-
Notifications
You must be signed in to change notification settings - Fork 614
workaround(azurelinux-release): bind-mount /proc/version for CBL-Mariner compat #16446
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Merged
Merged
Changes from all commits
Commits
File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
15 changes: 15 additions & 0 deletions
15
base/comps/azurelinux-release/proc-version-override.service
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,15 @@ | ||
| [Unit] | ||
| Description=Override /proc/version for legacy OS detection (CBL-Mariner compat) | ||
| Before=waagent.service cloud-init.service cloud-init-local.service | ||
| After=local-fs.target | ||
| ConditionVirtualization=vm | ||
|
|
||
| [Service] | ||
| Type=oneshot | ||
| RemainAfterExit=yes | ||
| ExecStart=/usr/libexec/proc-version-override | ||
| ExecStop=-/bin/umount /proc/version | ||
| ExecStopPost=-/bin/rm -f /run/proc_version_override | ||
|
|
||
| [Install] | ||
| WantedBy=multi-user.target |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,43 @@ | ||
| #!/bin/bash | ||
| # Generate a /proc/version override that includes both "CBL-Mariner" and | ||
| # "azurelinux" identifiers, then bind-mount it over /proc/version. | ||
| # | ||
| # This preserves backward compatibility with tools that grep /proc/version | ||
| # for "Mariner" (e.g. Guest-Configuration-Extension) while also advertising | ||
| # the current distro name. | ||
|
|
||
| set -euo pipefail | ||
|
|
||
| OVERRIDE=/run/proc_version_override | ||
|
|
||
| # `mount --bind` on a file target is not idempotent; repeated runs can stack | ||
| # mounts on /proc/version. Unwind any existing mount layers before reading | ||
| # the real /proc/version and rebinding. | ||
| while findmnt -n /proc/version >/dev/null 2>&1; do | ||
| umount /proc/version | ||
| done | ||
|
|
||
| # Build a version string using the real kernel version, replacing only | ||
| # the (user@host) field with (root@CBL-Mariner-azurelinux). | ||
| # | ||
| # Real /proc/version format: | ||
| # Linux version <uname -r> (mockbuild@koji-builder-...) (gcc (GCC) ...) #1 SMP ... | ||
| # Override: | ||
| # Linux version <uname -r> (root@CBL-Mariner-azurelinux) (gcc (GCC) ...) #1 SMP ... | ||
| # | ||
| # We strip the first parenthesized group (user@host) and keep everything | ||
| # after it (compiler info, build config, timestamp) verbatim. | ||
| # Also replace "Red Hat" in the GCC version string so tools that pattern-match | ||
| # /proc/version (e.g. GCE's guest-configuration-shim) don't misidentify AZL as | ||
| # RHEL based on the compiler tag. | ||
| KVER=$(uname -r) | ||
| TAIL=$(sed 's/^[^)]*)[[:space:]]*//' /proc/version | sed 's/Red Hat/Azure Linux/g') | ||
|
|
||
| install -m 0444 /dev/null "$OVERRIDE" | ||
| cat > "$OVERRIDE" <<EOF | ||
| Linux version ${KVER} (root@CBL-Mariner-azurelinux) ${TAIL} | ||
| EOF | ||
| chmod 0444 "$OVERRIDE" | ||
|
|
||
| mount --bind "$OVERRIDE" /proc/version | ||
|
rlmenge marked this conversation as resolved.
|
||
| mount -o remount,bind,ro /proc/version | ||
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
suggestion (non-blocking): While this will work as a workaround for the issue we are facing, keep in mind a different pattern to write to a temp file, do an atomic move operation, then chmod 444 the final file. Readers reading the
$OVERRIDEwhile it is being written could read partial content. Not an issue here since this one-shot service will run well before the guest extension runs, but something to keep in mind for future