BindsTo dataset keyload unit to mount associate unit

We need a stronger dependency between the mount unit and its keyload unit when we know that the dataset is encrypted. If the keyload unit fails, Wants= will still try to mount the dataset, which will then fail. It’s better to show that the failure is due to a dependency failing, the keyload unit, by tighting up the dependency. We can do this as we know that we generate both units in the generator and so, it’s not an optional dependency. BindsTo enable as well that if the keyload unit fails at any point, the associated mountpoint will be then unmounted. Reviewed-by: Richard Laager <rlaager@wiktel.com> Reviewed-by: Brian Behlendorf <behlendorf1@llnl.gov> Co-authored-by: Didier Roche <didrocks@ubuntu.com> Signed-off-by: Didier Roche <didrocks@ubuntu.com> Closes openzfs#10477
sempervictus · May 31, 2021 · 23fad9a · 23fad9a
1 parent 249d7b8
commit 23fad9a
Showing 1 changed file with 4 additions and 1 deletion.
diff --git a/etc/systemd/system-generators/zfs-mount-generator.in b/etc/systemd/system-generators/zfs-mount-generator.in
@@ -115,6 +115,7 @@ process_line() {
   wants="zfs-import.target"
   requires=""
   requiredmounts=""
+  bindsto=""
   wantedby=""
   requiredby=""
   noauto="off"
@@ -202,7 +203,8 @@ ExecStop=@sbindir@/zfs unload-key '${dataset}'"   > "${dest_norm}/${keyloadunit}
     fi
     # Update the dependencies for the mount file to want the
     # key-loading unit.
-    wants="${wants} ${keyloadunit}"
+    wants="${wants}"
+    bindsto="BindsTo=${keyloadunit}"
     after="${after} ${keyloadunit}"
   fi
 
@@ -413,6 +415,7 @@ Documentation=man:zfs-mount-generator(8)
 Before=${before}
 After=${after}
 Wants=${wants}
+${bindsto}
 ${requires}
 ${requiredmounts}