Optimizing OverlayFS module with new IFS separator and new supported mode. (#10321)

Authored-by: lanzeliu <lanzeliu@microsoft.com>

SPECS/dracut/20overlayfs/overlayfs-mount.sh

@@ -2,9 +2,9 @@
 # Copyright (c) Microsoft Corporation.
 # Licensed under the MIT License.
 
-# Description: This script is designed to mount a DM-Verity root filesystem and
-# set up OverlayFS. It is driven by kernel parameters and is invoked during the
-# dracut initramfs phase.
+# Description: This script is designed to set up OverlayFS. It also works with
+# DM-Verity environment. It is driven by kernel parameters and is invoked during
+# the dracut initramfs phase.
 
 # Kernel Parameters:
 # - root: Specifies the path to the root filesystem. This script is designed to
@@ -14,29 +14,28 @@
 #   setups, the script will proceed with the standard OverlayFS setup, ensuring
 #   versatility in its application.
 # - rd.overlayfs: A comma-separated list defining the OverlayFS configuration.
-#   Each entry should specify the overlay, upper, work directories, and optional
-#   volume for an OverlayFS instance.
+#   Each entry should specify the lower, upper, work directories, optional
+#   volume, and optional mount mode for an OverlayFS instance.
 
 # Behavior:
 # - Verifies the presence of the 'dracut-lib' for necessary utilities.
 # - Mounts the DM-Verity root filesystem as read-only at a predefined mount
-#   point.
+#   point or mount the root device at a predefined mount point.
 # - Sets up the OverlayFS based on the provided kernel parameters. If a
 #   persistent volume is specified, it's used as the upper layer for the
 #   OverlayFS; otherwise, a volatile overlay is created.
-# - Mounts the OverlayFS on top of the root filesystem, merging the read-only
-#   root with the writable overlay, allowing system modifications without
-#   altering the base system.
+# - Mounts the OverlayFS on top of the root filesystem, merging the root with
+#   the writable overlay, allowing system modifications without altering the
+#   base system.
 
 parse_kernel_cmdline_args() {
     # Ensure that the 'dracut-lib' is present and loaded.
-    type getarg >/dev/null 2>&1 || . /lib/dracut-lib.sh
+    type getarg > /dev/null 2>&1 || . /lib/dracut-lib.sh
 
-    VERITY_MOUNT="/mnt/verity_mnt"
+    ROOT_VERITY_MOUNTPOINT="/mnt/root_verity_mnt"
     OVERLAY_MOUNT="/mnt/overlay_mnt"
-    OVERLAY_MNT_OPTS="rw,nodev,nosuid,nouser,noexec"
 
-    # Retrieve the verity root. It is expected to be predefined by the dracut cmdline module.
+    # Retrieve the root device.
     [ -z "$root" ] && root=$(getarg root=)
     # Check if we're in a dm-verity environment and the root variable matches
     # the expected path. The path "/dev/mapper/root" is hardcoded here because
@@ -63,7 +62,7 @@ mount_volatile_persistent_volume() {
     if [[ "${_volume}" == "volatile" ]]; then
         # Fallback to volatile overlay if no persistent volume is specified.
         echo "No overlayfs persistent volume specified. Creating a volatile overlay."
-        mount -t tmpfs tmpfs -o ${OVERLAY_MNT_OPTS} "${_overlay_mount}" || \
+        mount -t tmpfs tmpfs "${_overlay_mount}" || \
             die "Failed to create overlay tmpfs at ${_overlay_mount}"
     else
         # Check if the specified Overlay RAID volume is present in the system.
@@ -83,64 +82,72 @@ create_overlayfs() {
     local _lower=$1
     local _upper=$2
     local _work=$3
+    local _mode=$4
 
     [ -d "$_lower" ] || die "Unable to create overlay as $_lower does not exist"
 
-    mkdir -p "${_upper}" && \
-    mkdir -p "${_work}" && \
-    mount -t overlay overlay -o ro,lowerdir="${_lower}",upperdir="${_upper}",workdir="${_work}" "${_lower}" || \
+    mkdir -p "${_upper}" || die "Failed to create upper directory ${_upper}"
+    mkdir -p "${_work}" || die "Failed to create work directory ${_work}"
+
+    # Note for now, the mountpoint / mergedir is set to the same directory as the lowerdir.
+    # This means the overlay will be mounted directly on the lower directory.
+    # TODO: Add support for a customized mountpoint in future versions.
+    mount -t overlay overlay -o "${_mode}",lowerdir="${_lower}",upperdir="${_upper}",workdir="${_work}" "${_lower}" || \
         die "Failed to mount overlay in ${_lower}"
 }
 
 mount_overlayfs() {
     local cnt=0
-    local overlay_mount_with_cnt
+    local volume_mount_with_cnt
     declare -A volume_mount_map
 
+    mkdir -p "${ROOT_VERITY_MOUNTPOINT}"
     if [ "$is_verity" = true ]; then
         echo "Mounting DM-Verity Target"
-        mkdir -p "${VERITY_MOUNT}"
-        mount -o ro,defaults "/dev/mapper/root" "${VERITY_MOUNT}" || \
+        mount -o ro "/dev/mapper/root" "${ROOT_VERITY_MOUNTPOINT}" || \
             die "Failed to mount dm-verity root target"
     else
         echo "Mounting regular root"
-        mkdir -p "${VERITY_MOUNT}"
         # Remove 'block:' prefix if present.
         root_device=$(expand_persistent_dev "${root#block:}")
-        mount -o ro,defaults "$root_device" "${VERITY_MOUNT}" || \
+        mount "$root_device" "${ROOT_VERITY_MOUNTPOINT}" || \
             die "Failed to mount root"
     fi
 
     echo "Starting to create OverlayFS"
-    for _group in ${overlayfs}; do
-        IFS=',' read -r overlay upper work volume <<< "$_group"
+    IFS=';' read -ra overlay_groups <<< "$overlayfs"
+    for _group in "${overlay_groups[@]}"; do
+        IFS=',' read -r lower upper work volume mode <<< "$_group"
 
+        # Set mode as ro to fulfill Trident specific requirement.
+        mode=${mode:-ro}
         # Resolve volume to its full device path.
         volume=$(expand_persistent_dev "$volume")
 
         if [[ "$volume" == "" ]]; then
-            overlay_mount_with_cnt="${OVERLAY_MOUNT}/${cnt}"
-            mount_volatile_persistent_volume "volatile" $overlay_mount_with_cnt
+            volume_mount_with_cnt="${OVERLAY_MOUNT}/${cnt}"
+            mount_volatile_persistent_volume "volatile" $volume_mount_with_cnt
         else
             if [[ -n "${volume_mount_map[$volume]}" ]]; then
                 # Volume already mounted, retrieve existing mount point from map.
-                overlay_mount_with_cnt=${volume_mount_map[$volume]}
+                volume_mount_with_cnt=${volume_mount_map[$volume]}
             else
                 # Not in map, so mount and update the map.
-                overlay_mount_with_cnt="${OVERLAY_MOUNT}/${cnt}"
-                mount_volatile_persistent_volume $volume $overlay_mount_with_cnt
-                volume_mount_map[$volume]=$overlay_mount_with_cnt
+                volume_mount_with_cnt="${OVERLAY_MOUNT}/${cnt}"
+                mount_volatile_persistent_volume $volume $volume_mount_with_cnt
+                volume_mount_map[$volume]=$volume_mount_with_cnt
             fi
         fi
-        cnt=$((cnt + 1))
 
-        echo "Creating OverlayFS with overlay: $overlay, upper: ${overlay_mount_with_cnt}/${upper}, work: ${overlay_mount_with_cnt}/${work}"
-        create_overlayfs "${VERITY_MOUNT}/${overlay}" "${overlay_mount_with_cnt}/${upper}" "${overlay_mount_with_cnt}/${work}"
+        echo "Creating OverlayFS with lower: $lower, upper: ${volume_mount_with_cnt}/${upper}, work: ${volume_mount_with_cnt}/${work}, mode: ${mode}"
+        create_overlayfs "${ROOT_VERITY_MOUNTPOINT}/${lower}" "${volume_mount_with_cnt}/${upper}" "${volume_mount_with_cnt}/${work}" "${mode}"
+
+        cnt=$((cnt + 1))
     done
 
     echo "Done Verity Root Mounting and OverlayFS Mounting"
     # Re-mount the verity mount along with overlayfs to the sysroot.
-    mount --rbind "${VERITY_MOUNT}" "${NEWROOT}"
+    mount --rbind "${ROOT_VERITY_MOUNTPOINT}" "${NEWROOT}"
 }
 
 # Keep a copy of this function here from verity-read-only-root package.

SPECS/dracut/dracut.signatures.json

@@ -10,6 +10,6 @@
   "lgpl-2.1.txt": "dc626520dcd53a22f727af3ee42c770e56c97a64fe3adb063799d8ab032fe551",
   "megaraid.conf": "914824cdbe0c525b71efa05a75e453335b0068beb8bc28bef2a5866d74bf7dd4",
   "module-setup.sh": "8f5a0d3cc393d78bcb523b0d53c578d2767d688f00e84b525355bbb31d753da4",
-  "overlayfs-mount.sh": "f049d0ad2e4a1d98acb329765900690883520fdc8fc9463f5081f6e7fb679695"
+  "overlayfs-mount.sh": "28f47c107a4435c5153bdb5b2f92f20b7a75bf3932216635ee810875c27dd55b"
  }
 }