apparently have no problem getting a password prompt for your /home. However, I guess this is because there is already a directory /run/systemd/ask-password before your /home gets mounted (this is also the case when mounting /home from within the initrd). Still, this is not really the way how things should be. You are welcome to provide any idea how to avoid such cyclic dependencies, but currently I don't see any possibility. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c8
Christian Boltz
Nevertheless, I still think local-fs.target should include "all encrypted filesystems mounted".
The problem is that already the mount of encrypted file systems requires the presence of (/var)/run.
Which one - /run or /var/run ? (I know that they are basically the same if the /var/run symlink is available, but it would still be interesting which one is used in the code. If /var is not available yet, there's a big difference between /run and /var/run ;-)
systemd-tmpfiles-setup.service creates amongst others the directory: /run/systemd/ask-password (see /usr/lib/tmpfiles.d/systemd.conf).
Directories in /run are not a problem - /run is part of my (not encrypted) / partition and therefore available from the beginning.
Interestingly it seems to work on your system as you apparently have no problem getting a password prompt for your /home.
As long as it only needs /run (and not /var/run), there's no problem.
You are welcome to provide any idea how to avoid such cyclic dependencies, but currently I don't see any possibility.
As I wrote in my initial comment, I only had problems with openvpn. I'd guess the problem is that openvpn a) uses /var/run (not just /run) and b) tries to start before my /home (which also contains /var/ and its subdirectories) is mounted for a), /usr/lib/tmpfiles.d/openvpn.conf confirms my guess: D /var/run/openvpn 0750 root root - I still think the solution is to redefine local-fs.target to "all filesystems (including encrypted ones) are mounted". Asking for the password of encrypted partition(s) should happen after all non-encrypted partitions are mounted (in theory "/ and the /run tmpfs are mounted" should already be enough), and local-fs.target should wait for the encrypted partitions. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c9
Dr. Werner Fink
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c10
--- Comment #10 from Thomas Blume
Which one - /run or /var/run ?
It is /run.
Directories in /run are not a problem - /run is part of my (not encrypted) / partition and therefore available from the beginning.
Ok, this explains why it works on your machine. But what happens if /run is not part of /? Your comment already includes a cyclic dependency:
Asking for the password of encrypted partition(s) should happen after all non-encrypted partitions are mounted
So, cryptsetup.target needs to wait for local-fs.target.
and local-fs.target should wait for the encrypted partitions.
So, local-fs.target needs to wait for cryptsetup.target. This cycle could IMHO only be solved by an additional target that depends on both local-fs.target and cryptsetup.target. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
https://bugzilla.novell.com/show_bug.cgi?id=875373
https://bugzilla.novell.com/show_bug.cgi?id=875373#c11
Christian Boltz
Directories in /run are not a problem - /run is part of my (not encrypted) / partition and therefore available from the beginning.
Ok, this explains why it works on your machine. But what happens if /run is not part of /?
/run is never part of / - it's a tmpfs (IIRC since some releases) and therefore always available.
Your comment already includes a cyclic dependency: [...] This cycle could IMHO only be solved by an additional target that depends on both local-fs.target and cryptsetup.target.
Basically yes - something like a all-filesystems.target. In practise, the better way would probably be: - rename local-fs.target to local-fs-unencrypted.target - create a new local-fs.target that includes local-fs-unencrypted.target and cryptsetup.target This way would have the advantage that all the units that depend on local-fs.target are "automagically" fixed. -- Configure bugmail: https://bugzilla.novell.com/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are on the CC list for the bug.
http://bugzilla.novell.com/show_bug.cgi?id=875373
http://bugzilla.novell.com/show_bug.cgi?id=875373#c12
Thomas Blume
participants (1)
-
bugzilla_noreply@novell.com