On Tue, Mar 28, 2017 at 5:01 PM, Chris Murphy <li...@colorremedies.com> wrote:
> On Mon, Mar 27, 2017 at 1:27 PM, Mantas Mikulėnas <graw...@gmail.com> > wrote: > > On Mon, Mar 27, 2017 at 10:20 PM, Chris Murphy <li...@colorremedies.com> > > wrote: > >> > >> Ok so the dirty file system problem always happens with all pk offline > >> updates on Fedora using either ext4 or XFS with any layout; and it's > >> easy to reproduce. > >> > >> 1. Clean install any version of Fedora, defaults. > >> 2. Once Gnome Software gives notification of updates, Restart & Install > >> 3. System reboots, updates are applied, system reboots again. > >> 4. Now check the journal filtering for 'fsck' and you'll see it > >> replayed the journals; if using XFS check the filter for "XFS" and > >> you'll see the kernel did journal replace at mount time. > >> > >> Basically systemd is rebooting even though the remoun-ro fails > >> multiple times, due to plymouth running off root fs and being exempt > >> from being killed, and then reboots anyway, leaving the file system > >> dirty. So it seems like a flaw to me to allow an indefinite exemption > >> from killing a process that's holding a volume rw, preventing > >> remount-ro before reboot. > >> > >> So there's a risk that in other configurations this makes either ext4 > >> and XFS systems unbootable following an offline update. > > > > > > So on the one hand it's probably a Plymouth bug or misconfiguration (it > > shouldn't mark itself exempt unless it runs off an in-memory initramfs). > > OK. But does it even make sense to have a process exempt from killing, > when it's going to get killed by reboot? Seems to me once we're at > remount-ro or umount time, nothing is exempt, they need to be forcibly > killed, clean up the file system, and then reboot. > Processes are killed *before* the remount/unmount stage. The primary users of kill-exemption would therefore be daemons which *provide* access to the root filesystem, e.g. iscsid, rpc helper daemons, or even ntfs-3g. (Naturally these are expected to be running from the initramfs.) So the same applies to plymouth, IMO -- it should only mark itself exempt if it runs from the initramfs and knows that it won't interfere. (Unrelated, but I should also mention that systemd-shutdown has a "shutdown initramfs" feature, where it can jump *back* to the initramfs and let its "/shutdown" script do additional cleanup steps.) -- Mantas Mikulėnas <graw...@gmail.com>
_______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel