On Tue, Apr 26, 2011 at 05:12:49PM +0200, Marco d'Itri wrote: > On Apr 26, rleigh <rle...@codelibre.net> wrote: > > > > -mount -t tmpfs -o nodev,noexec,nosuid,mode=0755 none /run > > > +mount -t tmpfs -o "nosuid,size=20%,mode=0755" tmpfs /run > Why does /run should not be noexec?
If /run/shm is also on /run (not a separate mount), it needs to be
executable. If they are separate mounts, it does add the noexec
option back:
[mountkernfs.sh]
# If /run/shm is separately mounted, /run can be safely mounted noexec.
RUNEXEC=
if [ yes = "$RAMSHM" ] || read_fstab_entry /run/shm tmpfs; then
RUNEXEC=',noexec'
fi
# TODO: Add -onodev once checkroot no longer creates a device node.
domount "$MNTMODE" tmpfs shmfs /run tmpfs "-onosuid$RUNEXEC$RUN_OPT"
> > I've added the block above because we can't make an upload of sysvinit/
> > initscripts to unstable until we have an updated initramfs-tools in
> > unstable, or else udev will break. Therefore in order to have a smooth
> Yes, if /run exists in the initramfs then it needs to be moved to the
> root filesystem.
This is being done by initramfs-tools, and it's working nicely AFAICT.
> > Marco, have you tested this upgrade path? That is /run in the
> > initramfs and no /run on the rootfs? Is udev checking for that and
> No, but if the database is not copied to the initramfs then LVM will be
> annoyed.
Which database is this? Is this something that the LVM scripts need
updating to handle?
> > not using /run in this scenario (or moving the files from /run to
> > /dev/.udev)? We will need to cope with this for a brief transitional
> > period when initramfs-tools is updated and initscripts is not.
> The udev initscript cannot know if there was a /run/udev in the
> initramfs and it was lost.
> Right now I can't see how to work around this.
> If there is no /run in the initramfs then /dev/.udev/ will be used, and
> since udev 167-3 the udev init script will move it to /run/udev/ (as
> long as /run is a mount point, check the init script).
I just sent a separate mail after doing some testing. The current logic
in 168-1 does appear to move /run/udev (initramfs) to /dev/.udev when
/run is not present on the host. Looks good to me.
Regards,
Roger
--
.''`. Roger Leigh
: :' : Debian GNU/Linux http://people.debian.org/~rleigh/
`. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/
`- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
signature.asc
Description: Digital signature
