jimzah/openafs
1
0
Fork 0
mirror of https://git.openafs.org/openafs.git synced 2025-01-31 13:38:01 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

DARWIN: On macOS 12, mount afs on user's directory

Browse Source 
Currently, /afs is mounted/unmounted by a LaunchDaemon. In order to
unmount /afs on restart/shutdown, this daemon runs umount -force /afs.
Unfortunately, SIP (System Integrity Protection) is not allowing the
LaunchDaemon in question to run this command successfully on macOS 12
(exclusively on restart/shutdown):

  umount: Operation not permitted

In this situation, afs can't be turned off correctly, leaving many
unkillable afsd processes lingering around. As a result, the
restart/shutdown process gets stuck indefinitely.

Fortunately, this problem doesn't happen if /afs is mounted on an user's
directory. That said, avoid this issue by mounting /afs on the current
user's directory (/Users/$USER/OpenAFS/afs). Notice that afs is still
accessible (including for other users) through a synthetic link added in
the root directory (/afs -> /Users/$USER/OpenAFS/afs).

Change-Id: Id05d811e785057a82b73d0946154d9be8b5d772a
Reviewed-on: https://gerrit.openafs.org/14925
Tested-by: BuildBot <buildbot@rampaginggeek.com>
Reviewed-by: Benjamin Kaduk <kaduk@mit.edu>
This commit is contained in:
Marcio Barbosa 2022-04-07 22:51:21 +00:00 committed by Benjamin Kaduk
parent 873d803a3d
commit 1c7eda8ea8
1 changed files with 15 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
src/packaging/MacOS/OpenAFS.post_install
View File

@ -8,7 +8,17 @@ if [ $majorvers -ge 19 ]; then
# Root mount point is read-only. To workaround this restriction, add a
# synthetic entity for afs into /etc/synthetic.conf. For more information,
# please read man synthetic.conf(5).
grep -qs '^afs$' /etc/synthetic.conf || echo 'afs' >> /etc/synthetic.conf
if [ $majorvers -ge 21 ]; then
# On macOS 12, SIP is not allowing our LaunchDaemon to unmount /afs on
# restart/shutdown. If /afs is mounted on the user's directory, this problem
# doesn't happen.
sed -i "" "/OpenAFS\/afs/d" /etc/synthetic.conf &> /dev/null
sed -i "" "/^afs$/d" /etc/synthetic.conf &> /dev/null
echo "afs\tUsers/$USER/OpenAFS/afs" >> /etc/synthetic.conf
mkdir -p /Users/$USER/OpenAFS/afs
else
grep -qs '^afs$' /etc/synthetic.conf || echo 'afs' >> /etc/synthetic.conf
fi
elif [ $majorvers -ge 7 ]; then
# /Network is now readonly, so put AFS in /afs; make sure /afs is a directory
if [ -e /afs ]; then
@ -37,6 +47,10 @@ if [ `grep /Network/afs cacheinfo` ]; then
mv cacheinfo.new cacheinfo
fi
if [ $majorvers -ge 21 ]; then
sed -i "" "s/\/afs:/\/Users\/$USER\/OpenAFS\/afs:/" cacheinfo
fi
# if the installer plugin generated ThisCell and/or CellAlias
# files, copy them in here
tmpthiscell=/private/tmp/org.OpenAFS.Install.ThisCell.$USER