-
-
Notifications
You must be signed in to change notification settings - Fork 3.6k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
core/mount: stop generating mount units for cred mounts #32805
base: main
Are you sure you want to change the base?
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Having hundreds of mount units is a pain, so this sounds like the best solution to me.
Important An -rc1 tag has been created and a release is being prepared, so please note that PRs introducing new features and APIs will be held back until the new version has been released. |
I have not reviewed this in detail, but the basic concept looks good to me. |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Me likes very much.
c9c5e21
to
722d59c
Compare
While @poettering wants to keep mount units for credential mounts, this has brought nothing but pain in real life. By generating mount units for each cred mount, we had trouble with default dependencies on them, which causes their stop jobs to race with unmounting through exec_context_destroy_credentials(). There were several attempts to workaround the problem, but none seems very graceful: systemd#26959, systemd#28787, systemd#28957, systemd#31360, systemd#32011. Also, we want to carry over credentials for services that survive soft-reboot to the new mount tree, and during the practice the stop of mount units are irritating. The mentioned problems are ultimately resolved by disabling default deps: systemd#32799. But after doing that, maybe the next question should be "why do we generate these mount units at all?" Let's revisit the whole concept here. First of all, the credential dirs are supposed to be opaque to users, and hence nobody should really reference to these mounts directly. Secondly, the lifetime of credentials is strictly bound to the service units, but nothing else. Moreover, as more and more users of credentials pop up, we could end up with hundreds of such mount units, which is something we handle poorly. And we emit useless UnitRemoved signals, etc... As discussed, it seems that eliminating these mount units is the correct way to go. No real use cases are impacted, and the lifetime management becomes sane again. Replaces systemd#32011
…voking umount command" This reverts commit 1e12256. This was an incomplete workaround of the race. Now that we stop generating mount units for credential mounts, the logic could be dropped.
722d59c
to
59614b7
Compare
Material for v257.