[PATCH v2 11/15] gen_init_cpio: add newcx format

Add "newcx" format that supports extended attributes and has increased size of c_mtime and c_filesize fields. Added -x option to select "newcx" format. Default is "newc". Refer to Documentation/early-userspace/buffer-format.txt for detailed format description. S

[PATCH v2 08/15] initramfs: add newcx format

Add 'newcx' format that adds extended attributes and increased size of c_mtime and c_filesize fields. Refer to Documentation/early-userspace/buffer-format.txt for detailed format description. Signed-off-by: Taras Kondratiuk --- init/initra

[PATCH v2 10/15] gen_init_cpio: move header formatting into function

CPIO header is generated in multiple places with the same sprintf() format string. Move formatting into a single function in preparation to adding a new cpio format. Signed-off-by: Taras Kondratiuk --- usr/gen_init_cpio.c | 186 ++-- 1 file

[PATCH v2 09/15] initramfs: set extended attributes

xattrs for symbolic links by using sys_lsetxattr() instead of sys_setxattr()] Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 57 +++- 1 file changed, 52 insertions(+), 5

[PATCH v2 13/15] gen_initramfs_list.sh: add -x option to enable newcx format

From: Mimi Zohar -x option populates extended attributes in cpio_list file passed to get_init_cpio and selects newcx CPIO format. Signed-off-by: Mimi Zohar Signed-off-by: Taras Kondratiuk --- scripts/gen_initramfs_list.sh | 13 - usr/Kconfig | 11

[PATCH v2 03/15] initramfs: store file name in name_buf

There is already name_buf buffer pre-allocated for a file name. No need to allocate vcollected for every file. More over a name can be already stored in name_buf by read_info() function. Add memcpy_optional() function to handle such case. Signed-off-by: Taras Kondratiuk --- init/initramfs.c

[PATCH v2 06/15] initramfs: separate reading cpio method from header

From: Mimi Zohar In preparation for adding xattr support, read the CPIO method separately from the rest of the header. Signed-off-by: Mimi Zohar Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 15 +++ 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/init

[PATCH v2 12/15] gen_init_cpio: set extended attributes for newcx format

Plain string variant would be easier to read, but special symbols have to be escaped. Hex encoding is much simpler. Signed-off-by: Taras Kondratiuk --- usr/gen_init_cpio.c | 142 +++- 1 file changed, 119 insertions(+), 23 deletions(-) diff --git a/u

[PATCH v2 00/15] extend initramfs archive format to support xattrs

s Mimi Zohar (3): initramfs: separate reading cpio method from header initramfs: set extended attributes gen_initramfs_list.sh: add -x option to enable newcx format Taras Kondratiuk (10): Documentation: add newcx initramfs format description initramfs: replace states with function pointers initr

[PATCH v2 04/15] initramfs: remove unnecessary symlinks processing shortcut

and destination in symlink_buf. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 29 + 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index b6ee675e5cdb..d0ab7ad6ac05 100644 --- a/init/initramfs.c +++ b/init

[PATCH v2 05/15] initramfs: move files creation into separate state

Move most of the file creation logic into a separate state. This splits collection of data stage from data processing and makes it easier to add additional states for a new archive format. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 52

[PATCH v2 15/15] selinux: delay sid population for rootfs till init is complete

From: Victor Kamensky With initramfs cpio format that supports extended attributes we need to skip sid population on sys_lsetxattr call from initramfs for rootfs if security server is not initialized yet. Otherwise callback in selinux_inode_post_setxattr will try to translate give security.selin

[PATCH v2 01/15] Documentation: add newcx initramfs format description

size to have usec precision and more than 32-bit of seconds. - removed unused checksum field. Signed-off-by: Taras Kondratiuk Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky --- Documentation/early-userspace/buffer-format.txt | 46 ++--- 1 file changed, 41 ins

[PATCH v2 14/15] selinux: allow setxattr on rootfs so initramfs code can set them

From: Victor Kamensky initramfs code supporting extended cpio format have ability to fill extended attributes from cpio archive, but if SELinux enabled and security server is not initialized yet, selinux callback would refuse setxattr made by initramfs code. Solution enable SBLABEL_MNT on rootfs

[PATCH v2 02/15] initramfs: replace states with function pointers

with their action function pointers. No behaviour change. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 73 +--- 1 file changed, 32 insertions(+), 41 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index 7e99a00

[PATCH v2 07/15] initramfs: split header layout information from parsing function

numbers. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 122 +-- 1 file changed, 92 insertions(+), 30 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index b3d39c8793be..7f0bbfde94e3 100644 --- a/init/initramfs.c +++ b/init

Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description

Quoting Arnd Bergmann (2018-01-25 01:29:12) > On Thu, Jan 25, 2018 at 4:27 AM, Taras Kondratiuk wrote: > > Many of the Linux security/integrity features are dependent on file > > metadata, stored as extended attributes (xattrs), for making decisions. > > These features n

Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description

Quoting Arnd Bergmann (2018-01-25 13:02:49) > On Thu, Jan 25, 2018 at 9:26 PM, Taras Kondratiuk wrote: > > > For initramfs nanoseconds field can be ignored during > > unpacking. > > That sounds like a pointless microoptimization. Most likely we won't ever > need

Re: [PATCH v2 11/15] gen_init_cpio: add newcx format

Quoting Rob Landley (2018-01-25 18:40:25) > On 01/24/2018 09:27 PM, Taras Kondratiuk wrote: > > diff --git a/usr/gen_init_cpio.c b/usr/gen_init_cpio.c > > index 7a2a6d85345d..78a47a5bdcb1 100644 > > --- a/usr/gen_init_cpio.c > > +++ b/usr/gen_init_cpio.c > >

Re: [PATCH v2 01/15] Documentation: add newcx initramfs format description

Quoting Rob Landley (2018-01-25 18:40:54) > On 01/24/2018 09:27 PM, Taras Kondratiuk wrote: > > diff --git a/Documentation/early-userspace/buffer-format.txt > > b/Documentation/early-userspace/buffer-format.txt > > index e1fd7f9dad16..d818df4f72dc 100644 > > --- a/Do

[PATCH v3 13/14] selinux: allow setxattr on rootfs so initramfs code can set them

From: Victor Kamensky initramfs code supporting extended cpio format have ability to fill extended attributes from cpio archive, but if SELinux enabled and security server is not initialized yet, selinux callback would refuse setxattr made by initramfs code. Solution enable SBLABEL_MNT on rootfs

[PATCH v3 00/15] extend initramfs archive format to support xattrs

ries Mimi Zohar (3): initramfs: separate reading cpio method from header initramfs: set extended attributes gen_initramfs_list.sh: add -x option to enable newcx format Taras Kondratiuk (10): Documentation: add newcx initramfs format description initramfs: replace states with function poin

[PATCH v3 13/15] gen_initramfs_list.sh: add -x option to enable newcx format

From: Mimi Zohar -x option populates extended attributes in cpio_list file passed to get_init_cpio and selects newcx CPIO format. Signed-off-by: Mimi Zohar Signed-off-by: Taras Kondratiuk --- scripts/gen_initramfs_list.sh | 13 - usr/Kconfig | 11

[PATCH v3 12/14] gen_initramfs_list.sh: add -x option to enable newcx format

From: Mimi Zohar -x option populates extended attributes in cpio_list file passed to get_init_cpio and selects newcx CPIO format. Signed-off-by: Mimi Zohar Signed-off-by: Taras Kondratiuk --- scripts/gen_initramfs_list.sh | 13 - usr/Kconfig | 11

[PATCH v3 15/15] selinux: delay sid population for rootfs till init is complete

From: Victor Kamensky With initramfs cpio format that supports extended attributes we need to skip sid population on sys_lsetxattr call from initramfs for rootfs if security server is not initialized yet. Otherwise callback in selinux_inode_post_setxattr will try to translate give security.selin

[PATCH v3 14/14] selinux: delay sid population for rootfs till init is complete

From: Victor Kamensky With initramfs cpio format that supports extended attributes we need to skip sid population on sys_lsetxattr call from initramfs for rootfs if security server is not initialized yet. Otherwise callback in selinux_inode_post_setxattr will try to translate give security.selin

[PATCH v3 14/15] selinux: allow setxattr on rootfs so initramfs code can set them

From: Victor Kamensky initramfs code supporting extended cpio format have ability to fill extended attributes from cpio archive, but if SELinux enabled and security server is not initialized yet, selinux callback would refuse setxattr made by initramfs code. Solution enable SBLABEL_MNT on rootfs

[PATCH v3 11/15] gen_init_cpio: add newcx format

Add "newcx" format that supports extended attributes and has increased size of c_mtime and c_filesize fields. Added -x option to select "newcx" format. Default is "newc". Refer to Documentation/early-userspace/buffer-format.txt for detailed format description. S

[PATCH v3 08/15] initramfs: add newcx format

Add 'newcx' format that adds extended attributes and increased size of c_mtime and c_filesize fields. Refer to Documentation/early-userspace/buffer-format.txt for detailed format description. Signed-off-by: Taras Kondratiuk --- init/initram

[PATCH v3 09/15] initramfs: set extended attributes

xattrs for symbolic links by using sys_lsetxattr() instead of sys_setxattr()] Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 57 +++- 1 file changed, 52 insertions(+), 5

[PATCH v3 12/15] gen_init_cpio: set extended attributes for newcx format

Plain string variant would be easier to read, but special symbols have to be escaped. Hex encoding is much simpler. Signed-off-by: Taras Kondratiuk --- usr/gen_init_cpio.c | 144 +++- 1 file changed, 121 insertions(+), 23 deletions(-) diff --git a/u

[PATCH v3 10/15] gen_init_cpio: move header formatting into function

CPIO header is generated in multiple places with the same sprintf() format string. Move formatting into a single function in preparation to adding a new cpio format. Signed-off-by: Taras Kondratiuk --- usr/gen_init_cpio.c | 186 ++-- 1 file

[PATCH v3 07/15] initramfs: split header layout information from parsing function

numbers. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 122 +-- 1 file changed, 92 insertions(+), 30 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index b3d39c8793be..7f0bbfde94e3 100644 --- a/init/initramfs.c +++ b/init

[PATCH v3 06/15] initramfs: separate reading cpio method from header

From: Mimi Zohar In preparation for adding xattr support, read the CPIO method separately from the rest of the header. Signed-off-by: Mimi Zohar Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 15 +++ 1 file changed, 11 insertions(+), 4 deletions(-) diff --git a/init

[PATCH v3 05/15] initramfs: move files creation into separate state

Move most of the file creation logic into a separate state. This splits collection of data stage from data processing and makes it easier to add additional states for a new archive format. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 52

[PATCH v3 03/15] initramfs: store file name in name_buf

There is already name_buf buffer pre-allocated for a file name. No need to allocate vcollected for every file. More over a name can be already stored in name_buf by read_info() function. Add memcpy_optional() function to handle such case. Signed-off-by: Taras Kondratiuk --- init/initramfs.c

[PATCH v3 04/15] initramfs: remove unnecessary symlinks processing shortcut

and destination in symlink_buf. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 29 + 1 file changed, 13 insertions(+), 16 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index b6ee675e5cdb..d0ab7ad6ac05 100644 --- a/init/initramfs.c +++ b/init

[PATCH v3 01/15] Documentation: add newcx initramfs format description

ze to have 64 bits of seconds and added a field for nanoseconds - removed unused checksum field Signed-off-by: Taras Kondratiuk Signed-off-by: Mimi Zohar Signed-off-by: Victor Kamensky --- Documentation/early-userspace/buffer-format.txt | 46 ++--- 1 file changed, 41 ins

[PATCH v3 02/15] initramfs: replace states with function pointers

with their action function pointers. No behaviour change. Signed-off-by: Taras Kondratiuk --- init/initramfs.c | 73 +--- 1 file changed, 32 insertions(+), 41 deletions(-) diff --git a/init/initramfs.c b/init/initramfs.c index 7e99a00

Re: [PATCH v3 01/15] Documentation: add newcx initramfs format description

Quoting h...@zytor.com (2018-02-16 16:00:36) > On February 16, 2018 1:47:35 PM PST, Victor Kamensky > wrote: > > > > > >On Fri, 16 Feb 2018, Rob Landley wrote: > > > >> > >> On 02/16/2018 02:59 PM, H. Peter Anvin wrote: > >>> On 02/1