On Thu, 2007-07-19 at 15:56 +0200, Bodo Eggert wrote: > On Wed, 18 Jul 2007, Rob Landley wrote: > > On Friday 13 July 2007 2:56:00 pm Bodo Eggert wrote: > > > > I toyed with setting up a diskless system in initramfs. In the process, I > > > came across some things: > > > > > > 1) There is no way to have the kernel not mount a filesystem, > > > unless you use /init or rdinit=. > > > > Er, yes. By design. > > > > The kernel has to run an init program in order to hand off control to > > userspace. In initramfs, this is defined as /init. It looks in exactly > > one > > documented place. > > > > The older root= mechanism fell back to a half-dozen places (eventually > > trying > > things like /bin/sh if it couldn't find anything else). This is because > > there wasn't a documented standard for what should be executed, like there > > is > > with initramfs. > > Ever since I started using linux in 1997, the first program to run from an > installed system was /sbin/init. (I might think about removing the other > paths.) > > The ramfs' /init was intended for system setup, which is a separate job. > It is not intended to be the program running the system. Mixing those two > up just does not feel right. Setting root= in order to change the root > directory is much more natural. > > > > 1a) In the process of writing these patches, I found prepare_namespace not > > > to be called if /init is present. prepare_namespace will call > > > security_sb_post_mountroot after mounting the root fs. I did not yet > > > see a way to call this from /init, and grepping kinit for "security" did > > > not help, too. > > > > I don't use selinux. I'm neither a Fortune 500 company nor the NSA. > > That's no reason for keeping bugs in that part. > > > However, if you don't trust your own initramfs, where everything starts out > > running as root, you have bigger problems. > > Using that argument, you can deduce that nobody would need selinux at all. > Obviously some people disagree, and maybe some of them are no fools, > therefore we should try to DTRT for them and do the callback when it's > supposed to happen.
Not wanting to get into any flamewars here about selinux, but just FYI: security_sb_post_mountroot is obsolete and can be removed without harm to selinux; it is a leftover of selinux before we moved the initial policy load to userspace. These days, initial policy load is done by /sbin/init in most distros that support selinux, although I'd prefer to do it earlier from the initramfs (the Fedora folks didn't like that idea though at the time, so /sbin/init got patched instead - but that was back in 2003, so maybe things have changed). -- Stephen Smalley National Security Agency - To unsubscribe from this list: send the line "unsubscribe linux-kernel" in the body of a message to [EMAIL PROTECTED] More majordomo info at http://vger.kernel.org/majordomo-info.html Please read the FAQ at http://www.tux.org/lkml/
