diff options
author | Anton Gerasimov <anton@advancedtelematic.com> | 2016-10-04 14:42:42 +0200 |
---|---|---|
committer | Anton Gerasimov <anton@advancedtelematic.com> | 2016-10-04 14:42:42 +0200 |
commit | 689d2a8e825b3fc77bd4671f2c0597d2de5f0fdf (patch) | |
tree | 50da6e3b59d6e112c15eabd2a3d675d7334ab4ab /meta-sota/recipes-sota/ostree-initrd | |
parent | 46b4d2dd4a44de0588426d69168415af3e01acac (diff) |
Tuned initrd image and pseudo environment to fix bugs with extended
security attributes.
Bug-AGL: SPEC-259
Change-Id: I44499ce3f5f1924aecf63689a93d1f20e779225e
Signed-off-by: Anton Gerasimov <anton@advancedtelematic.com>
Diffstat (limited to 'meta-sota/recipes-sota/ostree-initrd')
-rw-r--r-- | meta-sota/recipes-sota/ostree-initrd/files/init.sh | 84 | ||||
-rw-r--r-- | meta-sota/recipes-sota/ostree-initrd/ostree-initrd.bb | 19 |
2 files changed, 103 insertions, 0 deletions
diff --git a/meta-sota/recipes-sota/ostree-initrd/files/init.sh b/meta-sota/recipes-sota/ostree-initrd/files/init.sh new file mode 100644 index 0000000..5aa99d6 --- /dev/null +++ b/meta-sota/recipes-sota/ostree-initrd/files/init.sh @@ -0,0 +1,84 @@ +#!/bin/sh + +# global variables + +SMACK=n +DEBUG=n + +# ------------------------------------------- + +log_info() { echo "$0[$$]: $@" >&2; } +log_error() { echo "$0[$$]: ERROR $@" >&2; } + +do_mount_fs() { + log_info "mounting FS: $@" + [[ -e /proc/filesystems ]] && { grep -q "$1" /proc/filesystems || { log_error "Unknown filesystem"; return 1; } } + [[ -d "$2" ]] || mkdir -p "$2" + [[ -e /proc/mounts ]] && { grep -q -e "^$1 $2 $1" /proc/mounts && { log_info "$2 ($1) already mounted"; return 0; } } + mount -t "$1" "$1" "$2" +} + +bail_out() { + log_error "$@" + log_info "Rebooting..." + #exec reboot -f + exec sh +} + +get_ostree_sysroot() { + for opt in `cat /proc/cmdline`; do + arg=`echo $opt | cut -d'=' -f1` + if [ $arg == "ostree_root" ]; then + echo $opt | cut -d'=' -f2 + return + fi + done +} + +export PATH=/sbin:/usr/sbin:/bin:/usr/bin + +log_info "starting initrd script" + +do_mount_fs proc /proc +do_mount_fs sysfs /sys +do_mount_fs devtmpfs /dev +do_mount_fs devpts /dev/pts +do_mount_fs tmpfs /dev/shm +do_mount_fs tmpfs /tmp +do_mount_fs tmpfs /run + +# check if smack is active (and if so, mount smackfs) +grep -q smackfs /proc/filesystems && { + SMACK=y + + do_mount_fs smackfs /sys/fs/smackfs + + # adjust current label and network label + echo System >/proc/self/attr/current + echo System >/sys/fs/smackfs/ambient +} + +mkdir -p /sysroot +ostree_sysroot=$(get_ostree_sysroot) + +mount $ostree_sysroot /sysroot || bail_out "Unable to mount $ostree_sysroot as physical sysroot" +ostree-prepare-root /sysroot + +# move mounted devices to new root +cd /sysroot +for x in dev proc; do + log_info "Moving /$x to new rootfs" + mount -o move /$x $x +done + +# switch to new rootfs +log_info "Switching to new rootfs" +mkdir -p run/initramfs + +pivot_root . run/initramfs || bail_out "pivot_root failed." + +log_info "Launching target init" + +exec chroot . sh -c 'umount /run/initramfs; exec /sbin/init' \ + <dev/console >dev/console 2>&1 + diff --git a/meta-sota/recipes-sota/ostree-initrd/ostree-initrd.bb b/meta-sota/recipes-sota/ostree-initrd/ostree-initrd.bb new file mode 100644 index 0000000..5c85bee --- /dev/null +++ b/meta-sota/recipes-sota/ostree-initrd/ostree-initrd.bb @@ -0,0 +1,19 @@ +SUMMARY = "Extremely basic live image init script" +LICENSE = "MIT" +LIC_FILES_CHKSUM = "file://${COREBASE}/meta/COPYING.MIT;md5=3da9cfbcb788c80a0384361b4de20420" +SRC_URI = "file://init.sh" + +S = "${WORKDIR}" + +do_install() { + install -dm 0755 ${D}/etc + touch ${D}/etc/initrd-release + install -dm 0755 ${D}/dev + install -dm 0755 ${D}/sbin + install -m 0755 ${WORKDIR}/init.sh ${D}/sbin/init +} + +inherit allarch + +FILES_${PN} += " /dev /etc/initrd-release /sbin/init " + |