Hi Lennart, On Mon, Sep 4, 2017 at 11:06 AM, Lennart Poettering <lenn...@poettering.net> wrote: > Hmm, mount.usr= should continue to be supported. It's documented in > the systemd-fstab-generator man page however, not in the > kernel-command-line one. We should fix that however, can you file a > bug?
I'll file a merge request for that this week. I guess this is not that urgent;-) >> The one pitfall I ran into is that I had to add a "usr" folder into >> the usr partition for systemd-volatile-root.service to work. The >> system boots well and seems to work nicely with this change. > > Uh, this shouldn't be necessary. Can you file a bug? I am really > surprised by this I must say... In my testing it didn't do that > either... src/volatile-root/volatile-root.c line 53: return log_error_errno(r, "/usr not available in old root: %m"); Rereading the documentation on systemd.volatile, that is also pretty much exactly what it says there: "[...] only /usr is mounted from the file system configured as root device, in read-only mode.". My assumption was that I can take a usr-partition as is (the one I used to use with mount.usr*) is wrong, I need to move things down one level. But I do understand why you implemented this as is: Your way allows to use any existing rootfs in a stateless setup without any special preparation (provided /usr is not in a separate partition:-) Once I get my setup rolling again, I plan to add dm-verity support to my setup. I am curious how that will like your "remount the usr folder from the already mounted root partition" approach. >> But then I discovered one strange problem: I can not ssh into the root >> account anymore! >> >> ssh -v shows that a connection is established, then ssh is checking >> for key files in /root/.ssh and does not find anything in there. Doing >> "ls -alF /root/.ssh" as root does list keys there. > > This is very strange... Did you check that the perms of eahc component > of the path to /root/.ssh/[keys] actually are the same in both cases? Nope, since I have no idea how to move into the mount namespace that sshd is running in. The journal just lists the attempts to access /root/.ssh/idrsa (and others), each followed by a line that the file is not found. These files are actually created on the tmpfs by a custom systemd-service in the initrd that just takes a file from the usr partition and extracts it onto /. This service is run before the root is moved over from the initrd to the real one. The whole setup works nicely when using mount.usr* instead of systemd.volatile, so I do not expect the files or their permissions to be wrong themselves. They do also have the expected permissions when checking them in the shell. Best Regards, Tobias _______________________________________________ systemd-devel mailing list systemd-devel@lists.freedesktop.org https://lists.freedesktop.org/mailman/listinfo/systemd-devel