The kernel now looks for 'tmpfs' in the value of the rootfstype
parameter, and uses either ramfs or tmpfs for the initramfs depending
on that.
We should allow 'tmpfs' to appear, but not pass it down to the fsck
and mount commands. So filter it out of the value of $ROOTFSTYPE.
Signed-off-by: Ben Hutchings <benh@debian.org>
If the kernel command line has `ip=` in it, it is arguable that
configure_networking should be run.
Add `qemu-net` autopkgtest to test the behavior for several values of
the `ip=` cmdline parameter.
Closes: #789067
LP: #1463846
Signed-off-by: Benjamin Drung <benjamin.drung@canonical.com>
If the busybox-static package is installed, the modprobe implementation
used will be the one from busybox, which behaves slightly differently.
Specifically, the busybox implementation does not support `install`
commands from modprobe.d conf files:
https://git.busybox.net/busybox/tree/modutils/modprobe.c?h=1_31_stable#n279
Since mkinitramfs already ensures that /sbin/modprobe is copied into
/sbin for the initrd, it is safe to fully-qualify the modprobe call and
never invoke the busybox version.
In some old shell versions, string comparisons in [ ... ] could go
wrong if the first argument began with certain characters. It has
been common practice to avoid this problem by prefixing both sides
with 'x'.
bash and dash have not had this problem for well over a decade, so
clean this up.
Further details are at <https://www.shellcheck.net/wiki/SC2268>.
Signed-off-by: Ben Hutchings <benh@debian.org>
Generalize the elapsed time tracking in local-top so that it can be used
elsewhere. This requires some additional quoting in local_device_setup()
comparisons to pass shellcheck.
Now that the reference time is recorded earlier (in init vs. local-top),
the rootdev wait time will now be reduced by however long it it takes to
process init-premount. The belief is that our wait time is sufficiently
long for that to be negligible. Also, this could potentially break any
local-top scripts that use $local_top_time directly. A survey of
the current packages in sid shows no packages that contain a file under
/usr/share/initramfs-tools/scripts/local-top/ that contain "local_top_time".
Signed-off-by: dann frazier <dannf@debian.org>
This partially reverts commit eb98d2ea110b "init: /dev can be noexec
and /run nodev". The noexec option broke v86d (which we have a
specific workaround for), and could also be a problem for SGX support
in future.
Using noexec here doesn't provide a security benefit in a default
Debian configuration, since there are other writable directories on
filesystems not mounted with this option. Those are also writable by
all users, not just uid 0.
The mount options can be overridden by an entry for /dev in /etc/fstab
(at least when booting with systemd).
References: https://lore.kernel.org/linux-sgx/20201209000321.GA62845@kernel.org/T/
Signed-off-by: Ben Hutchings <benh@debian.org>
Negative timeout values are treated by the kernel as "reboot
immediately" and 0 is treated as "wait forever". Emulate this
behaviour in the panic() function.
Treat invalid (non-numeric) values the same as 0, which seems to match
what the kernel does. Previously we would ignore them completely and
open a shell as normal.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
These all seem to be harmless in practice, as the parameter values
should not contain metacharacters.
In _checkfs_once() *do not* quote $spinner or $force; if these
are empty then we do not want to add arguments for them. Add a
comment to suppress the warning.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
v86d currently maps parts of /dev/mem as executable, even though it
may use an emulator. For now, only mount /dev with the "noexec"
option if it's not present.
Closes: #940171
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This reverts commit 9f7bb9c72b5a50c0fbcd5f501072d3ff5aab91c4. All the
keyword=value forms for block device naming are now handled in
resolve_device.
Related-to: #944777
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
/run/initramfs contains a log file from fsck of root file system,
which could perhaps contain sensitive information, for example if
/home or /var are also located there and fsck is triggered.
Let's tighten the permissions to 0700.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
/dev used to be mounted with "exec" flag due to /dev/MAKEDEV script
but that's history and it's now located in /sbin. mmap() with file
descriptor to "/dev/zero" (instead of modern mmap(,,,MAP_ANON...))
will still work.
There's no reason to have (char/block) device nodes in /run, so let's
mount it with "nodev". This does not affect sockets, fifos etc.
Signed-off-by: Topi Miettinen <toiwoton@gmail.com>
When testing the pending changes to fix unsafe shell usage, I found
that the "resume" variable is unset if resume is disabled. This
results in an error in the resume script if it's changed to
require that "resume" is set.
Conversely, "noresume" variable is not set if resume is enabled.
Set it to an empty string in that case. Also, unset it before
exec'ing the real init system.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Sometimes globbing and word splitting is wanted. Therefore explicitly
disable the check for these line.
Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
shellcheck found more issues than SC1074. Address most of these issues.
You can check the shell code by running:
```
shellcheck -e SC1090,SC1091 -s dash hook-functions $(find * -type f
\( -executable ! -name rules -o -regex '.*\.\(post\|pre\).*'
-o -regex "^\(docs\|scripts\)/.*" ! -name '*.md' \))
```
Signed-off-by: Benjamin Drung <benjamin.drung@cloud.ionos.com>
Using 10% of RAM for /run is a good default, but not suitable for all
systems. 10% might be too small for system with less memory (e.g.
virtual machine with 160 MiB RAM) or too big (VM host with 256/512 GiB
RAM). A too small /run partition leads to not enough space on it. If the
/run partition is huge, systemd's journald will consume lot of memory,
because it defaults to using at most 15% of the respective file system
of /run/log/journal.
Adjusting the size of /run via an entry in /etc/fstab is not sufficient
since journald calculates it limits before systemd remounts /run with
the small size. Therefore journald could occupy the full /run partition
with its logs.
Allow specifying the size of /run by adding a RUNSIZE configuration
variable and a initramfs.ramsize= boot argument. Mounting /run must be
done after reading the configuration.
Closes: #862013
Signed-off-by: Benjamin Drung <benjamin.drung@profitbricks.com>
When using the initramfs for kdump, the screen might already contain
text. Without clearing the screen, the output of the initramfs will
overwrite the screen only partially with old text staying on the screen.
Thus add a kernel option 'initramfs.clear' to clear the screen at the
beginning.
Closes: #856929
Signed-off-by: Benjamin Drung <benjamin.drung@profitbricks.com>
The rootdelay parameter used to be important as a workaround for our
crappy device scanning. It's less widely needed now but still needed
for some md-RAID configurations.
The delay used to be implemented in udev's init-top script, but was
removed from there in Debian version 220-4 and the systemd maintainers
do not want to restore it. So implement it in init, where it probably
always should have been.
I would like to un-export ROOTDELAY now, but several other packages
use it to control their own delay or polling. For now, document it as
deprecated. To avoid doubling the delay when using an older udev,
make mkinitramfs patch it out of the udev init-top script.
Closes: #809740
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Signed-off-by: Andy Whitcroft <apw@ubuntu.com>
[bwh: Use shell to parse command line as klibc-utils doesn't include grep]
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Currently 'run-init -n' will fail if there's no static /dev/console on
the real root. We have to run it after udev's init-bottom script has
moved /dev to ${rootmnt}/dev.
Closes: #811479
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
validate_init tries to resolve symlinks, but we can't do it properly
without chroot'ing to the real root. Rather than running readlink
from the real system, use the new run-init -n option.
Closes: #810965
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
The proposed renaming of run-init to switch_root in klibc never happened.
switch_root is only ever provided by busybox. We're about to add a further
dependency on run-init, so always use that.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
In order to support usrmerge, we must always mount /usr before we
can even check whether the selected init program is executable.
We can no longer make this conditional on whether it's systemd.
Add Breaks relationships to initscripts (versioned) and upstart
(unversioned).
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Since we now invoke blkid to resolve block device IDs rather than
relying on symlinks under /dev/disk, resolve_device just doesn't work
until the specified device exists. So we need to use it in the
multiple existence checks in local_device_setup, and nowhere else.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Redirect if debug and netconsole are both set in command line options.
The redirecting code is added in both debug and netconsole entry to
make the redirection as early as possible.
Debug info saving to file feature is still available if 'debug' is set
but 'netconsole' is not set in command line options.
Original idea was from Ian's post:
http://www.hellion.org.uk/blog/posts/debugging-initramfs-over-netconsole/
Signed-off-by: Roger Shimizu <rogershimizu@gmail.com>
Signed-off-by: Ian Campbell <ijc@debian.org>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Insmod netconsole before calling "load_modules" routine, which loads
all specified modules. Because "load_modules" merely uses the module
param in /etc/initramfs-tools/modules.
This makes it possible to set netconsole param in command line options.
Signed-off-by: Roger Shimizu <rogershimizu@gmail.com>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This is also fixing the fact that fsckfix parameter was not honored
Note that -n is apparently not supported by fsck.minix
Closes: #783410, #792557
Signed-off-by: Laurent Bigonville <bigon@bigon.be>
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
busybox sh and klibc dash have different default values for $PATH
which could affect which could affect which commands we run later.
klibc dash also does not export $PATH, and this means we fail to
run fsck - it is executed indirectly through logsave, and logsave
cannot find it.
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
initscripts doesn't work with /usr already mounted. Other init
systems might not either.
Closes: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
This is limited to a single level of symlinks, but that should be
good enough.
Remove the use of chroot - that makes no difference to reading a
symlink; it would only be useful if applied to the [ -x ].
Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
If /sbin/init is executable then we would ignore that $init was
invalid, without actually setting init=/sbin/init.
$init is initialised to /sbin/init, so don't skip the error
message if it's empty.
Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
Unfortunately, it appears we will need to know this to decide
whether or not to mount /usr.
Related-to: #763157
Signed-off-by: Ben Hutchings <ben@decadent.org.uk>
