meta-ibm: Enable emergency/rescue when root locked
When the root account is locked, the systemd emergency and rescue
targets fail with an error message. That is because they run the
sulogin command, which prompts for the root password.
The solution is for those services to specify the sulogin --force
option. For more information, see sulogin(8).
systemd uses a "wrapper" executable named systemd-sulogin-shell to run
sulogin. If the environment variable SYSTEMD_SULOGIN_FORCE is set to 1,
systemd-sulogin-shell runs sulogin with the --force option. For more
information, see https://systemd.io/ENVIRONMENT/
Create drop-in directories for the emergency and rescue service files.
In those directories, create a .conf file that sets
SYSTEMD_SULOGIN_FORCE to 1 for those services.
Signed-off-by: Shawn McCarney <shawnmm@us.ibm.com>
Change-Id: I39359e91d99e490b9e57508f96f56567b49c663e
diff --git a/meta-ibm/recipes-core/systemd/systemd/systemd-sulogin-force.conf b/meta-ibm/recipes-core/systemd/systemd/systemd-sulogin-force.conf
new file mode 100644
index 0000000..919fc24
--- /dev/null
+++ b/meta-ibm/recipes-core/systemd/systemd/systemd-sulogin-force.conf
@@ -0,0 +1,11 @@
+# This file sets the SYSTEMD_SULOGIN_FORCE environment variable used by
+# systemd-sulogin-shell. This skips asking for the root password if the root
+# password is not available (such as when the root account is locked).
+#
+# This override is intended to be used with the emergency and rescue service
+# files.
+#
+# See https://systemd.io/ENVIRONMENT/ and sulogin(8) for more information.
+
+[Service]
+Environment=SYSTEMD_SULOGIN_FORCE=1
diff --git a/meta-ibm/recipes-core/systemd/systemd_%.bbappend b/meta-ibm/recipes-core/systemd/systemd_%.bbappend
index 0a09253..1a3cf71 100644
--- a/meta-ibm/recipes-core/systemd/systemd_%.bbappend
+++ b/meta-ibm/recipes-core/systemd/systemd_%.bbappend
@@ -9,6 +9,7 @@
SRC_URI:append:p10bmc = " file://vm.conf"
SRC_URI:append:p10bmc = " file://network.conf"
SRC_URI:append:p10bmc = " file://systemd-networkd-only-wait-for-one.conf"
+SRC_URI:append:p10bmc = " file://systemd-sulogin-force.conf"
SRC_URI:append:genesis3 = " file://systemd-networkd-only-wait-for-one.conf"
SRC_URI:append:sbp1 = " file://systemd-networkd-only-wait-for-one.conf"
@@ -24,6 +25,8 @@
FILES:${PN}:append:p10bmc = " ${sysconfdir}/sysctl.d/vm.conf"
FILES:${PN}:append:p10bmc = " ${sysconfdir}/sysctl.d/network.conf"
FILES:${PN}:append:p10bmc = " ${systemd_system_unitdir}/systemd-networkd-wait-online.service.d/systemd-networkd-only-wait-for-one.conf"
+FILES:${PN}:append:p10bmc = " ${systemd_system_unitdir}/emergency.service.d/systemd-sulogin-force.conf"
+FILES:${PN}:append:p10bmc = " ${systemd_system_unitdir}/rescue.service.d/systemd-sulogin-force.conf"
FILES:${PN}:append:genesis3 = " ${systemd_system_unitdir}/systemd-networkd-wait-online.service.d/systemd-networkd-only-wait-for-one.conf"
FILES:${PN}:append:sbp1 = " ${systemd_system_unitdir}/systemd-networkd-wait-online.service.d/systemd-networkd-only-wait-for-one.conf"
@@ -41,6 +44,8 @@
install -m 644 -D ${WORKDIR}/vm.conf ${D}${sysconfdir}/sysctl.d/vm.conf
install -m 644 -D ${WORKDIR}/network.conf ${D}${sysconfdir}/sysctl.d/network.conf
install -m 644 -D ${WORKDIR}/systemd-networkd-only-wait-for-one.conf ${D}${systemd_system_unitdir}/systemd-networkd-wait-online.service.d/systemd-networkd-only-wait-for-one.conf
+ install -m 644 -D ${WORKDIR}/systemd-sulogin-force.conf ${D}${systemd_system_unitdir}/emergency.service.d/systemd-sulogin-force.conf
+ install -m 644 -D ${WORKDIR}/systemd-sulogin-force.conf ${D}${systemd_system_unitdir}/rescue.service.d/systemd-sulogin-force.conf
}
# Genesis3 and SBP1 uses both BMC's RGMII MACs, so wait for only one to be online