Displaying 20 results from an estimated 400 matches similar to: "[PATCH] run-init: add drop_capabilities support"
2019 Apr 18
1
[PATCH] Allow the initramfs to be persisted across root changes
systemd supports switching back to the initramfs during shutdown in
order to make it easier to clean up the root file system. This is
desirable in order to allow us to remove keys from RAM before rebooting,
making it harder to obtain confidential information by rebooting into an
environment that scrapes RAM contents.
---
debian/changelog | 4 +
2016 Jan 17
1
[PATCH klibc] run-init: Add dry-run mode
initramfs-tools wants to validate the real init program before running
it, as there is no way out once it has exec'd run-init. This is
complicated by the increasing use of symlinks for /sbin/init and for
/sbin itself. We can't simply resolve them with 'readlink -f' because
any absolute symlinks will be resolved using the wrong root. Add a
dry-run mode (-n option) to run-init
2011 Jul 19
4
[PATCH v1 0/2] Support dropping of capabilities from early userspace.
This patchset applies to klibc mainline. As is it will probably collide
with Maximilian's recent patch to rename run-init to switch_root posted
last week.
To boot an untrusted environment with certain capabilities locked out,
we'd like to be able to drop the capabilities up front from early
userspace, before we actually transition onto the root volume.
This patchset implements this by
2019 Apr 18
0
[PATCH] Allow the initramfs to be persisted across root changes
systemd supports switching back to the initramfs during shutdown in
order to make it easier to clean up the root file system. This is
desirable in order to allow us to remove keys from RAM before rebooting,
making it harder to obtain confidential information by rebooting into an
environment that scrapes RAM contents.
Signed-off-by: Matthew Garrett <mjg59 at google.com>
---
2019 Apr 28
0
[klibc:master] run-init: Allow the initramfs to be persisted across root changes
Commit-ID: 603f1bb024a03d9c50a89e7256ae7814292baf06
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=603f1bb024a03d9c50a89e7256ae7814292baf06
Author: Matthew Garrett <matthewgarrett at google.com>
AuthorDate: Thu, 18 Apr 2019 12:12:27 -0700
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Sat, 20 Apr 2019 17:11:34 +0100
[klibc] run-init: Allow
2019 Jan 18
0
[klibc:master] run-init: Add dry-run mode
Commit-ID: 10059fddba9f8bec6aeb0d37d217df6d65e64c3b
Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=10059fddba9f8bec6aeb0d37d217df6d65e64c3b
Author: Ben Hutchings <ben at decadent.org.uk>
AuthorDate: Sun, 17 Jan 2016 19:50:28 +0000
Committer: Ben Hutchings <ben at decadent.org.uk>
CommitDate: Wed, 2 Jan 2019 03:08:04 +0000
[klibc] run-init: Add dry-run mode
2017 Dec 31
4
[PATCH klibc 0/4] Fixes from Debian and Ubuntu
The following patches come from Debian and/or Ubuntu packages of
klibc.
Ben.
Ben Hutchings (1):
[klibc] run-init: Add dry-run mode
Jay Vosburgh (1):
[klibc] ipconfig: Use separate sockets for DHCP from multiple
interfaces
Mathieu Trudel-Lapierre (1):
[klibc] ipconfig: Set broadcast when sending DHCPREQUEST and
DHCPDISCOVER
YunQiang Su (1):
[klibc] mips: setjmp.S: don't
2011 Jul 13
9
[PATCH 0/8] switch_root() enhancements
On a train ride to Bruxelles, brought out my axe and directly attacked
run_init(8). run_init(8) is dead, long live switch_root(8).
The next run on switch_root(8) involves fdopendir,
so another push for the upcoming stdio 1.6 branch.
The following is boot tested with initramfs-tools,
kinit(8) tests would very much be appreciated!?
Michal Suchanek (1):
[klibc] switch_root: Fix single file
2011 Aug 03
1
[PATCH v2] kinit: Add drop_capabilities support.
This patch adds the ability to kinit to allow the dropping of POSIX
capabilities.
kinit is modified by this change, such that it understands the new
kernel command line "drop_capabilities=" that specifies a comma
separated list of capability names that should be dropped before
switching over to the next init in the boot strap (typically on the root
disk).
When processing capabilities
2010 Aug 25
0
[patch] ipconfig fixes + run-init nit
hello,
Preparing my first klibc maintainenace release. :)
My plan is to have the patches cook in klibc-queue and once
everythings is fine deploy them in the main klibc repo.
Please test/review belows patches.
I plan to release the current queue really soon for klibc 1.5.20
due to the urgent ipconfig fixes. For now you find my patch queue on:
2005 Feb 14
6
Query regarding initramfs
Hi
I had some doubts regarding what all the init application should do:
>> so, that should that application do?
>> - mount /dev/hda1 /new-root
>> - cd /new-root
>> - run-init
1. Of what I understand, before exitting, init should mount the realroot
and execute the init process.
Is realroot the '/' or the empty directory created (in the cpio
archive) ?
2015 Nov 08
2
After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
On Fri, Nov 06, 2015 at 07:23:59PM -0800, Gordon Messmer wrote:
> On 11/06/2015 06:30 PM, Jobst Schmalenbach wrote:
> >What troubles me that a simple restart of the daemon fixes everything but it does not come up on reboot.
>
> Running the service script manually may not give you the same
> selinux context as on boot. Services should be started using
> "run_init"
2005 Aug 09
6
initramfs howto
Hi,
Here's a try at writing an initramfs HOWTO.
This is basically a write-up of a number of interesting emails I collected
over time.
It could probably use an editor, more fact-checking and a bunch of other
good things, but it should be better than nothing ;-)
Daniel
-------------- next part --------------
INITRAMFS HOWTO
0) What are klibc and initramfs?
Initramfs is a ramfs into which
2006 Sep 28
1
ramfs to tmpfs
Hello,
I was using a bunch of cpios in initramfs as a working system, and
wondering why the unused files weren't being paged out to swap.
So I reread ramfs-rootfs-initramfs.txt and now I know.
So I wrote the attached utility. It creates a tmpfs, moves all files
on the initramfs, moves / and executes the real init.
It works, even with hardlinks, but it isn't the correct approach. Have
2000 Nov 01
4
root-partition
Hi all,
I've been working with the ext3-fs for several months (since 0.0.2c),
and it works pretty fine for me, but I haven't found out, how I works to
migrate my root-partition from ext2 to ext3.
I tried it with the commands at the lilo-prompt, but it didn't work.
I only received a kernel panic.
Any ideas, how I can migrate to ext3 on my root-partition?
tnx,
Joachim
--
Joachim
2011 Aug 12
4
klibc current state
Hello,
While some people might scuba dive, let's summarize recent
progress and state (People cc'ed have either patches in
queue or are involved):
* Patches pending review, allmost ready for klibc
-------------------------------------------------
- mikew/drop_cap - kinit: Add drop_capabilities support
adds the ability to kinit to allow the dropping of POSIX
capabilities. (patch even
2002 Aug 13
1
w2k pro no longer trusted by 2.2.3 pdc
Hi. I am still having problems:
Quick synopsis:
NT workstation cannot have machine acccount successfully trusted by PDC.
---------Here’s my problem------(LONG)------------------
I have several W2k Workstations, with a SAMBA 2.2.3 PDC.
I screwed up something, and removed all of the important parts of the server validation.
Here's the story: OUTLAND is domain, W2k/ clients are milo and
2010 Nov 20
3
[PATCH 1/4] utils: cleanup unused includes
several errno.h for no good reasons.
cleanup losesetup which is not using getopt_long,
thus doesn't need getopt.h included.
Move stdarg.h include up in losesetup to more proper place.
Signed-off-by: maximilian attems <max at stro.at>
---
usr/utils/dmesg.c | 1 -
usr/utils/losetup.c | 4 +---
usr/utils/mkfifo.c | 1 -
usr/utils/nuke.c | 1 -
usr/utils/umount.c | 1
2015 Nov 09
0
After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
On Sat, 7 Nov 2015, Fred Smith wrote:
>On Fri, Nov 06, 2015 at 07:23:59PM -0800, Gordon Messmer wrote:
>>On 11/06/2015 06:30 PM, Jobst Schmalenbach wrote:
>>>What troubles me that a simple restart of the daemon fixes everything but it does not come up on reboot.
>>
>>Running the service script manually may not give you the same
>>selinux context as on boot.
2015 Nov 07
5
After reboot of web-server accessing website shows "Forbidden", restarting httpd all is fine
Hi.
I am stuck with this one and I do not know where and how to search for this problem nor do I know how to fix it.
When I reboot one of our servers (CentOS 6.7, selinux target, yum fully updated) the http server loads fine (no erros) but when accessing one of the server's websites it displays "Forbidden", restarting the httpd server (command line) will give full access and all is