similar to: [PATCH] Allow the initramfs to be persisted across root changes

Commit-ID: 603f1bb024a03d9c50a89e7256ae7814292baf06 Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=603f1bb024a03d9c50a89e7256ae7814292baf06 Author: Matthew Garrett <matthewgarrett at google.com> AuthorDate: Thu, 18 Apr 2019 12:12:27 -0700 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Sat, 20 Apr 2019 17:11:34 +0100 [klibc] run-init: Allow

systemd supports switching back to the initramfs during shutdown in order to make it easier to clean up the root file system. This is desirable in order to allow us to remove keys from RAM before rebooting, making it harder to obtain confidential information by rebooting into an environment that scrapes RAM contents. --- debian/changelog | 4 +

Commit-ID: 10059fddba9f8bec6aeb0d37d217df6d65e64c3b Gitweb: http://git.kernel.org/?p=libs/klibc/klibc.git;a=commit;h=10059fddba9f8bec6aeb0d37d217df6d65e64c3b Author: Ben Hutchings <ben at decadent.org.uk> AuthorDate: Sun, 17 Jan 2016 19:50:28 +0000 Committer: Ben Hutchings <ben at decadent.org.uk> CommitDate: Wed, 2 Jan 2019 03:08:04 +0000 [klibc] run-init: Add dry-run mode

initramfs-tools wants to validate the real init program before running it, as there is no way out once it has exec'd run-init. This is complicated by the increasing use of symlinks for /sbin/init and for /sbin itself. We can't simply resolve them with 'readlink -f' because any absolute symlinks will be resolved using the wrong root. Add a dry-run mode (-n option) to run-init

Building on the work in ff0a614bd724f6c4c6a5014a9955dc1bc028f336, this moves the capability code down into the run-init library, so that run-init can use it as well, via the new "-d" flag. Signed-off-by: Kees Cook <kees at outflux.net> --- usr/kinit/Kbuild | 3 +-- usr/kinit/capabilities.h | 10 ++++++++++ usr/kinit/kinit.c | 6 +++---

The following patches come from Debian and/or Ubuntu packages of klibc. Ben. Ben Hutchings (1): [klibc] run-init: Add dry-run mode Jay Vosburgh (1): [klibc] ipconfig: Use separate sockets for DHCP from multiple interfaces Mathieu Trudel-Lapierre (1): [klibc] ipconfig: Set broadcast when sending DHCPREQUEST and DHCPDISCOVER YunQiang Su (1): [klibc] mips: setjmp.S: don't

On a train ride to Bruxelles, brought out my axe and directly attacked run_init(8). run_init(8) is dead, long live switch_root(8). The next run on switch_root(8) involves fdopendir, so another push for the upcoming stdio 1.6 branch. The following is boot tested with initramfs-tools, kinit(8) tests would very much be appreciated!? Michal Suchanek (1): [klibc] switch_root: Fix single file

This patchset applies to klibc mainline. As is it will probably collide with Maximilian's recent patch to rename run-init to switch_root posted last week. To boot an untrusted environment with certain capabilities locked out, we'd like to be able to drop the capabilities up front from early userspace, before we actually transition onto the root volume. This patchset implements this by

hello, Preparing my first klibc maintainenace release. :) My plan is to have the patches cook in klibc-queue and once everythings is fine deploy them in the main klibc repo. Please test/review belows patches. I plan to release the current queue really soon for klibc 1.5.20 due to the urgent ipconfig fixes. For now you find my patch queue on:

Hi I had some doubts regarding what all the init application should do: >> so, that should that application do? >> - mount /dev/hda1 /new-root >> - cd /new-root >> - run-init 1. Of what I understand, before exitting, init should mount the realroot and execute the init process. Is realroot the '/' or the empty directory created (in the cpio archive) ?

Hi, Here's a try at writing an initramfs HOWTO. This is basically a write-up of a number of interesting emails I collected over time. It could probably use an editor, more fact-checking and a bunch of other good things, but it should be better than nothing ;-) Daniel -------------- next part -------------- INITRAMFS HOWTO 0) What are klibc and initramfs? Initramfs is a ramfs into which

Hello, I was using a bunch of cpios in initramfs as a working system, and wondering why the unused files weren't being paged out to swap. So I reread ramfs-rootfs-initramfs.txt and now I know. So I wrote the attached utility. It creates a tmpfs, moves all files on the initramfs, moves / and executes the real init. It works, even with hardlinks, but it isn't the correct approach. Have

Unlink files, symlinks, FIFOs, devices etc. (except directories) before writing them when extracting CPIOs. This stops weird behaviour like: 1) writing through symlinks created in earlier CPIOs. eg foo->bar in the first CPIO. Having foo as a non-link in a subsequent CPIO, results in bar being written and foo remaining as a symlink. 2) if the first version of file foo is larger

The following patch unlinks (deletes) files, symlinks, FIFOs, devices etc before writing them when extracting CPIOs. It doesn't delete directories. This stops weird behaviour like: 1) writing through symlinks created in earlier CPIOs. eg foo->bar in the first CPIO. Having foo as a non link in a subsequent CPIO, results in bar being written and foo remaining as a symlink. 2)

According to "initramfs buffer format -- third draft" http://lwn.net/2002/0117/a/initramfs-buffer-format.php3 "the cpio "TRAILER!!!" entry (cpio end-of-archive) is optional, but is not ignored" The kernel handling does not follow this spec. If you add null padding after an uncompressed cpio without TRAILER!!! the kernel complains "no cpio magic". In a

If I use smbclient to create a tar file at /dev/null, it skips most of the steps. This behavior If I type something like this: smbclient '\\puffin\c$' -U 'amanda%password' -E -d1 -Tca /dev/null '/Kathy/DATA/2120 WNmod/*' I receive the following message: Output is /dev/null, assuming dry_run source/client/clitar.c: if (tar_type=='c' && (dry_run ||

The generator can skip a directory's contents altogether due to --ignore-non-existing, a daemon exclude, or a mkdir failure. On a --dry-run, the generator can also note the missingness of a directory while still scanning its contents. These two scenarios were conflated using a single set of missing_below/missing_dir variables in combination with transient increments in dry_run; this caused

Operating System: OpenVMS ALPHA V7.3 Compiler: Compaq C T6.5 Compiler switches: /WARN=ENABLE=(LEVEL4, QUESTCODE) syscall.c is missing the "const" qualifiers for several of it's functions. This patch should supercede the previous patch I submitted. This was discovered while working on resovling the conflicts between signed and unsigned values. -John wb8tyw@qsl.network Personal

On Sat, 7 Nov 2015, Fred Smith wrote: >On Fri, Nov 06, 2015 at 07:23:59PM -0800, Gordon Messmer wrote: >>On 11/06/2015 06:30 PM, Jobst Schmalenbach wrote: >>>What troubles me that a simple restart of the daemon fixes everything but it does not come up on reboot. >> >>Running the service script manually may not give you the same >>selinux context as on boot.

In case anyone else is trying to make this work, here is what I did (Before 0.7.4 I had patched the regex in zentest redgreen, but that is not used any more) To use directly, it is very simple. In rspec_autotest/lib/ rspec_autotest.rb, add a -c to the spec_command in the initializer function: @spec_command = "spec -c --diff unified" This won''t help however if you want