(new Change proposal) |
(Change is withdrawn pending updates) |
||
(5 intermediate revisions by 3 users not shown) | |||
Line 6: | Line 6: | ||
== Owner == | == Owner == | ||
* Name: [[User:Salimma|Michel Alexandre Salim]] | * Name: [[User:Salimma|Michel Alexandre Salim]], [[User:Ngompa|Neal Gompa]], [[User:Davdunc|David Duncan]] | ||
* Email: michel@michel-slm.name, ngompa13@gmail.com, davdunc@amazon.com | |||
* Email: davdunc@amazon.com | |||
== Current status == | == Current status == | ||
[[Category: | [[Category:ChangePageIncomplete]] | ||
[[Category:SystemWideChange]] | [[Category:SystemWideChange]] | ||
* Targeted release: [[Releases/ | * Targeted release: [[Releases/37 | Fedora Linux 37 ]] | ||
* Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | * Last updated: <!-- this is an automatic macro — you don't need to change this line --> {{REVISIONYEAR}}-{{REVISIONMONTH}}-{{REVISIONDAY2}} | ||
<!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page | <!-- After the change proposal is accepted by FESCo, tracking bug is created in Bugzilla and linked to this page | ||
Line 26: | Line 22: | ||
ON_QA -> change is fully code complete | ON_QA -> change is fully code complete | ||
--> | --> | ||
* FESCo issue: | * [https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/3UCY6GLDPSWEUSUQ7MJXHJYMG42ZHQBO/ devel thread] | ||
* FESCo issue: [https://pagure.io/fesco/issue/2713 #2713] | |||
* Tracker bug: <will be assigned by the Wrangler> | * Tracker bug: <will be assigned by the Wrangler> | ||
* Release notes tracker: <will be assigned by the Wrangler> | * Release notes tracker: <will be assigned by the Wrangler> | ||
Line 40: | Line 37: | ||
- you can enforce the need for a root password in single-user mode by setting it | - you can enforce the need for a root password in single-user mode by setting it | ||
This change will be implemented by pre-installing an RPM containing systemd overrides for `emergency.service` and `rescue.service`, similar to the [ | This change will be implemented by pre-installing an RPM containing systemd overrides for `emergency.service` and `rescue.service`, similar to the [https://github.com/coreos/fedora-coreos-config/commit/eb74f2ea3e9b453902315539e4f327481162c4f8 CoreOS implementation], so users and editions/variants can opt out by removing this or omitting it from their default installation. | ||
== Feedback == | == Feedback == | ||
Line 50: | Line 47: | ||
== Scope == | == Scope == | ||
* Proposal owners: Ship the needed configuration change in a systemd subpackage. Test and verify that it works, then work with editions and spins to test and enable this by default by making `systemd` `Recommends: (systemd-rescue-defaults if dracut-config-rescue)` | * Proposal owners: Ship the needed configuration change in a systemd subpackage. Test and verify that it works, then work with editions and spins to test and enable this by default by making `systemd` `Recommends: (systemd-rescue-defaults if dracut-config-rescue)` | ||
* Other developers: Test this and opt-out if necessary (eg cloud doesn't have initramfs so the package is deadweight). On variants where dracut-config-rescue is installed but an opt out is desired, excluding the package from installation will prevent it being installed on systemd upgrades | * Other developers: Test this and opt-out if necessary (eg cloud doesn't have a rescue initramfs so the package is deadweight). On variants where dracut-config-rescue is installed but an opt out is desired, excluding the package from installation will prevent it being installed on systemd upgrades | ||
* Release engineering: [https://pagure.io/releng/issue/10422 #10422] | * Release engineering: [https://pagure.io/releng/issue/10422 #10422] | ||
* Policies and guidelines: N/A (not needed for this Change) | * Policies and guidelines: N/A (not needed for this Change) |
Latest revision as of 17:41, 17 May 2022
Make Rescue Mode Work With Locked Root
Summary
Fedora defaults to locking the root account, which is needed by single-user mode. This Change uses sulogin --force
so the password request is bypassed under this circumstance.
Owner
- Name: Michel Alexandre Salim, Neal Gompa, David Duncan
- Email: michel@michel-slm.name, ngompa13@gmail.com, davdunc@amazon.com
Current status
- Targeted release: Fedora Linux 37
- Last updated: 2022-05-17
- devel thread
- FESCo issue: #2713
- Tracker bug: <will be assigned by the Wrangler>
- Release notes tracker: <will be assigned by the Wrangler>
Detailed Description
Users typically only use single-user mode in case the normal boot is not working. In the unfortunate situation that it happens, under the current setup they cannot recover without booting from a Fedora live image or another image, or by overriding init=
, because our single-user mode requires a root password, and by default we lock the root account.
A more user-friendly setup is to allow the password to be bypassed in case it's not set.
This does not pose an increased security risk:
- you can already boot with init=/sysroot/bin/bash
anyway
- anyone with physical access to a machine can probably compromise it
- you can enforce the need for a root password in single-user mode by setting it
This change will be implemented by pre-installing an RPM containing systemd overrides for emergency.service
and rescue.service
, similar to the CoreOS implementation, so users and editions/variants can opt out by removing this or omitting it from their default installation.
Feedback
Benefit to Fedora
This Change provides a better out-of-the-box user experience in case they need to rescue their system, by making the rescue option presented in the bootloader actually work.
Scope
- Proposal owners: Ship the needed configuration change in a systemd subpackage. Test and verify that it works, then work with editions and spins to test and enable this by default by making
systemd
Recommends: (systemd-rescue-defaults if dracut-config-rescue)
- Other developers: Test this and opt-out if necessary (eg cloud doesn't have a rescue initramfs so the package is deadweight). On variants where dracut-config-rescue is installed but an opt out is desired, excluding the package from installation will prevent it being installed on systemd upgrades
- Release engineering: #10422
- Policies and guidelines: N/A (not needed for this Change)
- Trademark approval: N/A (not needed for this Change)
- Alignment with Objectives: N/A
Upgrade/compatibility impact
Upgrades would pull in this automatically, see [1]
How To Test
- dnf install systemd-rescue-defaults
- reboot and verify rescue mode works
User Experience
Rescue mode works out of the box, without resorting to overriding init= or using a live media.
Dependencies
- most changes will be done in the systemd
package
- for variants that need to opt out we'll need to modify their kickstart files
Contingency Plan
- Contingency mechanism: if the
Recommends
have been added to systemd, remove it and potentially add anObsoletes:
to remove older known-bad versions ofrescue-defaults
- Contingency deadline: Beta freeze
- Blocks release? No
Documentation
The built-in rescue mode now works out of the box without needing to use a live image. For added security you can set a root password.