Bug#783990: efivarfs is a separate fs and needs moutning

The Wanderer wanderer at fastmail.fm
Fri Jul 16 16:20:08 BST 2021

(For some reason, I haven't gotten the copy of this reply that comes to
me via debian-init-diversity, even though it's clearly Cc'ed to the bug
which appears to send copies to that list. Is something in the chain -
probably BDO - detecting that I'm already in Cc and not sending the
second copy? That would be unfortunate, and a reason for me to return to
replying only to the bug number rather than to the full addressee

On 2021-07-16 at 11:00, Ian Jackson wrote:
> The Wanderer writes ("Re: Bug#783990: efivarfs is a separate fs and
> needs moutning"):
>> I'm not sure what's making the difference (unless this is already
>> fixed for testing, and you're only discussing whether to backport
>> the fix to current stable, which I think doesn't sound like it is
>> the case),
> Perhaps the initramfs mounts it ?  I can't conveniently check.

A quick grep through /usr and /etc/ for 'efivar' finds one thing that
looks potentially relevant: /etc/apparmor.d/abstractions/libvirt-lxc
includes a mount command for this directory.

(It also finds that
suggests 'mount -t efivarfs none mountpoint' rather than 'mount -t
efivarfs efivarfs mountpoint', but I suspect the end result will be the
same regardless.)

>> and I'm not sure where to look to try to find out - but whatever
>> fix is found for anyone experiencing this problem, it'll be
>> important to make sure it doesn't break people for whom this *is*
>> working.
> Certainly.
> I suggest the following approach in mountkernfs:
>   - See if /sys/firmware/efi/efivars exists.
>   - If it does, and nothing is mounted on it yet, try to mount
>     efivarfs with the runes earlier in this bug.
>   - If that mount fails, print an error message, but otherwise
>     do not treat this as an error.
> If you think this is a good plan I will send a patch.  Would each of
> you be willing to do a test reboot with it ?

That looks like a reasonable approach to me. I'm not sure exactly what
steps would be necessary to be sure that the reboot was properly testing
the patch, but as long as there's no meaningful risk of putting my
system into an unbootable state (an unlikely-seeming result), I have no
problem with testing this when time permits.

   The Wanderer

The reasonable man adapts himself to the world; the unreasonable one
persists in trying to adapt the world to himself. Therefore all
progress depends on the unreasonable man.         -- George Bernard Shaw

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: OpenPGP digital signature
URL: <http://www.chiark.greenend.org.uk/pipermail/debian-init-diversity/attachments/20210716/68fc825a/attachment.sig>

More information about the Debian-init-diversity mailing list