From 1009cc1eb81bdfaaef2bf6c8967ea6c2d1736e43 Mon Sep 17 00:00:00 2001 From: Kai Lueke Date: Tue, 28 Nov 2023 11:42:09 +0100 Subject: [PATCH] flatcar-postinst: Ensure /etc/extensions is mergable In Beta 3760.1.0 the /etc/extensions/ folder gets created by "mkdir -p" because it does not exist in the lowerdir /usr/share/flatcar/etc/. This causes the opaque marker to be set by overlayfs. The update to Alpha thus does not merge the new /usr/share/flatcar/etc/extensions/ folder with its docker/containerd sysext symlinks. We should have had /etc/extensions/ in the lowerdir in Beta but didn't. Ensure that the created folders are mergable by removing the overlayfs marker. This is needed for existing installations and folders we expect to exist in the lowerdir but were missing so far. --- flatcar-postinst | 12 ++++++++++++ 1 file changed, 12 insertions(+) diff --git a/flatcar-postinst b/flatcar-postinst index 4e2ed63..eb7c02a 100644 --- a/flatcar-postinst +++ b/flatcar-postinst @@ -217,6 +217,18 @@ for NAME in $(grep -h -o '^[^#]*' /etc/flatcar/enabled-sysext.conf /usr/share/fl mv "/var/lib/update_engine/flatcar-${NAME}.raw" "/etc/flatcar/sysext/flatcar-${NAME}-${NEXT_VERSION}.raw" done +# A mkdir -p /etc/extensions was done for the OEM sysext symlink when the /etc overlay +# was already set up but we didn't ship /etc/extensions in the lowerdir. Since overlayfs +# creates any folders that don't exist in the lowerdir as opaque it means that when +# they appear later in the lowerdir through an update, the lowerdir folder is ignored. +# That happened in the update from, e.g., 3760.1.0 to 3794.0.0 to where /etc/extensions +# wasn't present in /usr/share/flatcar/etc/. +# To fix this, remove any opaque markers for this directory. Other common folders which +# we introduce later in the lowerdir could also be handled that way, e.g., /etc/cni/. +if mountpoint -q /etc; then + unshare -m sh -c "umount /etc && mkdir -p /etc/extensions && attr -R -r overlay.opaque /etc/extensions || true" +fi + # Keep old nodes on cgroup v1 if [[ "${BUILD_ID}" != "dev-"* ]]; then if [ "${VERSION_ID%%.*}" -lt 2956 ]; then