fstab-generator: optional read addtional fstab lines from credentials

Fixes: #27260
2024-11-27 20:23:36 +08:00 · 2023-06-23 21:51:12 +02:00 · 2023-06-23 21:51:12 +02:00 · 6ac62485cf
commit 6ac62485cf
parent 4a262d5677
3 changed files with 63 additions and 0 deletions
--- a/man/systemd-fstab-generator.xml
+++ b/man/systemd-fstab-generator.xml
@ -269,6 +269,21 @@ systemd.swap=/dev/sda2:x-systemd.makefs</programlisting>
    </variablelist>
  </refsect1>

+  <refsect1>
+    <title>System Credentials</title>
+
+    <variablelist class='system-credentials'>
+      <varlistentry>
+        <term><varname>fstab.extra</varname></term>
+
+        <listitem><para>This credential may contain addition mounts to establish, in the same format as
+        <citerefentry
+        project='man-pages'><refentrytitle>fstab</refentrytitle><manvolnum>5</manvolnum></citerefentry>, with
+        one mount per line. It is read in addition to <filename>/etc/fstab</filename>.</para></listitem>
+      </varlistentry>
+    </variablelist>
+  </refsect1>
+
  <refsect1>
    <title>See Also</title>
    <para>
--- a/man/systemd.system-credentials.xml
+++ b/man/systemd.system-credentials.xml
@ -186,6 +186,15 @@
        </listitem>
      </varlistentry>

+      <varlistentry>
+        <term><varname>fstab.extra</varname></term>
+
+        <listitem>
+          <para>Additional mounts to establish at boot. For details, see
+          <citerefentry><refentrytitle>systemd-fstab-generator</refentrytitle><manvolnum>8</manvolnum></citerefentry>.</para>
+        </listitem>
+      </varlistentry>
+
      <varlistentry>
        <term><varname>vconsole.keymap</varname></term>
        <term><varname>vconsole.keymap_toggle</varname></term>
--- a/src/fstab-generator/fstab-generator.c
+++ b/src/fstab-generator/fstab-generator.c
@ -8,6 +8,7 @@
 #include "bus-error.h"
 #include "bus-locator.h"
 #include "chase.h"
+#include "creds-util.h"
 #include "efi-loader.h"
 #include "env-util.h"
 #include "fd-util.h"
@ -1281,6 +1282,40 @@ static int add_mounts_from_cmdline(void) {
        return ret;
 }

+static int add_mounts_from_creds(void) {
+        _cleanup_free_ void *b = NULL;
+        struct mntent *me;
+        int r, ret = 0;
+        size_t bs;
+
+        r = read_credential_with_decryption(
+                        in_initrd() ? "fstab.extra.initrd" : "fstab.extra",
+                        &b, &bs);
+        if (r <= 0)
+                return r;
+
+        _cleanup_fclose_ FILE *f = NULL;
+        f = fmemopen_unlocked(b, bs, "r");
+        if (!f)
+                return log_oom();
+
+        while ((me = getmntent(f))) {
+                r = parse_fstab_one(
+                                "/run/credentials",
+                                me->mnt_fsname,
+                                me->mnt_dir,
+                                me->mnt_type,
+                                me->mnt_opts,
+                                me->mnt_passno,
+                                /* initrd = */ false,
+                                /* use_swap_enabled = */ true);
+                if (r < 0 && ret >= 0)
+                        ret = r;
+        }
+
+        return ret;
+}
+
 static int parse_proc_cmdline_item(const char *key, const char *value, void *data) {
        int r;

@ -1513,6 +1548,10 @@ static int run_generator(void) {
        if (r < 0 && ret >= 0)
                ret = r;

+        r = add_mounts_from_creds();
+        if (r < 0 && ret >= 0)
+                ret = r;
+
        return ret;
 }