osbuild2: lock loopback devices during sfdisk, mkfs

Since udev will probe block devices it is advisable to hold a lock on the device when modifying its partition table or the superblock of the filesystem (see [1]). osbuild loopback devices do support this via the `lock` option. Set this option for all operation that involve changing block device "metadata" that could potentionally race with udev, such as sfdisk, mkfs, creating a luks2 container and creating LVM2 volume groups and logical volumes. NB: osbuild also has its own device inhibition logic to prevent udev/lvm2 from auto activating devices and in general to limit the interaction between the host and devices used by osbuild. See [2] for more information. NB: this also locks the loopback device in situation where we the it is strickly not the right thing to do, e.g. when creating a fs on a logical voume that is located on a loopback device, since in this case the device we would need to lock is the logical volume. Sadly, LVM/DM devices are exempt from block device locking. But, due to a bug in osbuild < 50, the udev inhibitor does *not* work for loopback devices and therefore we have to use the actual lock to preven LVM device auto-activation via `69-dm-lvm-metad.rules`. The change was implemented by adding a new boolean to `getDevices` indicating if the loopback device should be locked or not. Once we depend on osbuild 50 we can change the logic in `getDevices` to only lock the loopback device if the number of devices is one, i.e. we are working directly on the loopback device. [1] https://systemd.io/BLOCK_DEVICE_LOCKING/ [2] /usr/lib/udev/rules.d/10-osbuild-inhibitor.rules
2022-02-28 13:19:28 +01:00 · 2022-02-28 13:19:28 +01:00 · 9e5b265a58
commit 9e5b265a58
parent 19e7890f63
112 changed files with 742 additions and 371 deletions
--- a/test/data/manifests/centos_9-aarch64-openstack-boot.json
+++ b/test/data/manifests/centos_9-aarch64-openstack-boot.json
@ -951,7 +951,8 @@
              "device": {
                "type": "org.osbuild.loopback",
                "options": {
-                  "filename": "disk.img"
+                  "filename": "disk.img",
+                  "lock": true
                }
              }
            }
@ -967,7 +968,8 @@
                "options": {
                  "filename": "disk.img",
                  "start": 2048,
-                  "size": 409600
+                  "size": 409600,
+                  "lock": true
                }
              }
            }
@ -984,7 +986,8 @@
                "options": {
                  "filename": "disk.img",
                  "start": 411648,
-                  "size": 1024000
+                  "size": 1024000,
+                  "lock": true
                }
              }
            }
@ -1001,7 +1004,8 @@
                "options": {
                  "filename": "disk.img",
                  "start": 1435648,
-                  "size": 6952927
+                  "size": 6952927,
+                  "lock": true
                }
              }
            }