Add dracut sub-package overlayfs. (#7432) (#7587)

Co-authored-by: lanzeliu <lanzeliu@microsoft.com>
2024-01-31 17:22:37 -08:00 · 2024-01-31 17:22:37 -08:00 · 880718f0f4
parent 66555b6e24
commit 880718f0f4
4 changed files with 169 additions and 2 deletions
--- a/SPECS/dracut/20overlayfs/module-setup.sh
+++ b/SPECS/dracut/20overlayfs/module-setup.sh
@ -0,0 +1,18 @@
+#!/bin/bash
+
+check() {
+    return 0
+}
+
+depends() {
+    echo base
+}
+
+# Install Overlay driver.
+installkernel() {
+    instmods overlay
+}
+
+install() {
+    inst_hook pre-pivot 10 "$moddir/overlayfs-mount.sh"
+}
--- a/SPECS/dracut/20overlayfs/overlayfs-mount.sh
+++ b/SPECS/dracut/20overlayfs/overlayfs-mount.sh
@ -0,0 +1,127 @@
+#!/bin/sh
+
+# Description: This script is designed to mount a DM-Verity root filesystem and
+# set up an OverlayFS. It is driven by kernel parameters and is invoked during
+# the dracut initramfs phase.
+
+# Kernel Parameters:
+# - root: Specifies the path to the root filesystem. This script is designed to
+#   support both DM-Verity protected devices and general filesystems. When a
+#   DM-Verity protected device is detected (typically '/dev/mapper/root' for
+#   systemd), the script performs steps specific to Verity. For non-DM-Verity
+#   setups, the script will proceed with the standard OverlayFS setup, ensuring
+#   versatility in its application.
+# - rd.overlayfs: A comma-separated list defining the OverlayFS configuration.
+#   Each entry should specify the overlay, upper, and work directories for an
+#   OverlayFS instance.
+# - rd.overlayfs_persistent_volume: Specifies the path to a persistent storage
+#   volume to be used by OverlayFS. If not provided, a volatile (tmpfs) overlay
+#   is created.
+
+# Behavior:
+# - Verifies the presence of the 'dracut-lib' for necessary utilities.
+# - Mounts the DM-Verity root filesystem as read-only at a predefined mount
+#   point.
+# - Sets up the OverlayFS based on the provided kernel parameters. If a
+#   persistent volume is specified, it's used as the upper layer for the
+#   OverlayFS; otherwise, a volatile overlay is created.
+# - Mounts the OverlayFS on top of the root filesystem, merging the read-only
+#   root with the writable overlay, allowing system modifications without
+#   altering the base system.
+
+set -ex
+
+parse_cmdline_args() {
+    # Ensure that the 'dracut-lib' is present and loaded.
+    type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
+
+    VERITY_MOUNT="/mnt/verity_mnt_$$"
+    OVERLAY_MOUNT="/mnt/overlay_mnt_$$"
+    OVERLAY_MNT_OPTS="rw,nodev,nosuid,nouser,noexec"
+
+    # Retrieve the verity root. It is expected to be predefined by the dracut cmdline module.
+    [ -z "$root" ] && root=$(getarg root=)
+    # Check if we're in a dm-verity environment and the root variable matches
+    # the expected path. The path "/dev/mapper/root" is hardcoded here because
+    # it is a fixed target name generated by systemd-veritysetup. The name of
+    # this dm-verity target is determined by systemd and cannot be changed,
+    # hence the explicit check against this specific path.
+    if [[ "$root" == *"/dev/mapper/root"* ]]; then
+        is_verity=true
+    else
+        is_verity=false
+    fi
+
+    # Retrieve the OverlayFS parameters.
+    [ -z "${overlayfs}" ] && overlayfs=$(getarg rd.overlayfs=)
+    # Retrieve the persistent volume for the OverlayFS.
+    [ -z "${overlayfs_persistent_volume}" ] && overlayfs_persistent_volume=$(getarg rd.overlayfs_persistent_volume=)
+}
+
+# Modified function to mount the physical partition
+mount_physical_partition() {
+    mkdir -p "${OVERLAY_MOUNT}"
+    # Leverage the partition from cmdline
+    local partition="${overlayfs_persistent_volume}"
+
+    if [ -z "${partition}" ]; then
+        # Fallback to volatile overlay if no persistent volume is specified
+        echo "No overlayfs persistent volume specified. Creating a volatile overlay."
+        mount -t tmpfs tmpfs -o ${OVERLAY_MNT_OPTS} "${OVERLAY_MOUNT}" || \
+            die "Failed to create overlay tmpfs at ${OVERLAY_MOUNT}"
+    else
+        # Check if /etc/mdadm.conf exists.
+        if [ -f "/etc/mdadm.conf" ]; then
+            mdadm --assemble ${partition} || \
+                die "Failed to assemble RAID volume."
+        fi
+
+        # Mount the specified persistent volume
+        mount "${partition}" "${OVERLAY_MOUNT}" || \
+            die "Failed to mount ${partition} at ${OVERLAY_MOUNT}"
+    fi
+}
+
+create_overlay() {
+    local _dir=$1
+    local _mounted_dir="${VERITY_MOUNT}/${_dir}"
+    local _upper=$2
+    local _work=$3
+
+    [ -d "$_mounted_dir" ] || die "Unable to create overlay as $_dir does not exist"
+
+    mkdir -p "${_upper}" && \
+    mkdir -p "${_work}" && \
+    mount -t overlay overlay -o ro,lowerdir="${_mounted_dir}",upperdir="${_upper}",workdir="${_work}" "${_mounted_dir}" || \
+        die "Failed to mount overlay in ${_mounted_dir}"
+}
+
+mount_root() {
+    if [ "$is_verity" = true ]; then
+        echo "Mounting DM-Verity Target"
+        mkdir -p "${VERITY_MOUNT}"
+        mount -o ro,defaults "/dev/mapper/root" "${VERITY_MOUNT}" || \
+            die "Failed to mount dm-verity root target"
+    else
+        echo "Mounting regular root"
+        mkdir -p "${VERITY_MOUNT}"
+        mount -o ro,defaults "$root" "${VERITY_MOUNT}" || \
+            die "Failed to mount root"
+    fi
+
+    mount_physical_partition
+
+    echo "Starting to create OverlayFS"
+    for _group in ${overlayfs}; do
+        IFS=',' read -r overlay upper work <<< "$_group"
+        echo "Creating OverlayFS with overlay: $overlay, upper: ${OVERLAY_MOUNT}/${upper}, work: ${OVERLAY_MOUNT}/${work}"
+        create_overlay "$overlay" "${OVERLAY_MOUNT}/${upper}" "${OVERLAY_MOUNT}/${work}"
+    done
+
+    echo "Done Verity Root Mounting and OverlayFS Mounting"
+    # Re-mount the verity mount along with overlayfs to the sysroot.
+    mount --rbind "${VERITY_MOUNT}" "${NEWROOT}"
+}
+
+parse_cmdline_args
+mount_root
--- a/SPECS/dracut/dracut.signatures.json
+++ b/SPECS/dracut/dracut.signatures.json
@ -3,6 +3,8 @@
  "dracut-055.tar.xz": "4baa08206cceeb124dbf1075a0daf774b5a8f144ce2e01d82a144af3020fd65b",
  "lgpl-2.1.txt": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551",
  "megaraid.conf": "914824cdbe0c525b71efa05a75e453335b0068beb8bc28bef2a5866d74bf7dd4",
-  "mkinitrd": "32a0e19de954a356a0f1903a1f75d3266493b55d71b0eeab6bd07b585e955dcf"
+  "mkinitrd": "32a0e19de954a356a0f1903a1f75d3266493b55d71b0eeab6bd07b585e955dcf",
+  "module-setup.sh": "330af5c105793fb37434730ce0ff59467a9cc60a81a5e32193dc53235e9744c1",
+  "overlayfs-mount.sh": "63552c4115b5c37ed04c5311367301483e2dfe1091dc5717b2bd22d9cdda044b"
 }
 }
--- a/SPECS/dracut/dracut.spec
+++ b/SPECS/dracut/dracut.spec
@ -4,7 +4,7 @@
 Summary:        dracut to create initramfs
 Name:           dracut
 Version:        055
-Release:        6%{?dist}
+Release:        7%{?dist}
 # The entire source code is GPLv2+
 # except install/* which is LGPLv2+
 License:        GPLv2+ AND LGPLv2+
@ -16,6 +16,8 @@ Source0:        http://www.kernel.org/pub/linux/utils/boot/dracut/%{name}-%{vers
 Source1:        https://www.gnu.org/licenses/lgpl-2.1.txt
 Source2:        mkinitrd
 Source3:        megaraid.conf
+Source4:        20overlayfs/module-setup.sh
+Source5:        20overlayfs/overlayfs-mount.sh
 Patch0:         disable-xattr.patch
 Patch1:         fix-initrd-naming-for-mariner.patch
 Patch2:         fix-functions-Avoid-calling-grep-with-PCRE-P.patch
@ -73,6 +75,13 @@ Requires:       %{name} = %{version}-%{release}
 %description tools
 This package contains tools to assemble the local initrd and host configuration.

+%package overlayfs
+Summary:        dracut module to build a dracut initramfs with OverlayFS support
+Requires:       %{name} = %{version}-%{release}
+
+%description overlayfs
+This package contains dracut module needed to build an initramfs with OverlayFS support.
+
 %prep
 %autosetup -p1
 cp %{SOURCE1} .
@ -120,6 +129,10 @@ install -m 0755 %{SOURCE2} %{buildroot}%{_bindir}/mkinitrd

 install -m 0644 %{SOURCE3} %{buildroot}%{_sysconfdir}/dracut.conf.d/50-megaraid.conf

+mkdir -p %{buildroot}%{_libdir}/dracut/modules.d/20overlayfs/
+install -p -m 0755 %{SOURCE4} %{buildroot}%{_libdir}/dracut/modules.d/20overlayfs/
+install -p -m 0755 %{SOURCE5} %{buildroot}%{_libdir}/dracut/modules.d/20overlayfs/
+
 # create compat symlink
 mkdir -p %{buildroot}%{_sbindir}
 ln -sr %{buildroot}%{_bindir}/dracut %{buildroot}%{_sbindir}/dracut
@ -187,12 +200,19 @@ ln -sr %{buildroot}%{_bindir}/dracut %{buildroot}%{_sbindir}/dracut
 %files tools
 %defattr(-,root,root,0755)

+%files overlayfs
+%dir %{_libdir}/dracut/modules.d/20overlayfs
+%{_libdir}/dracut/modules.d/20overlayfs/*
+
 %{_bindir}/dracut-catimages
 %dir /boot/dracut
 %dir %{_sharedstatedir}/dracut
 %dir %{_sharedstatedir}/dracut/overlay

 %changelog
+* Mon Jan 29 2024 Lanze Liu <lanzeliu@microsoft.com> - 055-7
+- Add overlayfs sub-package.
+
 * Wed Jan 24 2024 George Mileka <gmileka@microsoft.com> - 055-6
 - Add an option to supress user confirmation prompt for ram overlays.