Skip to content

Commit

Permalink
squish: BLS: only write /etc/kernel/cmdline if writable
Browse files Browse the repository at this point in the history 
On OSTree systems, `grub2-mkconfig` is run with `/etc` mounted read-only
because as part of the promise of transactional updates, we want to make
sure that we're not modifying the current deployment's state (`/etc` or
`/var`).

This conflicts with 0837dcd ("BLS: create /etc/kernel/cmdline during
mkconfig") which wants to write to `/etc/kernel/cmdline`. I'm not
exactly sure on the background there, but based on the comment I think
the intent is to fulfill grubby's expectation that the file exists.

However, in systems like Silverblue, kernel arguments are managed by the
rpm-ostree stack and grubby is not shipped at all.

Adjust the script slightly so that we only write `/etc/kernel/cmdline`
if the parent directory is writable.

In the future, we're hoping to simplify things further on rpm-ostree
systems by not running `grub2-mkconfig` at all since libostree already
directly writes BLS entries. Doing that would also have avoided this,
but ratcheting it into existing systems needs more careful thought.

Signed-off-by: Jonathan Lebon <jonathan@jlebon.com>

Fixes: fedora-silverblue/issue-tracker#322
  • Loading branch information
@jlebon @lsandov1
jlebon authored and lsandov1 committed Dec 22, 2023
1 parent fef649d commit 7e35de2
Showing 1 changed file with 7 additions and 6 deletions.
13 changes: 7 additions & 6 deletions util/grub.d/10_linux.in
View file
Original file line number Diff line number Diff line change
Expand Up @@ -163,12 +163,13 @@ update_bls_cmdline()
local cmdline="root=${LINUX_ROOT_DEVICE} ro ${GRUB_CMDLINE_LINUX} ${GRUB_CMDLINE_LINUX_DEFAULT}"
local -a files=($(get_sorted_bls))

if [[ ! -f /etc/kernel/cmdline ]] ||
[[ /etc/kernel/cmdline -ot /etc/default/grub ]]; then
# anaconda has the correct information to create this during install;
# afterward, grubby will take care of syncing on updates. If the user
# has modified /etc/default/grub, try to cope.
echo "$cmdline" > /etc/kernel/cmdline
if [ -w /etc/kernel ] &&
[[ ! -f /etc/kernel/cmdline ||
/etc/kernel/cmdline -ot /etc/default/grub ]]; then
# anaconda has the correct information to create this during install;
# afterward, grubby will take care of syncing on updates. If the user
# has modified /etc/default/grub, try to cope.
echo "$cmdline" > /etc/kernel/cmdline
fi

for bls in "${files[@]}"; do
Expand Down

0 comments on commit 7e35de2

Please sign in to comment.