The following patch swaps the command line handling of kinit. It
seems apparent that, if one were to call kinit like so:
kinit root=/foo/bar
They would be attempting to override the /proc/cmdline. As it stands,
kinit parses the /proc/cmdline *first*, meaning the above does not
work.
Just for a simple use case:
User A has an encrypted root device, root=/dev/hda3
Some init scripts detect this, and set up the dev-mapper mapping, as
/dev/mapper/cryptoroot.
The scripts then need a way to replace the root parameter, so that
kinit will load off the cryptoroot device, instead of the encrypted
volume. As it stands there is no way to do this (/proc/cmdline is
readonly).
--- usr/kinit/kinit.c 2006-05-01 17:26:58.000000000 -0500
+++ usr/kinit/kinit.c 2006-05-05 11:00:58.000000000 -0500
@@ -76,6 +76,12 @@
if ( cmdv )
cmdv[0] = argv[0];
+ for (a = 1; a < argc && v < vmax; a++) {
+ if ( cmdv )
+ cmdv[v] = argv[a];
+ v++;
+ }
+
while (i && *i && v < vmax) {
if ((*i == ' ' || *i == '\t') && !was_space) {
if ( cmdv )
@@ -90,11 +96,6 @@
i++;
}
- for (a = 1; a < argc && v < vmax; a++) {
- if ( cmdv )
- cmdv[v] = argv[a];
- v++;
- }
if ( cmdv )
cmdv[v] = NULL;
On Fri, May 05, 2006 at 11:30:41AM -0500, Aaron Griffin wrote:> The following patch swaps the command line handling of kinit. It > seems apparent that, if one were to call kinit like so: > kinit root=/foo/bar > They would be attempting to override the /proc/cmdline. As it stands, > kinit parses the /proc/cmdline *first*, meaning the above does not > work. > > Just for a simple use case: > User A has an encrypted root device, root=/dev/hda3 > Some init scripts detect this, and set up the dev-mapper mapping, as > /dev/mapper/cryptoroot. > > The scripts then need a way to replace the root parameter, so that > kinit will load off the cryptoroot device, instead of the encrypted > volume. As it stands there is no way to do this (/proc/cmdline is > readonly).anyway if you are not using luks you need to pass cryptopts. also if you are using cryptsetup you have glibc on board. Debian initramfs-tools exports root and allows its boot scripts to change it, you might want to read the details http://bugs.debian.org/358452 regards -- maks
On 5/5/06, maximilian attems <maks@sternwelten.at> wrote:> anyway if you are not using luks you need to pass cryptopts. > also if you are using cryptsetup you have glibc on board.Not necessarilly, cryptsetup may be statically compiled.> Debian initramfs-tools exports root and allows its boot scripts > to change it, you might want to read the details > http://bugs.debian.org/358452Yes, but last I looked, the debian tools do not use kinit. They call run-init after manually mounting the device. Either way, the cryptsetup point is rather moot, it was just a use case to illustrate that it makes sense to have kinit command line params come *before* /proc/cmdline.
Aaron Griffin wrote:> The following patch swaps the command line handling of kinit. It > seems apparent that, if one were to call kinit like so: > kinit root=/foo/bar > They would be attempting to override the /proc/cmdline. As it stands, > kinit parses the /proc/cmdline *first*, meaning the above does not > work. > > Just for a simple use case: > User A has an encrypted root device, root=/dev/hda3 > Some init scripts detect this, and set up the dev-mapper mapping, as > /dev/mapper/cryptoroot. > > The scripts then need a way to replace the root parameter, so that > kinit will load off the cryptoroot device, instead of the encrypted > volume. As it stands there is no way to do this (/proc/cmdline is > readonly).That makes sense. -hpa